On 25/03/05 03:18PM, Fiona Ebner wrote: > Am 24.02.25 um 13:37 schrieb Philipp Giersfeld: > > AMD SEV-SNP boots with a single volatile firmware image OVMF.fd via the > > -bios option. > > > > Currently, an SEV-enabled VM will not boot with an OVMF > > firmware that was compiled with `SECURE_BOOT_ENABLE` [1]. > > > > Furthermore, during testing, SEV-enabled amchines did not boot with > > `SMM_REQUIRE`. > > > > Therefore, introduce a new target build-ovmf-cvm that builds OVMF > > firmware suitable for AMD SEV. > > > > [1] https://github.com/tianocore/edk2/pull/6285 > > > > This has been merged in edk2-stable202502, which is already out now. I'd > prefer going directly for that tag. Can we avoid splitting out the > SMM_REQUIRE flag then? > (Assuming you mean the SECURE_BOOT flag) Yes, I also prefer going directly for edk2-stable202502. I already tested it briefly and will prepare an updated version of the patch.
Splitting out SMM cannot be avoided since SEV-ES and SEV-SNP do not support it [1,2]. [1] https://www.qemu.org/docs/master/system/i386/amd-memory-encryption.html [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
