From 66c24219ade92b85b24f3ce29b988d187a9f6517 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Wed, 24 Apr 2024 14:00:29 +0800 Subject: [PATCH] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests The VirtHstiDxe does not work in confidential guests. There also isn't anything we can reasonably test, neither flash storage nor SMM mode will be used in that case. So just skip driver load when running in a confidential guest. Cc: Ard Biesheuvel Cc: Jiewen Yao Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash check") Signed-off-by: Gerd Hoffmann Tested-by: Srikanth Aithal Reviewed-by: Jiewen Yao --- OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 6 ++++++ OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 + 2 files changed, 7 insertions(+) diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c index b6e53a1219d1..efaff0d1f3cb 100644 --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint ( EFI_STATUS Status; EFI_EVENT Event; + if (PcdGet64 (PcdConfidentialComputingGuestAttr)) { + DEBUG ((DEBUG_INFO, "%a: confidential guest\n", __func__)); + return EFI_UNSUPPORTED; + } + DevId = VirtHstiGetHostBridgeDevId (); switch (DevId) { case INTEL_82441_DEVICE_ID: diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf index 9514933011e8..b5c237288766 100644 --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf @@ -49,6 +49,7 @@ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire [Pcd] + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase