3bb744e818
- edk2-OvmfPkg-Use-the-OvmfPkg-version-of-CcProbeLib.patch [RHEL-70865] - edk2-Update-dbx-revocation-list-to-2025-02-24-version.patch [RHEL-83019] - Resolves: RHEL-70865 (SNP guest failed to boot with SVSM using OVMF.amdsev.fd [rhel-9.7]) - Resolves: RHEL-83019 (The newer revocation file and Server 2025 required to update it [rhel-9])
171 lines
8.3 KiB
Diff
171 lines
8.3 KiB
Diff
From 622885419f4cbfaf6e8f18431660d1aa8710e257 Mon Sep 17 00:00:00 2001
|
|
From: Tom Lendacky <thomas.lendacky@amd.com>
|
|
Date: Wed, 8 Jan 2025 12:22:43 -0600
|
|
Subject: [PATCH 1/2] OvmfPkg: Use the OvmfPkg version of CcProbeLib
|
|
|
|
RH-Author: Oliver Steffen <osteffen@redhat.com>
|
|
RH-MergeRequest: 89: OvmfPkg: Use the OvmfPkg version of CcProbeLib
|
|
RH-Jira: RHEL-70865
|
|
RH-Acked-by: Luigi Leonardi <None>
|
|
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
RH-Commit: [1/1] f5ca606121e443ffc3f588630ca24ca07eb99319 (osteffen/edk2)
|
|
|
|
Currently, multiple dsc files within the OvmfPkg directory use the NULL
|
|
version of the CcProbeLib library. However, these packages have support
|
|
for confidential guests (usage of CcExitLib, MemEncrypt{Sev,Tdx}Lib, etc.)
|
|
and should be using the OvmfPkg version of the CcProbeLib.
|
|
|
|
The use of the NULL library causes the PCI option ROM to be enabled, which
|
|
can't be trusted as it originates from the hypervisor. The use of the NULL
|
|
library also causes a KVM hypervisor error when attempting to map/back the
|
|
option ROM region when running an SEV-SNP guest.
|
|
|
|
Update the various dsc files to reference the OvmfPkg version of the
|
|
CcProbeLib library and prevent usage of PCI option ROMs.
|
|
|
|
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
|
|
(cherry picked from commit 8b87eb9dfba054331ed16204f36c4885aefc3c94)
|
|
---
|
|
OvmfPkg/AmdSev/AmdSevX64.dsc | 5 ++++-
|
|
OvmfPkg/CloudHv/CloudHvX64.dsc | 7 ++++++-
|
|
OvmfPkg/Microvm/MicrovmX64.dsc | 5 ++++-
|
|
3 files changed, 14 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
|
index 4edc2a9069..e92f358c0d 100644
|
|
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
|
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
|
@@ -142,7 +142,6 @@
|
|
PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
|
|
PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
|
|
PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
|
|
- CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
|
|
IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
|
|
OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
|
|
SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
|
|
@@ -165,6 +164,7 @@
|
|
VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
|
|
LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
|
|
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
|
|
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf
|
|
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
|
|
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
|
|
FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf
|
|
@@ -231,6 +231,7 @@
|
|
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
|
|
CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
|
|
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
|
|
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
|
|
|
|
[LibraryClasses.common.PEI_CORE]
|
|
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
|
|
@@ -247,6 +248,7 @@
|
|
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
|
|
!endif
|
|
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
|
|
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
|
|
|
|
[LibraryClasses.common.PEIM]
|
|
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
|
|
@@ -276,6 +278,7 @@
|
|
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
|
|
|
|
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
|
|
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
|
|
PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
|
|
|
|
[LibraryClasses.common.DXE_CORE]
|
|
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
|
|
index 542ca013e2..b1d0d7383f 100644
|
|
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
|
|
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
|
|
@@ -159,7 +159,6 @@
|
|
PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
|
|
PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
|
|
PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
|
|
- CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
|
|
IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
|
|
OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
|
|
SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
|
|
@@ -186,6 +185,9 @@
|
|
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
|
|
!if $(SMM_REQUIRE) == FALSE
|
|
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
|
|
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf
|
|
+!else
|
|
+ CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
|
|
!endif
|
|
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
|
|
FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf
|
|
@@ -268,6 +270,7 @@
|
|
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
|
|
CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
|
|
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
|
|
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
|
|
|
|
[LibraryClasses.common.PEI_CORE]
|
|
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
|
|
@@ -284,6 +287,7 @@
|
|
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
|
|
!endif
|
|
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
|
|
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
|
|
|
|
[LibraryClasses.common.PEIM]
|
|
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
|
|
@@ -312,6 +316,7 @@
|
|
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibNull.inf
|
|
|
|
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
|
|
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
|
|
PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
|
|
|
|
[LibraryClasses.common.DXE_CORE]
|
|
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
|
|
index d76fa4269f..02da682ec6 100644
|
|
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
|
|
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
|
|
@@ -162,7 +162,6 @@
|
|
PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
|
|
PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
|
|
PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
|
|
- CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
|
|
IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
|
|
OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
|
|
SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
|
|
@@ -185,6 +184,7 @@
|
|
VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
|
|
LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
|
|
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
|
|
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf
|
|
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
|
|
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
|
|
FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf
|
|
@@ -276,6 +276,7 @@
|
|
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
|
|
CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
|
|
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
|
|
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
|
|
|
|
[LibraryClasses.common.PEI_CORE]
|
|
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
|
|
@@ -292,6 +293,7 @@
|
|
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
|
|
!endif
|
|
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
|
|
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
|
|
|
|
[LibraryClasses.common.PEIM]
|
|
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
|
|
@@ -320,6 +322,7 @@
|
|
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
|
|
|
|
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
|
|
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
|
|
PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
|
|
|
|
[LibraryClasses.common.DXE_CORE]
|
|
--
|
|
2.48.1
|
|
|