From 370811b0170f76a6cce4fd151d96a23d8837e0c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 24 May 2023 19:01:44 +0200 Subject: [PATCH] runtime: Fix TDVF configuration with QEMU TDX MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of setting: ``` firmware = "/path/to/OVMF.fd" firmware_volume = "/path/to/OVMF_VARS.fd" ``` We should either be setting: ``` firmware = "/path/to/OVMF.fd" ``` Or: ``` firmware = "/path/to/OVMF_CODE.fd" firmware_volume = "/path/to/OVMF_VARS.fd" ``` I'm taking the approach to setting up the latter, as that's what's been tested as part of our TDX CI. Fixes: #4926 This patch is the same as #4927, but it ended up reverted somewhere in the CCv0 -> main process, or in the attempts to fix TDX after that. Signed-off-by: Fabiano FidĂȘncio --- src/runtime/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/runtime/Makefile b/src/runtime/Makefile index 931647de33..57ee327b41 100644 --- a/src/runtime/Makefile +++ b/src/runtime/Makefile @@ -152,7 +152,7 @@ SEVKERNELPARAMS := $(AGENTCONFIGFILEKERNELPARAM) agent.enable_signature_verifica SNPKERNELPARAMS := $(AGENTCONFIGFILEKERNELPARAM) agent.enable_signature_verification=false $(AGENT_AA_KBC_PARAMS_SNP) KERNELPARAMS += $(ROOTMEASURECONFIG) agent.enable_signature_verification=false $(AGENT_AA_KBC_PARAMS) -FIRMWARETDVFPATH := $(PREFIXDEPS)/share/tdvf/OVMF.fd +FIRMWARETDVFPATH := $(PREFIXDEPS)/share/tdvf/OVMF_CODE.fd FIRMWARETDVFVOLUMEPATH := $(PREFIXDEPS)/share/tdvf/OVMF_VARS.fd # Name of default configuration file the runtime will use.