mirror of
https://github.com/acidanthera/audk.git
synced 2025-04-08 17:05:09 +02:00
0adc35fccd
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4186 Commit 079a58276b98 ("OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved") marked the launch secret area itself (1 page) as reserved so the guest OS can use it during the lifetime of the OS. However, the address and size of the secret area held in the CONFIDENTIAL_COMPUTING_SECRET_LOCATION struct are declared as STATIC in OVMF (in AmdSev/SecretDxe); therefore there's no guarantee that it will not be written over by OS data. Fix this by allocating the memory for the CONFIDENTIAL_COMPUTING_SECRET_LOCATION struct with the EfiACPIReclaimMemory memory type to ensure the guest OS will not reuse this memory. Fixes: 079a58276b98 ("OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret ...") Signed-off-by: Dov Murik <dovmurik@linux.ibm.com> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>