]> git.proxmox.com Git - mirror_edk2.git/blobdiff - OvmfPkg/OvmfPkgX64.fdf
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
OvmfPkg/OvmfPkgX64: Adjust load sequence of TdxDxe and AmdSevDxe driver
[mirror_edk2.git] / OvmfPkg / OvmfPkgX64.fdf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 71df28705ea859bc2b16b184891b972a3fa8e06d..6e72cdf3453e2484bd4ed010d8dc021496160030 100644 (file)
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -214,8 +214,13 @@ READ_LOCK_STATUS   = TRUE
 APRIORI DXE {\r
   INF  MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf\r
   INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf\r
-  INF  OvmfPkg/TdxDxe/TdxDxe.inf\r
+  # AmdSevDxe must be loaded before TdxDxe. Because in SEV guest AmdSevDxe\r
+  # driver performs a MemEncryptSevClearMmioPageEncMask() call against the\r
+  # PcdPciExpressBaseAddress range to mark it shared/unencrypted.\r
+  # Otherwise #VC handler terminates the guest for trying to do MMIO to an\r
+  # encrypted region (Since the range has not been marked shared/unencrypted).\r
   INF  OvmfPkg/AmdSevDxe/AmdSevDxe.inf\r
+  INF  OvmfPkg/TdxDxe/TdxDxe.inf\r
 !if $(SMM_REQUIRE) == FALSE\r
   INF  OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf\r
 !endif\r
EFI Development Kit II mirror for PVE