OvmfPkg/PeilessStartupLib: Updated with PcdSecureBootSupported

[edk2-devel] [PATCH V1] OvmfPkg/PeilessStartupLib: Updated with PcdSecureBootSupported

Posted by sunceping 9 months, 3 weeks ago

SECURE_BOOT_FEATURE_ENABLED was dropped by the commit(92da8a154f), but the
PeilessStartupLib was not updated with PcdSecureBootSupported, that made
SecureBoot no longer work in IntelTdxX64.

Fix this by replacing SECURE_BOOT_FEATURE_ENABLED with
PcdSecureBootSupported in PeilessStartupLib.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
---
 OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c      | 6 +++---
 OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
index 164aa2d619..1632a23177 100644
--- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
+++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
@@ -82,9 +82,9 @@ InitializePlatform (
 
   VariableStore                                  = PlatformReserveEmuVariableNvStore ();
   PlatformInfoHob->PcdEmuVariableNvStoreReserved = (UINT64)(UINTN)VariableStore;
- #ifdef SECURE_BOOT_FEATURE_ENABLED
-  PlatformInitEmuVariableNvStore (VariableStore);
- #endif
+  if (FeaturePcdGet (PcdSecureBootSupported)) {
+    PlatformInitEmuVariableNvStore (VariableStore);
+  }
 
   if (TdIsEnabled ()) {
     PlatformTdxPublishRamRegions ();
diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
index 7719b5031d..585d504637 100644
--- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
+++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
@@ -83,3 +83,4 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask    ## CONSUMES
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106764): https://edk2.groups.io/g/devel/message/106764
Mute This Topic: https://groups.io/mt/100054785/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V1] OvmfPkg/PeilessStartupLib: Updated with PcdSecureBootSupported

Posted by Gerd Hoffmann 9 months, 3 weeks ago

On Mon, Jul 10, 2023 at 06:05:39PM +0800, sunceping wrote:
> SECURE_BOOT_FEATURE_ENABLED was dropped by the commit(92da8a154f), but the
> PeilessStartupLib was not updated with PcdSecureBootSupported, that made
> SecureBoot no longer work in IntelTdxX64.
> 
> Fix this by replacing SECURE_BOOT_FEATURE_ENABLED with
> PcdSecureBootSupported in PeilessStartupLib.
> 
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>

Acked-by: Gerd Hoffmann <kraxel@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106765): https://edk2.groups.io/g/devel/message/106765
Mute This Topic: https://groups.io/mt/100054785/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V1] OvmfPkg/PeilessStartupLib: Updated with PcdSecureBootSupported

Posted by Yao, Jiewen 9 months, 2 weeks ago

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gerd
> Hoffmann
> Sent: Monday, July 10, 2023 6:36 PM
> To: devel@edk2.groups.io; Sun, CepingX <cepingx.sun@intel.com>
> Cc: Aktas, Erdem <erdemaktas@google.com>; James Bottomley
> <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>; Xu, Min M
> <min.m.xu@intel.com>; Tom Lendacky <thomas.lendacky@amd.com>; Michael
> Roth <michael.roth@amd.com>
> Subject: Re: [edk2-devel] [PATCH V1] OvmfPkg/PeilessStartupLib: Updated with
> PcdSecureBootSupported
> 
> On Mon, Jul 10, 2023 at 06:05:39PM +0800, sunceping wrote:
> > SECURE_BOOT_FEATURE_ENABLED was dropped by the commit(92da8a154f),
> but the
> > PeilessStartupLib was not updated with PcdSecureBootSupported, that made
> > SecureBoot no longer work in IntelTdxX64.
> >
> > Fix this by replacing SECURE_BOOT_FEATURE_ENABLED with
> > PcdSecureBootSupported in PeilessStartupLib.
> >
> > Cc: Erdem Aktas <erdemaktas@google.com>
> > Cc: James Bottomley <jejb@linux.ibm.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Gerd Hoffmann <kraxel@redhat.com>
> > Cc: Min Xu <min.m.xu@intel.com>
> > Cc: Tom Lendacky <thomas.lendacky@amd.com>
> > Cc: Michael Roth <michael.roth@amd.com>
> > Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
> 
> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106953): https://edk2.groups.io/g/devel/message/106953
Mute This Topic: https://groups.io/mt/100054785/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V1] OvmfPkg/PeilessStartupLib: Updated with PcdSecureBootSupported

Posted by Erdem Aktas via groups.io 9 months, 2 weeks ago

Reviewed-by: Erdem Aktas <erdemaktas@google.com>


On Sun, Jul 16, 2023 at 6:55 PM Yao, Jiewen <jiewen.yao@intel.com> wrote:
>
> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gerd
> > Hoffmann
> > Sent: Monday, July 10, 2023 6:36 PM
> > To: devel@edk2.groups.io; Sun, CepingX <cepingx.sun@intel.com>
> > Cc: Aktas, Erdem <erdemaktas@google.com>; James Bottomley
> > <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>; Xu, Min M
> > <min.m.xu@intel.com>; Tom Lendacky <thomas.lendacky@amd.com>; Michael
> > Roth <michael.roth@amd.com>
> > Subject: Re: [edk2-devel] [PATCH V1] OvmfPkg/PeilessStartupLib: Updated with
> > PcdSecureBootSupported
> >
> > On Mon, Jul 10, 2023 at 06:05:39PM +0800, sunceping wrote:
> > > SECURE_BOOT_FEATURE_ENABLED was dropped by the commit(92da8a154f),
> > but the
> > > PeilessStartupLib was not updated with PcdSecureBootSupported, that made
> > > SecureBoot no longer work in IntelTdxX64.
> > >
> > > Fix this by replacing SECURE_BOOT_FEATURE_ENABLED with
> > > PcdSecureBootSupported in PeilessStartupLib.
> > >
> > > Cc: Erdem Aktas <erdemaktas@google.com>
> > > Cc: James Bottomley <jejb@linux.ibm.com>
> > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > Cc: Gerd Hoffmann <kraxel@redhat.com>
> > > Cc: Min Xu <min.m.xu@intel.com>
> > > Cc: Tom Lendacky <thomas.lendacky@amd.com>
> > > Cc: Michael Roth <michael.roth@amd.com>
> > > Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
> >
> > Acked-by: Gerd Hoffmann <kraxel@redhat.com>
> >
> >
> >
> > 
> >
>


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106971): https://edk2.groups.io/g/devel/message/106971
Mute This Topic: https://groups.io/mt/100054785/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-