packages/edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix boot failure on OvmfPkg/AmdSev

Browse Source 
This PR backports 3 commits:

  020cc9e2e705 OvmfPkg: Disable PcdFirstTimeWakeUpAPsBySipi
  8b66f9df1bb0 OvmfPkg/AmdSev: Disable PcdFirstTimeWakeUpAPsBySipi
  f008890ae559 OvmfPkg/AmdSev: fix BdsPlatform.c assertion failure during boot

from upstream to fix the regression of boot failure on OvmfPkg/AmdSev

Signed-off-by: hanliyang <hanliyang@hygon.cn>
This commit is contained in:
hanliyang 2025-03-13 17:43:25 +08:00
parent 175a6834c0
commit ca2a749250
4 changed files with 214 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
0083-OvmfPkg-Disable-PcdFirstTimeWakeUpAPsBySipi.patch Normal file
View File

@ -0,0 +1,85 @@
From 65516ad2e063622e06e2f0857f0847d5ad0824b3 Mon Sep 17 00:00:00 2001
From: YuanhaoXie <yuanhao.xie@intel.com>
Date: Tue, 22 Aug 2023 09:52:14 +0800
Subject: [PATCH 1/3] OvmfPkg: Disable PcdFirstTimeWakeUpAPsBySipi
commit 020cc9e2e7053bb62247b0babbbe80cb855592e5 upstream.
Disable PcdFirstTimeWakeUpAPsBySipi for IntelTdx, Microvm, and Xen to
preserve the original execution of INIT-SIPI-SIPI.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 8 ++++++++
OvmfPkg/Microvm/MicrovmX64.dsc | 8 ++++++++
OvmfPkg/OvmfXen.dsc | 8 ++++++++
3 files changed, 24 insertions(+)
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index e9cdd70f..020d12e2 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -464,6 +464,14 @@
# Point to the MdeModulePkg/Application/UiApp/UiApp.inf
gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 }
+ #
+ # PcdFirstTimeWakeUpAPsBySipi determines whether to employ
+ # SIPI instead of the INIT-SIPI-SIPI sequence during APs
+ # initialization. Deactivate this parameter to preserve
+ # the original execution of INIT-SIPI-SIPI.
+ #
+ gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
+
################################################################################
#
# Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 2f758563..d2ef1e00 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -566,6 +566,14 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdSerialPciDeviceInfo|{0xFF}
gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x3f8
+ #
+ # PcdFirstTimeWakeUpAPsBySipi determines whether to employ
+ # SIPI instead of the INIT-SIPI-SIPI sequence during APs
+ # initialization. Deactivate this parameter to preserve
+ # the original execution of INIT-SIPI-SIPI.
+ #
+ gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
+
################################################################################
#
# Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 210578c1..dcb99d1f 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -458,6 +458,14 @@
# We populate DXE IPL tables with 1G pages preferably on Xen
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE
+ #
+ # PcdFirstTimeWakeUpAPsBySipi determines whether to employ
+ # SIPI instead of the INIT-SIPI-SIPI sequence during APs
+ # initialization. Deactivate this parameter to preserve
+ # the original execution of INIT-SIPI-SIPI.
+ #
+ gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
+
################################################################################
#
# Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
--
2.25.1

47
0084-OvmfPkg-AmdSev-Disable-PcdFirstTimeWakeUpAPsBySipi.patch Normal file
View File

@ -0,0 +1,47 @@
From 84f0fb21e90100753b897b34162748216e44ec8d Mon Sep 17 00:00:00 2001
From: Michael Roth <michael.roth@amd.com>
Date: Wed, 16 Aug 2023 15:11:46 -0500
Subject: [PATCH 2/3] OvmfPkg/AmdSev: Disable PcdFirstTimeWakeUpAPsBySipi
commit 8b66f9df1bb0fd5ebb743944d41cb33178cf2fdd upstream.
PcdFirstTimeWakeUpAPsBySipi was recently introduced to indicate when the
full INIT-SIPI-SIPI sequence can be skipped for AP bringup. It is true
by default, but needs to be disabled for QEMU/OVMF where early INIT is
not simulated. Commit 1d76560146 ("OvmfPkg: Disable
PcdFirstTimeWakeUpAPsBySipi.") added changes to disable it by default
for OvmfPkg, but a similar change was not made for the AmdSev package.
This breaks booting of SEV and SNP guests.
Fix this defaulting PcdFirstTimeWakeUpAPsBySipi to false for AmdSev
package, as was previously done for OvmfPkg variants.
Fixes: eaffa1d7ff ("UefiCpuPkg:Wake up APs after power-up or RESET through SIPI.")
Signed-off-by: Michael Roth <michael.roth@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 31bff348..44acbb7f 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -469,6 +469,14 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdConInConnectOnDemand|TRUE
gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware|TRUE
+ #
+ # INIT is now triggered before BIOS by ucode/hardware. In the OVMF
+ # environment, QEMU lacks a simulation for the INIT process.
+ # To address this, PcdFirstTimeWakeUpAPsBySipi set to FALSE to
+ # broadcast INIT-SIPI-SIPI for the first time.
+ #
+ gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
+
################################################################################
#
# Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
--
2.25.1

73
0085-OvmfPkg-AmdSev-fix-BdsPlatform.c-assertion-failure-d.patch Normal file
View File

@ -0,0 +1,73 @@
From 04ae456fde2e20bce01155a4d9a581a7f1205160 Mon Sep 17 00:00:00 2001
From: "Roth, Michael via groups.io" <Michael.Roth=amd.com@groups.io>
Date: Wed, 16 Aug 2023 15:11:45 -0500
Subject: [PATCH 3/3] OvmfPkg/AmdSev: fix BdsPlatform.c assertion failure
during boot
commit f008890ae55929f7f17e7d2f8aff929255007d33 upstream.
Booting an SEV guest with AmdSev OVMF package currently triggers the
following assertion with QEMU:
InstallQemuFwCfgTables: installed 7 tables
PcRtc: Write 0x20 to CMOS location 0x32
[Variable]END_OF_DXE is signaled
Initialize variable error flag (FF)
ASSERT_EFI_ERROR (Status = Not Found)
ASSERT [BdsDxe] /home/VT_BUILD/ovmf/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c(1711): !(((INTN)(RETURN_STATUS)(Status)) < 0)
This seems to be due to commit 81dc0d8b4c, which switched to using
PlatformBootManagerLib instead of PlatformBootManagerLibGrub. That pulls
in a dependency on gEfiS3SaveStateProtocolGuid provider being available
(which is asserted for in
BdsPlatform.c:PlatformBootManagerBeforeConsole()/SaveS3BootScript()),
but the libraries that provide it aren't currently included in the
build. Add them similarly to what's done for OvmfPkg.
Fixes: 81dc0d8b4c ("OvmfPkg/AmdSev: stop using PlatformBootManagerLibGrub")
Signed-off-by: Michael Roth <michael.roth@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +++
OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++
2 files changed, 5 insertions(+)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 44acbb7f..29705131 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -201,6 +201,7 @@
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
+ S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
@@ -718,6 +719,8 @@
#
MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf
OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
+ MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf
+ MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
#
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index b0d9033f..0bf87be2 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -279,6 +279,8 @@ INF OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf
INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf
INF OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
+INF MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf
+INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf
--
2.25.1

10
edk2.spec
View File

@ -7,7 +7,7 @@
Name: edk2 Name: edk2
Version: %{stable_date} Version: %{stable_date}
Release: 19 Release: 20
Summary: EFI Development Kit II Summary: EFI Development Kit II
License: BSD-2-Clause-Patent and OpenSSL and MIT License: BSD-2-Clause-Patent and OpenSSL and MIT
URL: https://github.com/tianocore/edk2 URL: https://github.com/tianocore/edk2
@ -132,6 +132,11 @@ patch80: 0080-Fix-timing-side-channel-CVE-2024-13176.patch
patch81: 0081-Free-the-read-buffers-CVE-2024-4741.patch patch81: 0081-Free-the-read-buffers-CVE-2024-4741.patch
patch82: 0082-Process-key-length-CVE-2023-5363.patch patch82: 0082-Process-key-length-CVE-2023-5363.patch
# Fix some boot failures on OvmfPkg/AmdSev
patch83: 0083-OvmfPkg-Disable-PcdFirstTimeWakeUpAPsBySipi.patch
patch84: 0084-OvmfPkg-AmdSev-Disable-PcdFirstTimeWakeUpAPsBySipi.patch
patch85: 0085-OvmfPkg-AmdSev-fix-BdsPlatform.c-assertion-failure-d.patch
BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python3-unversioned-command isl BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python3-unversioned-command isl
%description %description
@ -422,6 +427,9 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
%endif %endif
%changelog %changelog
* Thu Mar 13 2025 hanliyang<hanliyang@hygon.cn> - 202308-20
- Fix boot failure on OvmfPkg/AmdSev
* Sun Mar 9 2025 shenyage<shenyage1@huawei.com> - 202308-19 * Sun Mar 9 2025 shenyage<shenyage1@huawei.com> - 202308-19
- fix bugs for CVE-2023-45236、CVE-2023-45237 - fix bugs for CVE-2023-45236、CVE-2023-45237