[edk2-devel] [PATCH v2 1/6] OvmfPkg/Amdsev: Base commit to build encrypted boot specific OVMF
James Bottomley
jejb at linux.ibm.com
Mon Nov 23 23:25:29 UTC 2020
On Mon, 2020-11-23 at 19:01 +0100, Laszlo Ersek wrote:
> On 11/20/20 19:45, James Bottomley wrote:
> > This commit represents the file copied from OvmfPkgX64 with minor
> > changes to change the build name.
> >
> > This package will form the basis for adding Sev specific features.
> > Since everything must go into a single rom file for attestation,
> > the separated build of code and variables is eliminated.
> >
> > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077
> > Signed-off-by: James Bottomley <jejb at linux.ibm.com>
> >
> > ---
> >
> > v2: remove secure boot, smm and networking
> > ---
> > OvmfPkg/AmdSev/AmdSevX64.dsc | 867
> > +++++++++++++++++++++++++++++++++++
> > OvmfPkg/AmdSev/AmdSevX64.fdf | 461 +++++++++++++++++++
> > 2 files changed, 1328 insertions(+)
> > create mode 100644 OvmfPkg/AmdSev/AmdSevX64.dsc
> > create mode 100644 OvmfPkg/AmdSev/AmdSevX64.fdf
> >
> > diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc
> > b/OvmfPkg/AmdSev/AmdSevX64.dsc
> > new file mode 100644
> > index 000000000000..852be757bfbe
> > --- /dev/null
> > +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
> > @@ -0,0 +1,867 @@
>
> [...]
>
> > +[LibraryClasses]
>
> [...]
>
> > + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
>
> (1) The following two lib class resolutions are missing here:
>
>
> VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePoli
> cyLib.inf
>
> VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/
> VariablePolicyHelperLib.inf
>
> They were added to the other OVMF DSC files in commit 435a05aff54d
> ("OvmfPkg: Add VariablePolicy engine to OvmfPkg platform", 2020-11-
> 17). This dependency didn't exist at the time of your v1 posting (Nov
> 12th, in my time zone).
>
> But now the new platform doesn't seem to build without them:
>
> > OvmfPkg/AmdSev/AmdSevX64.dsc(...): error 4000: Instance of library
> > class [VariablePolicyLib] is not found
> > in
> > [MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf]
> > [X64]
> > consumed by module
> > [MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf]
>
> They are required by
> "MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf"
> too, not just by
> "MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf"
> (which is correctly removed by this patch).
>
> ... actually, for VariableRuntimeDxe:
Yes, I've rebased and added the necessary new libraries to get it to
build.
> On 11/20/20 19:45, James Bottomley wrote:
>
> [...]
>
> > +[LibraryClasses.common.DXE_RUNTIME_DRIVER]
>
> [...]
>
> > + QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibF
> > wCfg.inf
>
> (2) the following (DXE_RUNTIME_DRIVER-specific) lib class resolution
> is missing here:
>
>
> VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePoli
> cyLibRuntimeDxe.inf
>
>
> ... So I think that, for (1)+(2) together, simply the "OvmfXen.dsc"
> hunks from 435a05aff54d should be incorporated into this patch.
Yes, I based the fix on that.
> [...]
>
> > +[PcdsFixedAtBuild]
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationCh
> > ange|FALSE
> > + gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10
> > +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048)
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> > + # match PcdFlashNvStorageVariableSize purely for convenience
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xe000
> > +!endif
> > +!if $(FD_SIZE_IN_KB) == 4096
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8400
> > + # match PcdFlashNvStorageVariableSize purely for convenience
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x40000
> > +!endif
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x4000
> > 0
>
> (3) The above two PCD settings are conditional on NETWORK_TLS_ENABLE
> being TRUE, so please remove them together with the condition.
I removed them and assumed "with the condition" meant with the
condition you removed in the first iteration.
> Right now, they override the settings in the just preceding blocks
> (which depend on FD_SIZE_IN_KB being 1M / 2M / 4M).
>
> [...]
>
> > +[PcdsDynamicDefault]
> > + # only set when
> > + # ($(SMM_REQUIRE) == FALSE)
>
> (4) please remove the comment (only the comment)
>
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
>
> [...]
>
> > +[Components]
>
> [...]
>
> > + OvmfPkg/VirtioNetDxe/VirtioNet.inf
>
> (5) Please remove this driver from the DSC file too (you correctly
> removed it from the FDF file). Right now, the driver is built, just
> not included. We shouldn't build it.
Done.
Thanks!
James
> The rest looks good to me.
>
> Thanks!
> Laszlo
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67836): https://edk2.groups.io/g/devel/message/67836
Mute This Topic: https://groups.io/mt/78455897/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list