edk2/SOURCES/0033-OvmfPkg-PlatformPei-Move-NV-vars-init-to-after-SEV-S.patch

From 6fc76f3572566a83a34bb26d21e16c0e75de3609 Mon Sep 17 00:00:00 2001
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Mon, 18 Nov 2024 12:59:32 -0600
Subject: [PATCH] OvmfPkg/PlatformPei: Move NV vars init to after SEV-SNP
 memory acceptance

When OVMF is built with the SECURE_BOOT_ENABLE set to true, reserving and
initializing the emulated variable store happens before memory has been
accepted under SEV-SNP. This results in a #VC exception for accessing
memory that hasn't been validated (error code 0x404). The #VC handler
treats this error code as a fatal error, causing the OVMF boot to fail.

Move the call to ReserveEmuVariableNvStore() to after memory has been
accepted by AmdSevInitialize().

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
(cherry picked from commit 52fa7e78d282f8434b41aff24b3a5a745611ff87)
---
 OvmfPkg/PlatformPei/Platform.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index 05b924f99f..54903cfca2 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -365,10 +365,6 @@ InitializePlatform (
   InitializeRamRegions (PlatformInfoHob);
 
   if (PlatformInfoHob->BootMode != BOOT_ON_S3_RESUME) {
-    if (!PlatformInfoHob->SmmSmramRequire) {
-      ReserveEmuVariableNvStore ();
-    }
-
     PeiFvInitialization (PlatformInfoHob);
     MemTypeInfoInitialization (PlatformInfoHob);
     MemMapInitialization (PlatformInfoHob);
@@ -391,5 +387,15 @@ InitializePlatform (
     RelocateSmBase ();
   }
 
+  //
+  // Performed after CoCo (SEV/TDX) initialization to allow the memory
+  // used to be validated before being used.
+  //
+  if (PlatformInfoHob->BootMode != BOOT_ON_S3_RESUME) {
+    if (!PlatformInfoHob->SmmSmramRequire) {
+      ReserveEmuVariableNvStore ();
+    }
+  }
+
   return EFI_SUCCESS;
 }