From 66c24219ade92b85b24f3ce29b988d187a9f6517 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Wed, 24 Apr 2024 14:00:29 +0800 Subject: OvmfPkg/VirtHstiDxe: do not load driver in confidential guests The VirtHstiDxe does not work in confidential guests. There also isn't anything we can reasonably test, neither flash storage nor SMM mode will be used in that case. So just skip driver load when running in a confidential guest. Cc: Ard Biesheuvel Cc: Jiewen Yao Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash check") Signed-off-by: Gerd Hoffmann Tested-by: Srikanth Aithal Reviewed-by: Jiewen Yao --- OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 6 ++++++ OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 + 2 files changed, 7 insertions(+) (limited to 'OvmfPkg') diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c index b6e53a1..efaff0d 100644 --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint ( EFI_STATUS Status; EFI_EVENT Event; + if (PcdGet64 (PcdConfidentialComputingGuestAttr)) { + DEBUG ((DEBUG_INFO, "%a: confidential guest\n", __func__)); + return EFI_UNSUPPORTED; + } + DevId = VirtHstiGetHostBridgeDevId (); switch (DevId) { case INTEL_82441_DEVICE_ID: diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf index 9514933..b5c2372 100644 --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf @@ -49,6 +49,7 @@ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire [Pcd] + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase -- cgit v1.1