Bug 2041754

Summary: Mark SEV launch secret area as reserved
Product: Red Hat Enterprise Linux 8 Reporter: Gerd Hoffmann <kraxel>
Component: edk2Assignee: Paweł Poławski <ppolawsk>
Status: CLOSED ERRATA QA Contact: zixchen
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.5CC: berrange, coli, jferlan, jinzhao, jmaloy, juzhang, jwboyer, kkiwi, kraxel, pbonzini, ppolawsk, virt-maint, xuwei, ymankad
Target Milestone: rcKeywords: RFE, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: edk2-20220126gitbb1bba3d77-2.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2112307 (view as bug list) Environment:
Last Closed: 2022-05-10 14:26:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2018386, 2041755    
Bug Blocks: 2112307    

Description Gerd Hoffmann 2022-01-18 08:36:41 UTC 
backport needed:

commit 079a58276b98dc97ca363e3bc8b35cc7baa56d76
Author: Dov Murik <dovmurik.com>
Date:   Tue Jan 4 15:16:40 2022 +0800

    OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved
    
    Mark the SEV launch secret MEMFD area as reserved, which will allow the
    guest OS to use it during the lifetime of the OS, without creating
    copies of the sensitive content.
Comment 1 Klaus Heinrich Kiwi 2022-01-19 13:31:16 UTC 
Same as RHEL-9 bz
Comment 2 Paweł Poławski 2022-01-20 03:11:26 UTC 
Should this backport be performed on top of latest rebase? This way I can close this BZ as a part of rebase.
Comment 10 zixchen 2022-03-04 09:02:56 UTC 
Test with edk2-ovmf-20220126gitbb1bba3d77-2.el8.noarch.rpm, no issue found.

Version:
edk2-ovmf-20220126gitbb1bba3d77-2.el8.noarch.rpm
kernel-4.18.0-369.el8.x86_64
qemu-kvm-6.2.0-8.module+el8.6.0+14324+050a5215.x86_64

SEV regression test passed:
https://beaker.engineering.redhat.com/jobs/6364468
Comment 11 Yanan Fu 2022-03-04 11:09:59 UTC 
QE bot(pre verify): Set 'Verified:Tested,SanityOnly' as gating/tier1 test pass.
Comment 16 errata-xmlrpc 2022-05-10 14:26:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (edk2 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:1948