Hi, > > Just using -bios OVMF.fd might work too. Daniel tried that recently for > > sev, but ran into problems with wiring up ovmf metadata parsing for > > -bios. Don't remember the details though. > > It was related to the BIOS shadowing, whereby QEMU loads it at one > address, and then when CPUs start it is copied to another address. Is this the top 128k of the firmware being copied below 1M so the firmware reset vector is available in real mode address space? > This was not compatible with the way AMD SEV wants to do measurement > of the firmware. May or may not be relevant for TDX, I don't know > enough about TDX to say. TDX boots in 32bit mode, so simply skipping any real mode compatibility stuff shouldn't cause any problems here. Not sure about SEV. There is this SevProcessorReset entry in the ovmf metadata block. Is that the SEV reset vector? If SEV cpu bringup doesn't go through real mode either we maybe can just skip the BIOS shadowing setup for confidential computing guests ... take care, Gerd