From cbb9fe8b812429910832b7874624fc483a9f4329 Mon Sep 17 00:00:00 2001
From: Tobin Feldman-Fitzthum <tobin@ibm.com>
Date: Tue, 16 May 2023 02:27:20 +0000
Subject: [PATCH] config: Use standard OVMF with SEV

The AmdSev firmware package should be used with
measured direct boot. If the expected hashes are not
injected into the firmware binary by the VMM, the
guest will not boot. This is required for security.

Currently the main branch does not have the extended
shim support for SEV, which tells the VMM to inject
the expected hashes.

We ship the standard OVMF package to use with SNP,
so let's switch SEV to that for now. This will need
to be changed back when shim support for SEV(-ES)
is added to main.

Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
---
 src/runtime/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/runtime/Makefile b/src/runtime/Makefile
index 7628dc43dd..7e264dfeac 100644
--- a/src/runtime/Makefile
+++ b/src/runtime/Makefile
@@ -130,7 +130,7 @@ FIRMWAREVOLUMEPATH :=
 FIRMWARETDVFPATH := $(PREFIXDEPS)/share/tdvf/OVMF.fd
 FIRMWARETDVFVOLUMEPATH :=
 
-FIRMWARESEVPATH := $(PREFIXDEPS)/share/ovmf/AMDSEV.fd
+FIRMWARESEVPATH := $(PREFIXDEPS)/share/ovmf/OVMF.fd
 FIRMWARESNPPATH := $(PREFIXDEPS)/share/ovmf/OVMF.fd
 
 # Name of default configuration file the runtime will use.