]> git.proxmox.com Git - mirror_edk2.git/blobdiff - OvmfPkg/PlatformPei/AmdSev.c
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when SEV is active
[mirror_edk2.git] / OvmfPkg / PlatformPei / AmdSev.c
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index 26f7c3fdbb13c0daa2c5ad685f1b21c189b7f8bd..1539e5b5cdce152c606d181f960256a58dbeaeac 100644 (file)
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -59,4 +59,11 @@ AmdSevInitialize (
   ASSERT_RETURN_ERROR (PcdStatus);\r
 \r
   DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));\r
+\r
+  //\r
+  // Set Pcd to Deny the execution of option ROM when security\r
+  // violation.\r
+  //\r
+  PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);\r
+  ASSERT_RETURN_ERROR (PcdStatus);\r
 }\r
EFI Development Kit II mirror for PVE