Hi, On 17/3/22 14:58, Xiaoyao Li wrote:
TDX VM needs to boot with Trust Domain Virtual Firmware (TDVF). Unlike that OVMF is mapped as rom device, TDVF needs to be mapped as private memory. This is because TDX architecture doesn't provide read-only capability for VMM, and it doesn't support instruction emulation due to guest memory and registers are not accessible for VMM. On the other hand, OVMF can work as TDVF, which is usually configured as pflash device in QEMU. To keep the same usage (QEMU parameter), introduce ram_mode to pflash for TDVF. When it's creating a TDX VM, ram_mode will be enabled automatically that map the firmware as RAM. Note, this implies two things: 1. TDVF (OVMF) is not read-only (write-protected). 2. It doesn't support non-volatile UEFI variables as what pflash supports that the change to non-volatile UEFI variables won't get synced back to backend vars.fd file. Signed-off-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx> --- hw/block/pflash_cfi01.c | 25 ++++++++++++++++++------- hw/i386/pc_sysfw.c | 14 +++++++++++--- 2 files changed, 29 insertions(+), 10 deletions(-)
If you don't need a pflash device, don't use it: simply map your nvram region as ram in your machine. No need to clutter the pflash model like that. NAcked-by: Philippe Mathieu-Daudé <f4bug@xxxxxxxxx>