Hi, > > (1) How we are going to load kernel + initrd in case the firmware is > > igvm? Just update the igvm to also include linux kernel and > > initrd (see parallel reply from Jörg)? If so, how does the > > launched firmware find the kernel + initrd? > > While digging around in the igvm spec I've seen there is the > > concept of 'parameters'. Can this be used to pass on the memory > > location of kernel + initrd + cmdline? Maybe the kernel hashes too? > > I don't know. But even if not, the only thing customers can actually reason > about is a combined hash of firmware + kernel + initrd + cmdline. Whether we > assemble that using an edk2 IGVM plus parameters or by generating an IGVM > from a "proprietary format" such as the edk2 BIOS blob plus a generated > kernel hash page does not really make a difference from the user's point of > view.
Maybe not from the user's point of view, but surely for the vmfwupdate interface design and for the launch measurement calculations. When using igvm parameters for the kernel hashes we need to pass on (at least) two items via vmfwupdate API: The igvm image itself and the kernel hashes, so the VMM can fill the parameters for launch. I tend to think it makes sense to keep the region list, so we can actually pass on multiple items if needed, and simply add region flags to declare that a region is an IGVM image. take care, Gerd
