[edk2-devel] [PATCH 1/2] OvmfPkg/OvmfPkgX64: Add SEV launch secret and hashes table areas to MEMFD
Dov Murik
dovmurik at linux.ibm.com
Wed Nov 3 08:13:10 UTC 2021
On 03/11/2021 8:07, Gerd Hoffmann wrote:
> Hi,
>
>>>> Does SEV need and/or use SMM mode? Looking through AmdSevX64.dsc
>>>> doesn't give a clear answer, on one hand there is a
>>>> LibraryClasses.common.SMM_CORE section, but on the other hand it uses
>>>> the non-SMM variable driver stack.
>>>
>>> I think SEV doesn't work with SMM. James - can you please give a more
>>> definitive answer here?
>>
>> SEV works with SMM, but SEV-ES (and likely SEV-SNP) doesn't work with SMM
>> because of the fact that the hypervisor wants to change the guest register
>> state to enter SMM, which isn't allowed and results in a VMRUN failure.
>
> Ok. So the same reason why TDX doesn't support SMM either.
>
>> It might be possible to get SMM to work by having separate VMSAs for the SMM
>> state, but it is not anything that really has been investigated too deeply.
>
> Should we just drop the SMM leftovers in AmdSevX64.{dsc,fdf} then?
>
Yes please. I can test such changes with the AmdSevX86 build.
-Dov
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#83230): https://edk2.groups.io/g/devel/message/83230
Mute This Topic: https://groups.io/mt/86761214/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list