On 7/20/21 3:04 AM, Dov Murik wrote:
Add an implementation for BlobVerifierLib that locates the SEV hashes table and verifies that the calculated hashes of the kernel, initrd, and cmdline blobs indeed match the expected hashes stated in the hashes table. If there's a missing hash or a hash mismatch then EFI_ACCESS_DENIED is returned which will cause a failure to load a kernel image. Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org> Cc: Jordan Justen <jordan.l.jus...@intel.com> Cc: Ashish Kalra <ashish.ka...@amd.com> Cc: Brijesh Singh <brijesh.si...@amd.com> Cc: Erdem Aktas <erdemak...@google.com> Cc: James Bottomley <j...@linux.ibm.com> Cc: Jiewen Yao <jiewen....@intel.com> Cc: Min Xu <min.m...@intel.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Co-developed-by: James Bottomley <j...@linux.ibm.com> Signed-off-by: James Bottomley <j...@linux.ibm.com> Signed-off-by: Dov Murik <dovmu...@linux.ibm.com> ---
Reviewed-by: Brijesh Singh <brijesh.si...@amd.com> thanks -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77984): https://edk2.groups.io/g/devel/message/77984 Mute This Topic: https://groups.io/mt/84328241/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
