On 3/24/2022 3:58 PM, Gerd Hoffmann wrote:
Hi,
Well, if persistent vars are not supported anyway there is little reason
to split the firmware into CODE and VARS files. You can use just use
OVMF.fd with a single pflash device. libvirt recently got support for
that.
Agreed.
The purpose of using split firmware is that people can share the same
code.fd while using different vars.fd
Using different vars.fd files is pointless though when changes are never
written back ...
Yes, I agree on this.
Off the topic. If we really want to NVRAM capability to TDX guest, 1) we
can use the PV interface issue MMIO write in OVMF, like what SEV does in
OVMF. 2) map OVMF as shared, thus existing pflash works well.
However, both options will expose the content to VMM, which loses
confidentiality.
take care,
Gerd
