tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-04-08 17:05:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

OvmfPkg/VirtHstiDxe: do not load driver in confidential guests

Browse Source 
The VirtHstiDxe does not work in confidential guests.  There also isn't
anything we can reasonably test, neither flash storage nor SMM mode will
be used in that case.  So just skip driver load when running in a
confidential guest.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash check")
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Srikanth Aithal <sraithal@amd.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Gerd Hoffmann 2024-04-24 14:00:29 +08:00 committed by mergify[bot]
parent 90b6725562
commit 66c24219ad
2 changed files with 7 additions and 0 deletions
OvmfPkg/VirtHstiDxe
VirtHstiDxe.cVirtHstiDxe.inf

6
OvmfPkg/VirtHstiDxe/VirtHstiDxe.c

@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/MemoryAllocationLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiLib.h>
#include <Library/PcdLib.h>
#include <Library/PlatformInitLib.h>
#include <IndustryStandard/Hsti.h>
@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint (
EFI_STATUS Status;
EFI_EVENT Event;
if (PcdGet64 (PcdConfidentialComputingGuestAttr)) {
DEBUG ((DEBUG_INFO, "%a: confidential guest\n", __func__));
return EFI_UNSUPPORTED;
}
DevId = VirtHstiGetHostBridgeDevId ();
switch (DevId) {
case INTEL_82441_DEVICE_ID:

1
OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf

@ -49,6 +49,7 @@
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
[Pcd]
gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase