[edk2-devel] [PATCH 3/3] OvmfPkg/PlatformPei: Mark TPM MMIO range as unencrypted for SEV
Laszlo Ersek
lersek at redhat.com
Fri Apr 23 09:28:51 UTC 2021
On 04/22/21 21:10, Tom Lendacky wrote:
> On 4/22/21 3:39 AM, Laszlo Ersek wrote:
>> On 04/22/21 09:34, Laszlo Ersek wrote:
>>
>>> The new InternalTpmDecryptAddressRange() function should be called
>>> from Tcg2ConfigPeimEntryPoint(), before the latter calls
>>> InternalTpm12Detect(). Regarding error checking... if
>>> InternalTpmDecryptAddressRange() fails, I think we can log an error
>>> message, and hang with CpuDeadLoop().
>>
>
> Unfortunately, this method doesn't work. The OVMF Tcg2ConfigPei.inf file
> uses the SecurityPkg Tpm2DeviceLib library. The SecurityPkg Tpm2DeviceLib
> library's constructor is called before the OVMF Tcg2ConfigPei constructor.
> The Tpm2DeviceLib constructor performs MMIO to the TPM base address and
> fails because the pages haven't been marked unencrypted yet by OVMF
> Tcg2ConfigPei. Some debug output:
>
> Loading PEIM at 0x0007F793000 EntryPoint=0x0007F794E4F Tcg2ConfigPei.efi
> *** DEBUG: InternalTpm2DeviceLibDTpmCommonConstructor:55
> *** DEBUG: Tpm2GetPtpInterface:425
> *** DEBUG: Tpm2IsPtpPresence:51
> MMIO using encrypted memory: FED40000
> !!!! X64 Exception Type - 0D(#GP - General Protection) CPU Apic ID - 00000000 !!!!
Thank you for checking this approach.
Let me re-review this patch from scratch.
Thanks
Laszlo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#74388): https://edk2.groups.io/g/devel/message/74388
Mute This Topic: https://groups.io/mt/82248382/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list