Hi Jason, James,
On 01/02/2023 17:24, James Bottomley wrote: > On Wed, 2023-02-01 at 10:10 -0500, Jason A. Donenfeld wrote: >> This is already fixed via the patch that MST just sent in his pull. >> So wait a few days for that to be merged and it'll be all set. >> >> No need for this patch here. Do not merge. > > If it's not a secret, would it be too much trouble to point to the > branch so we can actually test it? It does seem that the biggest > problem this issue shows is that there wasn't wide enough configuration > testing done on the prior commits before they were merged. > I assume it is: ---- ... are available in the Git repository at: https://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream for you to fetch changes up to f5cb612867d3b10b86d6361ba041767e02c1b127: docs/pcie.txt: Replace ioh3420 with pcie-root-port (2023-01-28 06:21:30 -0500) ---- I checked out this branch and started an SEV guest with measured boot and it fails during hash verification in OVMF: BlobVerifierLibSevHashesConstructor: Found injected hashes table in secure location VerifyBlob: Found GUID 4DE79437-ABD2-427F-B835-D5B172D2045B in table VerifyBlob: Hash comparison succeeded for "kernel" VerifyBlob: Found GUID 44BAF731-3A2F-4BD7-9AF1-41E29169781D in table VerifyBlob: Hash comparison succeeded for "initrd" VerifyBlob: Found GUID 97D02DD8-BD20-4C94-AA78-E7714D36AB2A in table VerifyBlob: Hash comparison failed for "cmdline" (before that patch it was failing on the "kernel" hash.) I haven't yet examined the suggested fix patch ("[PULL 10/56] x86: don't let decompressed kernel image clobber setup_data") - just ran the simple test above. -Dov