On Mon, Jun 3, 2024 at 1:55 PM Daniel P. Berrangé <berrange@xxxxxxxxxx> wrote: > I really wish we didn't have to introduce this though - is there really > no way to make it possible to use pflash for both CODE & VARS with SNP, > as is done with traditional VMs, so we don't diverge in setup, needing > yet more changes up the mgmt stack ? No, you cannot use pflash for CODE in either SNP or TDX. The hardware does not support it. One possibility is to only support non-pflash-based variable store. This is not yet in QEMU, but it is how both AWS and Google implemented UEFI variables and I think Gerd was going to work on it for QEMU. Paolo
