On 10/11/19 01:17, Lendacky, Thomas wrote:
> On 10/3/19 10:12 AM, Tom Lendacky wrote:
>> On 10/3/19 5:32 AM, Laszlo Ersek wrote:
>>> On 10/03/19 12:12, Laszlo Ersek wrote:
>>>>   UINT32   ApEntryPoint;
>>>>   EFI_GUID SevEsFooterGuid;
>>>>   UINT16   Size;
>>> It's probably better to reverse the order of "Size" and
>>> "SevEsFooterGuid", like this:
>>>   UINT32   ApEntryPoint;
>>>   UINT16   Size;
>>>   EFI_GUID SevEsFooterGuid;
>>> because then even the "Size" field can be changed (or resized), as a
>>> function of the footer GUID.
>> Cool, I'll look into doing this and see how it works out.
> Just an update on this idea. This has worked out well, but has a couple of
> caveats. Removing the Qemu change to make the flash mapped read-only in
> the nested page tables, caused the following:
> 1. QemuFlashDetected() will attempt to detect how the flash memory device
>    behaves. Because it is marked as read-only by the hypervisor, writing
>    to the area results in a #NPF for the write-fault. With SEV-ES,
>    emulation of the instruction can't be performed (can't read guest
>    memory and not provided the faulting instruction bytes), so the vCPU is
>    just restarted. This results in an infinite #NPF occurring.
>    The solution here was to check for SEV-ES being enabled and just return
>    false from QemuFlashDetected(). Any downfalls to doing that?

Short-circuiting QemuFlashDetected() on SEV-ES seems appropriate.

However, I don't understand why you return FALSE in that case. You
should return TRUE. If QemuFlashDetected() returns FALSE, then the UEFI
variable store will not be backed by the real pflash chip, it will be
emulated with an \NvVars file on the EFI system partition. That
emulation should really not be used nowadays.

So IMO the right approach here is:
- declare that SEV-ES only targets the "two pflash chips" setup
- return TRUE from QemuFlashDetected() when SEV-ES is on.

> 2. Commit 2db0ccc2d7fe ("UefiCpuPkg: Update CpuExceptionHandlerLib pass
>    XCODE5 tool chain") causes a similar situation to #1. It attempts to do
>    some address fixups and write to the flash device.

That's... stunning.

Commit 2db0ccc2d7fe changes the file


such that it does in-place binary patching.

This source file is referenced from:


as well. Note "SecPei".

That makes the commit buggy, to my eyes, regardless of SEV-ES. Because:

The binary patching appears to occur in the SEC phase as well, i.e. at a
time when the exception handler is located in flash. That's incorrect on
physical hardware too.

Upon re-reading <https://bugzilla.tianocore.org/show_bug.cgi?id=849>,
this commit worked around an XCODE toolchain bug.

Unfortunately, the workaround is not suitable for the SEC phase. (Also
not suitable for the PEI phase, for such PEIMs that still execute from

Please open a new bug for UefiCpuPkg in the TianoCore Bugzilla,
reference BZ#849 in the See Also field, and please also make the new bug
block BZ#2198.

(I'll comment on this issue in a different thread too; I'll CC you on it.)

>    Reverting that commit fixes the issue. I don't think that will be an
>    acceptable solution, though, so need to think about what to do here.
> After those two changes, the above method works well.

I'm happy to hear!


Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#48807): https://edk2.groups.io/g/devel/message/48807
Mute This Topic: https://groups.io/mt/34203585/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]

Reply via email to