On 7/20/21 3:04 AM, Dov Murik wrote:
Add an implementation for BlobVerifierLib that locates the SEV hashes table and verifies that the calculated hashes of the kernel, initrd, and cmdline blobs indeed match the expected hashes stated in the hashes table. If there's a missing hash or a hash mismatch then EFI_ACCESS_DENIED is returned which will cause a failure to load a kernel image. Cc: Ard Biesheuvel <[email protected]> Cc: Jordan Justen <[email protected]> Cc: Ashish Kalra <[email protected]> Cc: Brijesh Singh <[email protected]> Cc: Erdem Aktas <[email protected]> Cc: James Bottomley <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Min Xu <[email protected]> Cc: Tom Lendacky <[email protected]> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Co-developed-by: James Bottomley <[email protected]> Signed-off-by: James Bottomley <[email protected]> Signed-off-by: Dov Murik <[email protected]> ---
Reviewed-by: Brijesh Singh <[email protected]> thanks -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77984): https://edk2.groups.io/g/devel/message/77984 Mute This Topic: https://groups.io/mt/84328241/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
