The build depends on OvmfPkg/AmdSev/Grub/grub.efi, and grub.efi further
depends on Grub with efisecret support. When the build system's native
Grub supports efisecret, remove this fake OvmfPkg/AmdSev/Grub/grub.efi.
Signed-off-by: hanliyang <hanliyang@hygon.cn>
This PR backports 3 commits:
020cc9e2e705 OvmfPkg: Disable PcdFirstTimeWakeUpAPsBySipi
8b66f9df1bb0 OvmfPkg/AmdSev: Disable PcdFirstTimeWakeUpAPsBySipi
f008890ae559 OvmfPkg/AmdSev: fix BdsPlatform.c assertion failure during boot
from upstream to fix the regression of boot failure on OvmfPkg/AmdSev
Signed-off-by: hanliyang <hanliyang@hygon.cn>
When building OVMF{_CODE}.fd using OvmfPkgX64.dsc and define
SECURE_BOOT_ENABLE=TRUE, the OVMF{_CODE}.fd will failure to boot the
AMD SEV/SEV-ES/SEV-SNP and Hygon CSV/CSV2/CSV3 VMs. The root cause
is that the upstream commit 4f173db8b45b ("OvmfPkg/PlatformInitLib:
Add functions for EmuVariableNvStore") rename the function from
TdxValidateCfv to PlatformValidateNvVarStore, and place the function
PlatformValidateNvVarStore to the common lib PlatformInitLib.
I have submitted a bugzilla to the community:
https://bugzilla.tianocore.org/show_bug.cgi?id=4807
and sent partial fix patches to the mailing lists:
https://edk2.groups.io/g/devel/message/119921?p=%2C%2C%2C20%2C0%2C0%2C0%3A%3Acreated%2C%2COvmfPkg%2FPlatformInitLib%3A+Detect+FlashNvVarStore+before+validate+it%2C20%2C2%2C0%2C107212891
I don't have a machine that supports SEV-SNP, so I ultimately can't
fully fix the issue, and the patches I sent couldn't be accepted.
In order to support boot AMD SEV... and Hygon CSV... VMs using the OVMF
from the RPM package, I modified the edk2.spec to build OVMF.fd,
OVMF_CODE.fd and OVMF_VARS.fd without the build option
' -D SECURE_BOOT_ENABLE=TRUE'.
Signed-off-by: hanliyang <hanliyang@hygon.cn>
The live migration of Hygon CSV1/2/3 guest depends on the KVM
hypercall KVM_HC_MAP_GPA_RANGE, add code to sync page enc/dec
status to KVM.
The MMIO routine of VC handler will get memory encrypt status to
validate MMIO address. MemEncryptSevGetEncryptionMask() will enable
interrupt while interrupt must be disabled during VC. During DXE
stage, VC routine as below:
CcExitHandleVc
-> MemEncryptSevGetAddressRangeState
-> MemEncryptSevGetEncryptionMask->PcdGet64(PcdPteMemoryEncryptionAddressOrMask)
Signed-off-by: hanliyang <hanliyang@hygon.cn>
As commit(2997ae387397) make EFI_LOADER_DATA non-executable, old
operation system using old GRUB cannot boot. As we need to support
these operation systems, make EFI_LOADER_DATA executable again.
Signed-off-by: jiangdongxu <jiangdongxu1@huawei.com>
fix ucs-2 lookup on python3.9
Work around array.array.tostring() removal in python3.9
(cherry-pick: 5d8648345c 43bec9ea3d)
Signed-off-by: Jinhua Cao <caojinhua1@huawei.com>
Gary reports the GCC 10 will emit calls to atomics intrinsics routines
unless -mno-outline-atomics is specified. This means GCC-10 introduces
new intrinsics, and even though it would be possible to work around this
by specifying the command line option, this would require a new GCC10
toolchain profile to be created, which we prefer to avoid.
So instead, add the new intrinsics to our library so they are provided
when necessary.
