Reference: https://bugzilla.tianocore.org/show_bug.cgi?id=4031
This patch is similar to the c477b2783f patch for Td guest. Host VMM may inject OptionRom which is untrusted in Sev guest. So PCI OptionRom needs to be ignored if it is Sev guest. According to "Table 20. ACPI 2.0 & 3.0 QWORD Address Space Descriptor Usage" PI spec 1.7, type-specific flags can be set to 0 when Address Translation Offset == 6 to skip device option ROM. Without this patch, Sev guest may shows invalid MMIO opcode error as following: Invalid MMIO opcode (F6) ASSERT /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202202/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c(1041): ((BOOLEAN)(0==1)) Signed-off-by: "Lee, Chun-Yi" <[email protected]> --- .../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c | 5 +++-- .../IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c index 2d385d26ef..269e6c2b91 100644 --- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c +++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.c @@ -16,6 +16,7 @@ #include <Library/DebugLib.h> #include <Library/MemoryAllocationLib.h> +#include <Library/MemEncryptSevLib.h> #include <Library/PcdLib.h> #include <Library/UefiBootServicesTableLib.h> @@ -264,7 +265,7 @@ CheckDevice ( // // In Td guest OptionRom is not allowed. // - if (TdIsEnabled ()) { + if (TdIsEnabled () || MemEncryptSevIsEnabled()) { Length += sizeof mOptionRomConfiguration; } @@ -286,7 +287,7 @@ CheckDevice ( CopyMem (Ptr, &mMmio64Configuration, sizeof mMmio64Configuration); Length = sizeof mMmio64Configuration; - if (TdIsEnabled ()) { + if (TdIsEnabled () || MemEncryptSevIsEnabled()) { CopyMem (Ptr + Length, &mOptionRomConfiguration, sizeof mOptionRomConfiguration); Length += sizeof mOptionRomConfiguration; } diff --git a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf index c3e6bb9447..be2b883c40 100644 --- a/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf +++ b/OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf @@ -25,6 +25,7 @@ [LibraryClasses] DebugLib + MemEncryptSevLib MemoryAllocationLib PcdLib UefiBootServicesTableLib -- 2.12.3 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92813): https://edk2.groups.io/g/devel/message/92813 Mute This Topic: https://groups.io/mt/93248346/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
