From 52fa7e78d282f8434b41aff24b3a5a745611ff87 Mon Sep 17 00:00:00 2001 From: Tom Lendacky Date: Mon, 18 Nov 2024 12:59:32 -0600 Subject: [PATCH] OvmfPkg/PlatformPei: Move NV vars init to after SEV-SNP memory acceptance When OVMF is built with the SECURE_BOOT_ENABLE set to true, reserving and initializing the emulated variable store happens before memory has been accepted under SEV-SNP. This results in a #VC exception for accessing memory that hasn't been validated (error code 0x404). The #VC handler treats this error code as a fatal error, causing the OVMF boot to fail. Move the call to ReserveEmuVariableNvStore() to after memory has been accepted by AmdSevInitialize(). Signed-off-by: Tom Lendacky --- OvmfPkg/PlatformPei/Platform.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c index dc81ce9e2b..7b4ea1b827 100644 --- a/OvmfPkg/PlatformPei/Platform.c +++ b/OvmfPkg/PlatformPei/Platform.c @@ -353,10 +353,6 @@ InitializePlatform ( InitializeRamRegions (PlatformInfoHob); if (PlatformInfoHob->BootMode != BOOT_ON_S3_RESUME) { - if (!PlatformInfoHob->SmmSmramRequire) { - ReserveEmuVariableNvStore (); - } - PeiFvInitialization (PlatformInfoHob); MemTypeInfoInitialization (PlatformInfoHob); MemMapInitialization (PlatformInfoHob); @@ -378,5 +374,15 @@ InitializePlatform ( RelocateSmBase (); } + // + // Performed after CoCo (SEV/TDX) initialization to allow the memory + // used to be validated before being used. + // + if (PlatformInfoHob->BootMode != BOOT_ON_S3_RESUME) { + if (!PlatformInfoHob->SmmSmramRequire) { + ReserveEmuVariableNvStore (); + } + } + return EFI_SUCCESS; }