On Tue, Sep 20, 2022 at 01:38:05PM +0000, Lu, Ken wrote:
> > > Hi Ard, I think it better let creator to measure instead of consumer
> > > to measure like today's implementation in grub[1]. The creator here
> > > means who load/create it. In direct boot, it is OVMF read kernel
> > > command line and initrd image.
> >
> > Nope. OVMF just places kernel, initrd and cmdline images into a virtual
> > filesystem (see QemuKernelLoaderFsDxe), so the linux kernel efi stub is
> > able to
> > load things using the efi file protocol.
>
> So there are two types loaders:
> 1. QemuKernelLoaderFsDxe - this way just put kernel/initrd blob into a FS
> for any future's usage, may be continue boot or not.
> 2. QemuLoadKernelImage, - this is consumed by TryRunningQemuKernel() -
> standard Qemu direct boot path
Nope. QemuLoadKernelImage loads the linux kernel from the virtual
filesystem created by QemuKernelLoaderFsDxe. And for the initrd it'll
just pass 'inittd=initrd' and the stub loads it.
We have two variants:
GenericQemuLoadImageLib - supports efi stub only
X86QemuLoadImageLib - has fallback code paths for the legacy
pre-efi-stub boot protocol (guess that
is the one grub has deprecated for 2.06).
So, yes, with the legacy protocol there is no stub which can measure
things, but for the snake of confidential computing we can completely
ignore that. Kernels which are *that* old certainly will not have
support for SEV / TDX ...
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#93993): https://edk2.groups.io/g/devel/message/93993
Mute This Topic: https://groups.io/mt/93737108/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
