On 4/28/23 03:41, Gerd Hoffmann wrote:
Hi,
I'd have to dig much deeper to see if there's a way to identify whether a
VARS file was specified on the Qemu command line. I *think* (please correct
me if I'm missing something) for SEV and SEV-ES it would be straight forward
to try and access the memory as shared and check the headers. If they're
valid, then a VARS file was specified on the command line and should remain
mapped shared. If they aren't valid, a VARS file wasn't specified and you
have either the full OVMF.fd file or just the OVMF_CODE.fd with memory
backing the VARS that, in either case, should be mapped private.
OVMF_CODE.fd + OVMF_VARS.fd is *identical* to just OVMF.fd, i.e. the
guest will see valid varstore headers in both cases.
It is identical except in how they are mapped. With a split OVMF_CODE.fd /
OVMF_VARS.fd, the OVMF_CODE.fd file is mapped private and the OVMF_VARS.fd
is mapped shared because the hypervisor is updating the contents of
OVMF_VARS.fd. With OVMF.fd, the whole file is mapped private because
updates to the variables are not retained, so the hypervisor isn't
updating the contents.
I'll give the patch below a try in the next day or two.
Thanks,
Tom
The split into code part and vars part allows to (a) easily update the
code without screwing up the vars, and (b) map both with different
properties, i.e. code read-only and vars read/write.
Does the patch below help?
take care,
Gerd
From 3971f9453ded3032f5918dc9d181ecc0b6f97862 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kra...@redhat.com>
Date: Fri, 28 Apr 2023 10:34:23 +0200
Subject: [PATCH 1/1] [testing] try setup mmio in QemuFlashBeforeProbe (dxe)
---
.../QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c
b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c
index d57f7ca25ccf..3a6280ab9c3a 100644
--- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c
+++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c
@@ -37,9 +37,18 @@ QemuFlashBeforeProbe (
IN UINTN FdBlockCount
)
{
- //
- // Do nothing
- //
+ EFI_STATUS Status;
+
+ if (MemEncryptSevIsEnabled ()) {
+ Status = MemEncryptSevClearMmioPageEncMask (
+ 0,
+ BaseAddress,
+ EFI_SIZE_TO_PAGES (FdBlockSize * FdBlockCount)
+ );
+ if (EFI_ERROR(Status)) {
+ DEBUG ((DEBUG_WARN, "%a: MemEncryptSevClearMmioPageEncMask: %r\n",
__func__, Status));
+ }
+ }
}
/**
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#103824): https://edk2.groups.io/g/devel/message/103824
Mute This Topic: https://groups.io/mt/97922617/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
