Branch: refs/heads/master
Home: https://github.com/tianocore/edk2
Commit: c2d8e9236787270384bab6af9d9db0071468e9e5
https://github.com/tianocore/edk2/commit/c2d8e9236787270384bab6af9d9db0071468e9e5
Author: Jacob Xu <jacob...@google.com>
Date: 2025-04-17 (Thu, 17 Apr 2025)
Changed paths:
M SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmSvsm.inf
M SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpmSvsm.inf
M SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2PtpSvsmShim.c
Log Message:
-----------
SecurityPkg-Tpm2DeviceLibDTpm: Check SNP enabled prior to using AmdSvsmLib
AmdSvsmLib currently doesn't check if SNP enabled, thus using AmdSvsmLib
may errantly cause the caller code to believe SVSM is present. This
leads to boot failure on non-SNP enabled VMs.
We use the PcdConfidentialComputingGuestAttr since it remains valid
after MpInitLib runs which invalidates PcdSevEsWorkArea's cached
sev-status msr which we use to check for SNP enabled in other places.
The added functions ConfidentialComputingGuestHas() and
AmdMemEncryptionAttrCheck() are copied from MpLib.c, which is intended
to be replaced later on with a more minimal library perhaps in MdePkg to
cleanup some of the circular dependencies currently surrounding SvsmLib.
Signed-off-by: Jacob Xu <jacob...@google.com>
Signed-off-by: Oliver Steffen <ostef...@redhat.com>
Suggested-by: Tom Lendacky <thomas.lenda...@amd.com>
To unsubscribe from these emails, change your notification settings at
https://github.com/tianocore/edk2/settings/notifications
_______________________________________________
edk2-commits mailing list
edk2-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-commits
