On Thu, Jul 18, 2024 at 07:57:27PM GMT, Tom Lendacky wrote: > On 7/16/24 21:30, 韩里洋 wrote: > > Hi Tom, > > > > > > > > > > Thank you for your response. > > > > In fact, I'm unable to proceed with the development of the fix patch > > locally as I don't have a SEV-SNP hardware for experimentation. However, it > > has proven to be crucial for effectively testing and completing the patch. > > > > Given your expertise and potentially available hardware, would your team be > > able to take over the fixing of this issue? (bugzilla: > > https://bugzilla.tianocore.org/show_bug.cgi?id=4807 ) > > Secure Boot is not supported under SEV-ES and SEV-SNP because SMM is > required in order for Secure Boot to be secure.
The other option is initializing the variable store from ROM on each boot. Which implies there are no persistent EFI variables, which has its own set of drawbacks. But this is what the IntelTdx build is doing and AmdSev should be able to do this too. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119980): https://edk2.groups.io/g/devel/message/119980 Mute This Topic: https://groups.io/mt/107212942/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
