OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c | 6 +++--- OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf | 1 + 2 files changed, 4 insertions(+), 3 deletions(-)
SECURE_BOOT_FEATURE_ENABLED was dropped by the commit(92da8a154f), but the
PeilessStartupLib was not updated with PcdSecureBootSupported, that made
SecureBoot no longer work in IntelTdxX64.
Fix this by replacing SECURE_BOOT_FEATURE_ENABLED with
PcdSecureBootSupported in PeilessStartupLib.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
---
OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c | 6 +++---
OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf | 1 +
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
index 164aa2d619..1632a23177 100644
--- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
+++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
@@ -82,9 +82,9 @@ InitializePlatform (
VariableStore = PlatformReserveEmuVariableNvStore ();
PlatformInfoHob->PcdEmuVariableNvStoreReserved = (UINT64)(UINTN)VariableStore;
- #ifdef SECURE_BOOT_FEATURE_ENABLED
- PlatformInitEmuVariableNvStore (VariableStore);
- #endif
+ if (FeaturePcdGet (PcdSecureBootSupported)) {
+ PlatformInitEmuVariableNvStore (VariableStore);
+ }
if (TdIsEnabled ()) {
PlatformTdxPublishRamRegions ();
diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
index 7719b5031d..585d504637 100644
--- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
+++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
@@ -83,3 +83,4 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize
+ gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106764): https://edk2.groups.io/g/devel/message/106764
Mute This Topic: https://groups.io/mt/100054785/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On Mon, Jul 10, 2023 at 06:05:39PM +0800, sunceping wrote: > SECURE_BOOT_FEATURE_ENABLED was dropped by the commit(92da8a154f), but the > PeilessStartupLib was not updated with PcdSecureBootSupported, that made > SecureBoot no longer work in IntelTdxX64. > > Fix this by replacing SECURE_BOOT_FEATURE_ENABLED with > PcdSecureBootSupported in PeilessStartupLib. > > Cc: Erdem Aktas <erdemaktas@google.com> > Cc: James Bottomley <jejb@linux.ibm.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Gerd Hoffmann <kraxel@redhat.com> > Cc: Min Xu <min.m.xu@intel.com> > Cc: Tom Lendacky <thomas.lendacky@amd.com> > Cc: Michael Roth <michael.roth@amd.com> > Signed-off-by: Ceping Sun <cepingx.sun@intel.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106765): https://edk2.groups.io/g/devel/message/106765 Mute This Topic: https://groups.io/mt/100054785/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gerd > Hoffmann > Sent: Monday, July 10, 2023 6:36 PM > To: devel@edk2.groups.io; Sun, CepingX <cepingx.sun@intel.com> > Cc: Aktas, Erdem <erdemaktas@google.com>; James Bottomley > <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>; Xu, Min M > <min.m.xu@intel.com>; Tom Lendacky <thomas.lendacky@amd.com>; Michael > Roth <michael.roth@amd.com> > Subject: Re: [edk2-devel] [PATCH V1] OvmfPkg/PeilessStartupLib: Updated with > PcdSecureBootSupported > > On Mon, Jul 10, 2023 at 06:05:39PM +0800, sunceping wrote: > > SECURE_BOOT_FEATURE_ENABLED was dropped by the commit(92da8a154f), > but the > > PeilessStartupLib was not updated with PcdSecureBootSupported, that made > > SecureBoot no longer work in IntelTdxX64. > > > > Fix this by replacing SECURE_BOOT_FEATURE_ENABLED with > > PcdSecureBootSupported in PeilessStartupLib. > > > > Cc: Erdem Aktas <erdemaktas@google.com> > > Cc: James Bottomley <jejb@linux.ibm.com> > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > Cc: Gerd Hoffmann <kraxel@redhat.com> > > Cc: Min Xu <min.m.xu@intel.com> > > Cc: Tom Lendacky <thomas.lendacky@amd.com> > > Cc: Michael Roth <michael.roth@amd.com> > > Signed-off-by: Ceping Sun <cepingx.sun@intel.com> > > Acked-by: Gerd Hoffmann <kraxel@redhat.com> > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106953): https://edk2.groups.io/g/devel/message/106953 Mute This Topic: https://groups.io/mt/100054785/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Reviewed-by: Erdem Aktas <erdemaktas@google.com> On Sun, Jul 16, 2023 at 6:55 PM Yao, Jiewen <jiewen.yao@intel.com> wrote: > > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> > > > -----Original Message----- > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gerd > > Hoffmann > > Sent: Monday, July 10, 2023 6:36 PM > > To: devel@edk2.groups.io; Sun, CepingX <cepingx.sun@intel.com> > > Cc: Aktas, Erdem <erdemaktas@google.com>; James Bottomley > > <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>; Xu, Min M > > <min.m.xu@intel.com>; Tom Lendacky <thomas.lendacky@amd.com>; Michael > > Roth <michael.roth@amd.com> > > Subject: Re: [edk2-devel] [PATCH V1] OvmfPkg/PeilessStartupLib: Updated with > > PcdSecureBootSupported > > > > On Mon, Jul 10, 2023 at 06:05:39PM +0800, sunceping wrote: > > > SECURE_BOOT_FEATURE_ENABLED was dropped by the commit(92da8a154f), > > but the > > > PeilessStartupLib was not updated with PcdSecureBootSupported, that made > > > SecureBoot no longer work in IntelTdxX64. > > > > > > Fix this by replacing SECURE_BOOT_FEATURE_ENABLED with > > > PcdSecureBootSupported in PeilessStartupLib. > > > > > > Cc: Erdem Aktas <erdemaktas@google.com> > > > Cc: James Bottomley <jejb@linux.ibm.com> > > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > > Cc: Gerd Hoffmann <kraxel@redhat.com> > > > Cc: Min Xu <min.m.xu@intel.com> > > > Cc: Tom Lendacky <thomas.lendacky@amd.com> > > > Cc: Michael Roth <michael.roth@amd.com> > > > Signed-off-by: Ceping Sun <cepingx.sun@intel.com> > > > > Acked-by: Gerd Hoffmann <kraxel@redhat.com> > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106971): https://edk2.groups.io/g/devel/message/106971 Mute This Topic: https://groups.io/mt/100054785/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.