From 053e5bc8ca4b4e7f36f7fef4a50afdcb261cfd86 Mon Sep 17 00:00:00 2001 From: Tom Lendacky Date: Mon, 18 Nov 2024 12:59:32 -0600 Subject: [PATCH] OvmfPkg/PlatformPei: Move NV vars init to after SEV-SNP memory acceptance When OVMF is built with the SECURE_BOOT_ENABLE set to true, reserving and initializing the emulated variable store happens before memory has been accepted under SEV-SNP. This results in a #VC exception for accessing memory that hasn't been validated (error code 0x404). The #VC handler treats this error code as a fatal error, causing the OVMF boot to fail. Move the call to ReserveEmuVariableNvStore() to after memory has been accepted by AmdSevInitialize(). Signed-off-by: Tom Lendacky (cherry picked from commit 52fa7e78d282f8434b41aff24b3a5a745611ff87) --- OvmfPkg/PlatformPei/Platform.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c index 05b924f99f..54903cfca2 100644 --- a/OvmfPkg/PlatformPei/Platform.c +++ b/OvmfPkg/PlatformPei/Platform.c @@ -365,10 +365,6 @@ InitializePlatform ( InitializeRamRegions (PlatformInfoHob); if (PlatformInfoHob->BootMode != BOOT_ON_S3_RESUME) { - if (!PlatformInfoHob->SmmSmramRequire) { - ReserveEmuVariableNvStore (); - } - PeiFvInitialization (PlatformInfoHob); MemTypeInfoInitialization (PlatformInfoHob); MemMapInitialization (PlatformInfoHob); @@ -391,5 +387,15 @@ InitializePlatform ( RelocateSmBase (); } + // + // Performed after CoCo (SEV/TDX) initialization to allow the memory + // used to be validated before being used. + // + if (PlatformInfoHob->BootMode != BOOT_ON_S3_RESUME) { + if (!PlatformInfoHob->SmmSmramRequire) { + ReserveEmuVariableNvStore (); + } + } + return EFI_SUCCESS; }