[pve-devel] [PATCH edk2-firmware 3/4] Add SCSI in NCCFV for TD guest
Anton Iacobaeus
anton.iacobaeus at canarybit.eu
Tue Sep 16 09:52:48 CEST 2025
From: Philipp Giersfeld <philipp.giersfeld at canarybit.eu>
The FV in `IntelTdx/IntelTdxX64.fdf` was split into two FVs, one for a
TD guest and one for non-cc guest. The SCSI driver was moved to the
non-cc NCCFV. In order for PVE to use an image with SCSI include the
SCSI driver in the FV for TD guest.
Signed-off-by: Philipp Giersfeld <philipp.giersfeld at canarybit.eu>
Signed-off-by: Anton Iacobaeus <anton.iacobaeus at canarybit.eu>
---
.../patches/Enable_SCSI_IntelTdx_DXEFV.patch | 52 +++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 53 insertions(+)
create mode 100644 debian/patches/Enable_SCSI_IntelTdx_DXEFV.patch
diff --git a/debian/patches/Enable_SCSI_IntelTdx_DXEFV.patch b/debian/patches/Enable_SCSI_IntelTdx_DXEFV.patch
new file mode 100644
index 0000000..5f9c40d
--- /dev/null
+++ b/debian/patches/Enable_SCSI_IntelTdx_DXEFV.patch
@@ -0,0 +1,52 @@
+diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
+index c05761ab..02807c37 100644
+--- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf
++++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
+@@ -204,6 +204,16 @@ INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf
+ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
+ INF OvmfPkg/Virtio10Dxe/Virtio10.inf
+ INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
++INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
++!if $(PVSCSI_ENABLE) == TRUE
++INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
++!endif
++!if $(MPT_SCSI_ENABLE) == TRUE
++INF OvmfPkg/MptScsiDxe/MptScsiDxe.inf
++!endif
++!if $(LSI_SCSI_ENABLE) == TRUE
++INF OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf
++!endif
+
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+@@ -223,6 +233,8 @@ INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
+ INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
+ INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
+ INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
++INF MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
++INF MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+ INF MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
+ INF MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
+ INF MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
+@@ -290,21 +302,9 @@ READ_LOCK_STATUS = TRUE
+ # DXE Phase modules
+ #
+ INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+-INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
+-!if $(PVSCSI_ENABLE) == TRUE
+-INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
+-!endif
+-!if $(MPT_SCSI_ENABLE) == TRUE
+-INF OvmfPkg/MptScsiDxe/MptScsiDxe.inf
+-!endif
+-!if $(LSI_SCSI_ENABLE) == TRUE
+-INF OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf
+-!endif
+ INF MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
+ INF MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
+ INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
+-INF MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+-INF MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+ INF MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf
+ INF MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf
+ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
diff --git a/debian/patches/series b/debian/patches/series
index f9e3582..c0155a2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@ Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch
ArmVirtPkg-disable-the-EFI_MEMORY_ATTRIBUTE-protocol.patch
Revert-UefiCpuPkg-Produce-EFI-memory-attributes-prot.patch
UefiCpuPkg-MpInitLib-Fix-split-lock-violation-from-M.patch
+Enable_SCSI_IntelTdx_DXEFV.patch
--
2.43.0
More information about the pve-devel
mailing list