The SEV launch secret area and the QEMU hashes table area were specified
in the OvmfPkg/AmdSev/AmdSevX64 MEMFD but not in OvmfPkg/OvmfPkgX64 and
in OvmgPkg/Microvm/MicrovmX64.
This series adds theses MEMFD entries to both targets. It allows QEMU
to discover the secrets area when performing SEV/SEV-ES secret
injection, and to properly fill the hashes table (though currently these
targets do not perform hashes verification when loading
kernel/initrd/cmdline from QEMU via fw_cfg).
After applying the patches, the MEMFD section of the three targets' fdf
files is identical:
$ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/OvmfPkgX64.fdf | sha1sum
6ff89173952413fbdb7ffbbf42f8bc389c928500 -
$ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/Microvm/MicrovmX64.fdf |
sha1sum
6ff89173952413fbdb7ffbbf42f8bc389c928500 -
$ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/AmdSev/AmdSevX64.fdf | sha1sum
6ff89173952413fbdb7ffbbf42f8bc389c928500 -
Code is in:
https://github.com/confidential-containers-demo/edk2/tree/add-sev-secret-and-hashes
Cc: Ard Biesheuvel <[email protected]>
Cc: Jordan Justen <[email protected]>
Cc: Gerd Hoffmann <[email protected]>
Cc: Brijesh Singh <[email protected]>
Cc: Erdem Aktas <[email protected]>
Cc: James Bottomley <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Min Xu <[email protected]>
Cc: Tom Lendacky <[email protected]>
Dov Murik (2):
OvmfPkg/OvmfPkgX64: Add SEV launch secret and hashes table areas to
MEMFD
OvmfPkg/Microvm: Add SEV launch secret and hashes table areas to MEMFD
OvmfPkg/Microvm/MicrovmX64.fdf | 8 +++++++-
OvmfPkg/OvmfPkgX64.fdf | 8 +++++++-
2 files changed, 14 insertions(+), 2 deletions(-)
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#83097): https://edk2.groups.io/g/devel/message/83097
Mute This Topic: https://groups.io/mt/86761213/21656
Group Owner: [email protected]
Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
