Hi,
On 17/3/22 14:58, Xiaoyao Li wrote:
TDX VM needs to boot with Trust Domain Virtual Firmware (TDVF). Unlike
that OVMF is mapped as rom device, TDVF needs to be mapped as private
memory. This is because TDX architecture doesn't provide read-only
capability for VMM, and it doesn't support instruction emulation due
to guest memory and registers are not accessible for VMM.
On the other hand, OVMF can work as TDVF, which is usually configured
as pflash device in QEMU. To keep the same usage (QEMU parameter),
introduce ram_mode to pflash for TDVF. When it's creating a TDX VM,
ram_mode will be enabled automatically that map the firmware as RAM.
Note, this implies two things:
1. TDVF (OVMF) is not read-only (write-protected).
2. It doesn't support non-volatile UEFI variables as what pflash
supports that the change to non-volatile UEFI variables won't get
synced back to backend vars.fd file.
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
hw/block/pflash_cfi01.c | 25 ++++++++++++++++++-------
hw/i386/pc_sysfw.c | 14 +++++++++++---
2 files changed, 29 insertions(+), 10 deletions(-)
If you don't need a pflash device, don't use it: simply map your nvram
region as ram in your machine. No need to clutter the pflash model like
that.