BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3835
The commit
ade62c18f4742301bbef474ac10518bde5972fba caused a boot failure
when OVMF is build with SECURE_BOOT/SMM enabled.
This happen because the above commit extended the BaseMemEncryptSevLib.inf
to include VmgExitLib. The FvbServicesSmm uses the functions provided
by the MemEncryptSevLib to clear the memory encryption mask from the
page table. It created a dependency, as shown below
OvmfPkg/FvbServicesSmm.inf
---> MemEncryptSevLib class
---> "OvmfPkg/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf" instance
---> VmgExitLib
---> "OvmfPkg/VmgExitLib" instance
---> LocalApicLib class
---> UefiCpuPkg/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf instance
---> TimerLib class
---> "OvmfPkg/AcpiTimerLib/DxeAcpiTimerLib.inf" instance
---> PciLib class
---> "OvmfPkg/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf" instance
The LocalApicLib provides a constructor, execution of the constructor
causes an exception. The SEV-ES and SEV-SNP do not support the SMM, so
skip including the VmgExitLib chain. Use the module override to use the
VmgExitLibNull to avoid the inclusion of unneeded LocalApicLib dependency
chain in FvbServicesSmm. We ran similar issue for AmdSevDxe driver,
see commit
19914edc5a0202cc7830f819ffac7e7b2368166a
After the patch, the dependency look like this:
OvmfPkg/FvbServicesSmm.inf
---> MemEncryptSevLib class
---> "OvmfPkg/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf" instance
---> VmgExitLib
---> "UefiCpuPkg/Library/VmgExitLibNull" instance
Fixes: ade62c18f4742301bbef474ac10518bde5972fba
Reported-by: Aaron Young <aaron.young@oracle.com>
Cc: Dann Frazier <dann.frazier@canonical.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Tested-by: dann frazier <dann.frazier@canonical.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
#\r
# Variable driver stack (SMM)\r
#\r
- OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf\r
+ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf {\r
+ <LibraryClasses>\r
+ VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf\r
+ }\r
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf\r
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {\r
<LibraryClasses>\r
#\r
# Variable driver stack (SMM)\r
#\r
- OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf\r
+ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf {\r
+ <LibraryClasses>\r
+ VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf\r
+ }\r
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf\r
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {\r
<LibraryClasses>\r
#\r
# Variable driver stack (SMM)\r
#\r
- OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf\r
+ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf {\r
+ <LibraryClasses>\r
+ VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf\r
+ }\r
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf\r
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {\r
<LibraryClasses>\r
#\r
# Variable driver stack (SMM)\r
#\r
- OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf\r
+ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf {\r
+ <LibraryClasses>\r
+ VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf\r
+ }\r
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf\r
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {\r
<LibraryClasses>\r
projects / mirror_edk2.git / commitdiff