automatic import of edk2openeuler24.03_LTS openeuler23.09

author: CoprDistGit <infra@openeuler.org> 2024-08-01 14:44:22 +0000
committer: CoprDistGit <infra@openeuler.org> 2024-08-01 14:44:22 +0000
commit: 641da27ad73e8f09c40e8b093dcf824c0ee4d02a (patch)
tree: 5c8e4f5928100c6dd587e063b7b1de59d2236845 /0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
parent: bac9f1a06357b69667a40f0cb2ab674767947337 (diff)
1 files changed, 121 insertions, 0 deletions
diff --git a/0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch b/0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
new file mode 100644
index 0000000..8148351
--- /dev/null
+++ b/0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
@@ -0,0 +1,121 @@
+From c916516d37fb50c187020bd01da21cca85c8e83a Mon Sep 17 00:00:00 2001
+From: Oliver Steffen <osteffen@redhat.com>
+Date: Wed, 16 Aug 2023 12:09:40 +0200
+Subject: [PATCH] OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only)
+
+RH-Author: Oliver Steffen <osteffen@redhat.com>
+RH-MergeRequest: 46: OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only)
+RH-Bugzilla: 2218196
+RH-Acked-by: Gerd Hoffmann <None>
+RH-Commit: [1/1] 9bf3bb989e36253aa34bf82ecfe8faa7312e8d22 (osteffen/edk2)
+
+Add a callback at the end of the Dxe phase that sets the
+"FB_NO_REBOOT" variable under the Shim GUID.
+This is a workaround for a boot loop in case a confidential
+guest that uses shim is booted with a vtpm device present.
+
+BZ 2218196
+
+Signed-off-by: Oliver Steffen <osteffen@redhat.com>
+
+patch_name: edk2-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
+present_in_specfile: true
+location_in_specfile: 44
+---
+ OvmfPkg/AmdSevDxe/AmdSevDxe.c   | 42 +++++++++++++++++++++++++++++++++
+ OvmfPkg/AmdSevDxe/AmdSevDxe.inf |  2 ++
+ 2 files changed, 44 insertions(+)
+
+diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+index d497a343d3..0eb88e50ff 100644
+--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
++++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+@@ -19,6 +19,7 @@
+ #include <Library/MemoryAllocationLib.h>
+ #include <Library/UefiBootServicesTableLib.h>
+ #include <Guid/ConfidentialComputingSevSnpBlob.h>
++#include <Guid/GlobalVariable.h>
+ #include <Library/PcdLib.h>
+ #include <Pi/PiDxeCis.h>
+ #include <Protocol/SevMemoryAcceptance.h>
+@@ -28,6 +29,10 @@
+ // Present, initialized, tested bits defined in MdeModulePkg/Core/Dxe/DxeMain.h
+ #define EFI_MEMORY_INTERNAL_MASK  0x0700000000000000ULL
+ 
++static EFI_GUID  ShimLockGuid = {
++  0x605dab50, 0xe046, 0x4300, { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 }
++};
++
+ STATIC
+ EFI_STATUS
+ AllocateConfidentialComputingBlob (
+@@ -191,6 +196,32 @@ STATIC EDKII_MEMORY_ACCEPT_PROTOCOL  mMemoryAcceptProtocol = {
+   AmdSevMemoryAccept
+ };
+ 
++VOID
++EFIAPI
++PopulateVarstore (
++  EFI_EVENT  Event,
++  VOID       *Context
++  )
++{
++  EFI_SYSTEM_TABLE  *SystemTable = (EFI_SYSTEM_TABLE *)Context;
++  EFI_STATUS        Status;
++
++  DEBUG ((DEBUG_INFO, "Populating Varstore\n"));
++  UINT32  data = 1;
++
++  Status = SystemTable->RuntimeServices->SetVariable (
++                                           L"FB_NO_REBOOT",
++                                           &ShimLockGuid,
++                                           EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
++                                           sizeof (data),
++                                           &data
++                                           );
++  ASSERT_EFI_ERROR (Status);
++
++  Status = SystemTable->BootServices->CloseEvent (Event);
++  ASSERT_EFI_ERROR (Status);
++}
++
+ EFI_STATUS
+ EFIAPI
+ AmdSevDxeEntryPoint (
+@@ -203,6 +234,7 @@ AmdSevDxeEntryPoint (
+   UINTN                                     NumEntries;
+   UINTN                                     Index;
+   CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  *SnpBootDxeTable;
++  EFI_EVENT                                 PopulateVarstoreEvent;
+ 
+   //
+   // Do nothing when SEV is not enabled
+@@ -361,5 +393,15 @@ AmdSevDxeEntryPoint (
+                   );
+   }
+ 
++  Status = gBS->CreateEventEx (
++                  EVT_NOTIFY_SIGNAL,
++                  TPL_CALLBACK,
++                  PopulateVarstore,
++                  SystemTable,
++                  &gEfiEndOfDxeEventGroupGuid,
++                  &PopulateVarstoreEvent
++                  );
++  ASSERT_EFI_ERROR (Status);
++
+   return EFI_SUCCESS;
+ }
+diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+index e7c7d526c9..09cbd2b0ca 100644
+--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
++++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+@@ -54,6 +54,8 @@
+ [Guids]
+   gConfidentialComputingSevSnpBlobGuid
+   gEfiEventBeforeExitBootServicesGuid
++  gEfiEndOfDxeEventGroupGuid              ## CONSUMES ## Event
++
+ 
+ [Pcd]
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
author	CoprDistGit <infra@openeuler.org>	2024-08-01 14:44:22 +0000
committer	CoprDistGit <infra@openeuler.org>	2024-08-01 14:44:22 +0000
commit	641da27ad73e8f09c40e8b093dcf824c0ee4d02a (patch)
tree	5c8e4f5928100c6dd587e063b7b1de59d2236845 /0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
parent	bac9f1a06357b69667a40f0cb2ab674767947337 (diff)