Fix boot failure on OvmfPkg/AmdSev

This PR backports 3 commits:

  020cc9e2e705 OvmfPkg: Disable PcdFirstTimeWakeUpAPsBySipi
  8b66f9df1bb0 OvmfPkg/AmdSev: Disable PcdFirstTimeWakeUpAPsBySipi
  f008890ae559 OvmfPkg/AmdSev: fix BdsPlatform.c assertion failure during boot

from upstream to fix the regression of boot failure on OvmfPkg/AmdSev

Signed-off-by: hanliyang <hanliyang@hygon.cn>

0083-OvmfPkg-Disable-PcdFirstTimeWakeUpAPsBySipi.patch

@@ -0,0 +1,85 @@
+From 65516ad2e063622e06e2f0857f0847d5ad0824b3 Mon Sep 17 00:00:00 2001
+From: YuanhaoXie <yuanhao.xie@intel.com>
+Date: Tue, 22 Aug 2023 09:52:14 +0800
+Subject: [PATCH 1/3] OvmfPkg: Disable PcdFirstTimeWakeUpAPsBySipi
+
+commit 020cc9e2e7053bb62247b0babbbe80cb855592e5 upstream.
+
+Disable PcdFirstTimeWakeUpAPsBySipi for IntelTdx, Microvm, and Xen to
+preserve the original execution of INIT-SIPI-SIPI.
+
+Cc: Eric Dong <eric.dong@intel.com>
+Cc: Ray Ni <ray.ni@intel.com>
+Cc: Rahul Kumar <rahul1.kumar@intel.com>
+Cc: Gerd Hoffmann <kraxel@redhat.com>
+Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
+Cc: Jiewen Yao <jiewen.yao@intel.com>
+Cc: Jordan Justen <jordan.l.justen@intel.com>
+Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ OvmfPkg/IntelTdx/IntelTdxX64.dsc | 8 ++++++++
+ OvmfPkg/Microvm/MicrovmX64.dsc   | 8 ++++++++
+ OvmfPkg/OvmfXen.dsc              | 8 ++++++++
+ 3 files changed, 24 insertions(+)
+
+diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+index e9cdd70f..020d12e2 100644
+--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
++++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+@@ -464,6 +464,14 @@
+   # Point to the MdeModulePkg/Application/UiApp/UiApp.inf
+   gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 }
+ 
++  #
++  # PcdFirstTimeWakeUpAPsBySipi determines whether to employ
++  # SIPI instead of the INIT-SIPI-SIPI sequence during APs
++  # initialization. Deactivate this parameter to preserve
++  # the original execution of INIT-SIPI-SIPI.
++  #
++  gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
++
+ ################################################################################
+ #
+ # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
+diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
+index 2f758563..d2ef1e00 100644
+--- a/OvmfPkg/Microvm/MicrovmX64.dsc
++++ b/OvmfPkg/Microvm/MicrovmX64.dsc
+@@ -566,6 +566,14 @@
+   gEfiMdeModulePkgTokenSpaceGuid.PcdSerialPciDeviceInfo|{0xFF}
+   gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x3f8
+ 
++  #
++  # PcdFirstTimeWakeUpAPsBySipi determines whether to employ
++  # SIPI instead of the INIT-SIPI-SIPI sequence during APs
++  # initialization. Deactivate this parameter to preserve
++  # the original execution of INIT-SIPI-SIPI.
++  #
++  gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
++
+ ################################################################################
+ #
+ # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
+diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
+index 210578c1..dcb99d1f 100644
+--- a/OvmfPkg/OvmfXen.dsc
++++ b/OvmfPkg/OvmfXen.dsc
+@@ -458,6 +458,14 @@
+   # We populate DXE IPL tables with 1G pages preferably on Xen
+   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE
+ 
++  #
++  # PcdFirstTimeWakeUpAPsBySipi determines whether to employ
++  # SIPI instead of the INIT-SIPI-SIPI sequence during APs
++  # initialization. Deactivate this parameter to preserve
++  # the original execution of INIT-SIPI-SIPI.
++  #
++  gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
++
+ ################################################################################
+ #
+ # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
+-- 
+2.25.1
+

0084-OvmfPkg-AmdSev-Disable-PcdFirstTimeWakeUpAPsBySipi.patch

@@ -0,0 +1,47 @@
+From 84f0fb21e90100753b897b34162748216e44ec8d Mon Sep 17 00:00:00 2001
+From: Michael Roth <michael.roth@amd.com>
+Date: Wed, 16 Aug 2023 15:11:46 -0500
+Subject: [PATCH 2/3] OvmfPkg/AmdSev: Disable PcdFirstTimeWakeUpAPsBySipi
+
+commit 8b66f9df1bb0fd5ebb743944d41cb33178cf2fdd upstream.
+
+PcdFirstTimeWakeUpAPsBySipi was recently introduced to indicate when the
+full INIT-SIPI-SIPI sequence can be skipped for AP bringup. It is true
+by default, but needs to be disabled for QEMU/OVMF where early INIT is
+not simulated. Commit 1d76560146 ("OvmfPkg: Disable
+PcdFirstTimeWakeUpAPsBySipi.") added changes to disable it by default
+for OvmfPkg, but a similar change was not made for the AmdSev package.
+This breaks booting of SEV and SNP guests.
+
+Fix this defaulting PcdFirstTimeWakeUpAPsBySipi to false for AmdSev
+package, as was previously done for OvmfPkg variants.
+
+Fixes: eaffa1d7ff ("UefiCpuPkg:Wake up APs after power-up or RESET through SIPI.")
+Signed-off-by: Michael Roth <michael.roth@amd.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
+index 31bff348..44acbb7f 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
+@@ -469,6 +469,14 @@
+   gEfiMdeModulePkgTokenSpaceGuid.PcdConInConnectOnDemand|TRUE
+   gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware|TRUE
+ 
++  #
++  # INIT is now triggered before BIOS by ucode/hardware. In the OVMF
++  # environment, QEMU lacks a simulation for the INIT process.
++  # To address this, PcdFirstTimeWakeUpAPsBySipi set to FALSE to
++  # broadcast INIT-SIPI-SIPI for the first time.
++  #
++  gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
++
+ ################################################################################
+ #
+ # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
+-- 
+2.25.1
+

0085-OvmfPkg-AmdSev-fix-BdsPlatform.c-assertion-failure-d.patch

@@ -0,0 +1,73 @@
+From 04ae456fde2e20bce01155a4d9a581a7f1205160 Mon Sep 17 00:00:00 2001
+From: "Roth, Michael via groups.io" <Michael.Roth=amd.com@groups.io>
+Date: Wed, 16 Aug 2023 15:11:45 -0500
+Subject: [PATCH 3/3] OvmfPkg/AmdSev: fix BdsPlatform.c assertion failure
+ during boot
+
+commit f008890ae55929f7f17e7d2f8aff929255007d33 upstream.
+
+Booting an SEV guest with AmdSev OVMF package currently triggers the
+following assertion with QEMU:
+
+  InstallQemuFwCfgTables: installed 7 tables
+  PcRtc: Write 0x20 to CMOS location 0x32
+  [Variable]END_OF_DXE is signaled
+  Initialize variable error flag (FF)
+
+  ASSERT_EFI_ERROR (Status = Not Found)
+  ASSERT [BdsDxe] /home/VT_BUILD/ovmf/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c(1711): !(((INTN)(RETURN_STATUS)(Status)) < 0)
+
+This seems to be due to commit 81dc0d8b4c, which switched to using
+PlatformBootManagerLib instead of PlatformBootManagerLibGrub. That pulls
+in a dependency on gEfiS3SaveStateProtocolGuid provider being available
+(which is asserted for in
+BdsPlatform.c:PlatformBootManagerBeforeConsole()/SaveS3BootScript()),
+but the libraries that provide it aren't currently included in the
+build. Add them similarly to what's done for OvmfPkg.
+
+Fixes: 81dc0d8b4c ("OvmfPkg/AmdSev: stop using PlatformBootManagerLibGrub")
+Signed-off-by: Michael Roth <michael.roth@amd.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
+---
+ OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +++
+ OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
+index 44acbb7f..29705131 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
+@@ -201,6 +201,7 @@
+ 
+   SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
+   OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
++  S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
+ 
+ !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+ 
+@@ -718,6 +719,8 @@
+   #
+   MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf
+   OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
++  MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf
++  MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ 
+   #
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
+index b0d9033f..0bf87be2 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
++++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
+@@ -279,6 +279,8 @@ INF  OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf
+ 
+ INF  MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf
+ INF  OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
++INF  MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf
++INF  MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ 
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+-- 
+2.25.1
+

edk2.spec

@@ -7,7 +7,7 @@
 
 Name: edk2
 Version: %{stable_date}
-Release: 19
+Release: 20
 Summary: EFI Development Kit II
 License: BSD-2-Clause-Patent and OpenSSL and MIT 
 URL: https://github.com/tianocore/edk2
@@ -132,6 +132,11 @@ patch80: 0080-Fix-timing-side-channel-CVE-2024-13176.patch
 patch81: 0081-Free-the-read-buffers-CVE-2024-4741.patch
 patch82: 0082-Process-key-length-CVE-2023-5363.patch
 
+# Fix some boot failures on OvmfPkg/AmdSev
+patch83: 0083-OvmfPkg-Disable-PcdFirstTimeWakeUpAPsBySipi.patch
+patch84: 0084-OvmfPkg-AmdSev-Disable-PcdFirstTimeWakeUpAPsBySipi.patch
+patch85: 0085-OvmfPkg-AmdSev-fix-BdsPlatform.c-assertion-failure-d.patch
+
 BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python3-unversioned-command isl 
 
 %description
@@ -422,6 +427,9 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
 %endif
 
 %changelog
+* Thu Mar 13 2025 hanliyang<hanliyang@hygon.cn> - 202308-20
+- Fix boot failure on OvmfPkg/AmdSev
+
 * Sun Mar 9 2025 shenyage<shenyage1@huawei.com> - 202308-19
 - fix bugs for CVE-2023-45236、CVE-2023-45237