My only comment is the AmdSev.asm file header should be updated. The file function needs to be changed and there should only be a single copyright statement for AMD from 2017 to now 2021. Thanks, Tom

I believe PcdOvmfSecGhcbBackupBase can be cleared early. For SEV-ES, it isn't shared with the hypervisor, so clearing it before activating the pagetables can be done (it will be treated as encrypted b

Is the memory area guaranteed to be zeroed for legacy guests? Hopefully, this won't trip up a non-TDX guest with a false match (highly unlikely, though). If you clear ebx here... ... you can remove th

I believe the convention is that this line be in the individual patch commit messages just like this (i.e. with the BZ: tag and the first line), not as a Ref: tag at the end of the commit message. I'l

Reviewed-by: Tom Lendacky <thomas.lendacky@...>

A comment about the use of INT32 in the for loop to protect against a large entry length value would be useful. I don't think it's worth another version, but if you have to make any updates it would b

Reviewed-by: Tom Lendacky <thomas.lendacky@...>

Reviewed-by: Tom Lendacky <thomas.lendacky@...>

Reviewed-by: Tom Lendacky <thomas.lendacky@...>

Reviewed-by: Tom Lendacky <thomas.lendacky@...>

I guess that it should probably be BlobVerifierLibSevHashes just for consistency, but I'm not sure whether there's a convention for BASE_NAME. Thanks, Tom

I think this is OK for Ovmf (others on the email, please double check me). Ovmf includes its own version of ResetVector.nasmb (in place of Vtf0.nasmb) which includes its own version of Ia32/PageTables

Reviewed-by: Tom Lendacky <thomas.lendacky@...>

Same comments here as were made on the Null library instance. Any reason for this not to be a UINT16 like the struct or mHashesTableSize? Maybe search for and find the Guid (done in the for loop below

Reviewed by: Tom Lendacky <thomas.lendacky@...>

Can you just unconditionally perform: RoundedSize = ALIGN_VALUE (RoundedSize, EFI_PAGE_SIZE); Or use ALIGN_VALUE () in the if statement if you don't want to do it unconditionally? Or even use ALIGN_VA

Just a nit, but the ");" should be under the "C" in CurrentBlob. Thanks, Tom

You can specify the INF_VERSION using x.y format now, and I believe the latest is 1.29. Typically, the NULL libraries would be named BlobVerifierLibNull. Is this library (and associated include below)

Just a nit, but this confused me initially. Maybe it should say something along the lines of create a QemuKernel.c for PlatformBootManagerLibGrub that is an exact copy of the file from PlatformBootMan

This BZ link should be part of all the commit messages in the series. Thanks, Tom