On Thu, Jun 24, 2021 at 10:20:38AM +0000, Dov Murik wrote: > Currently booting with -kernel/-initrd/-append is not supported in SEV > confidential guests, because the content of these blobs is not measured > and therefore not trusted by the SEV guest. > > However, in some cases the kernel, initrd, and cmdline are not secret > but should not be modified by the host. In such a case, we want to > verify inside the trusted VM that the kernel, initrd, and cmdline are > indeed the ones expected by the Guest Owner, and only if that is the > case go on and boot them up (removing the need for grub inside OVMF in > that mode). > > To support that, OVMF adds a special area for hashes of > kernel/initrd/cmdline; that area is expected to be filled by QEMU and > encrypted as part of the initial SEV guest launch. This in turn makes > the hashes part of the PSP measured content, and OVMF can trust these > inputs if they match the hashes. > > This series adds an SEV function to generate the table of hashes for > OVMF and encrypt it (patch 1/2), and calls this function if SEV is > enabled when the kernel/initrd/cmdline are prepared (patch 2/2). > > Corresponding OVMF support was submitted to edk2-devel [1] (patch series > "Measured SEV boot with kernel/initrd/cmdline"); it's still under > review. > > [1] https://edk2.groups.io/g/devel/topic/patch_v1_0_8_measured_sev/83074450
Now that I figured the measurement angle Acked-by: Michael S. Tsirkin <m...@redhat.com> > --- > > v3 changes: > - initrd hash is now mandatory; if no -initrd is passed, calculate the > hash of the empty buffer. This is now aligned with the OVMF > behaviour which verifies the empty initrd (correctly). > - make SevHashTable entries fixed: 3 entries for cmdline, initrd, and kernel. > - in sev_add_kernel_loader_hashes: first calculate all the hashes, only then > fill-in the hashes table in the guest's memory. > - Use g_assert_not_reached in sev-stub.c. > - Use QEMU_PACKED attribute for structs. > - Use QemuUUID type for guids. > - in sev_add_kernel_loader_hashes: use ARRAY_SIZE(iov) instead of literal 2. > > v2: > https://lore.kernel.org/qemu-devel/20210621190553.1763020-1-dovmu...@linux.ibm.com/ > v2 changes: > - Extract main functionality to sev.c (with empty stub in sev-stub.c) > - Use sev_enabled() instead of machine->cgs->ready to detect SEV guest > - Coding style changes > > v1: > https://lore.kernel.org/qemu-devel/20210525065931.1628554-1-dovmu...@linux.ibm.com/ > > Dov Murik (2): > sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux > boot > x86/sev: generate SEV kernel loader hashes in x86_load_linux > > target/i386/sev_i386.h | 12 ++++ > hw/i386/x86.c | 25 +++++++- > target/i386/sev-stub.c | 5 ++ > target/i386/sev.c | 137 +++++++++++++++++++++++++++++++++++++++++ > 4 files changed, 178 insertions(+), 1 deletion(-) > > > base-commit: b22726abdfa54592d6ad88f65b0297c0e8b363e2 > -- > 2.25.1
