* Daniel P. Berrangé (berra...@redhat.com) wrote:
> On Thu, Feb 10, 2022 at 07:39:01PM +, Dr. David Alan Gilbert wrote:
> > * Daniel P. Berrangé (berra...@redhat.com) wrote:
> > > I wonder if we're thinking of this at the wrong level though. Does
> > > it actually need to be QEMU providing this
On 31/01/2022 16:26, Daniel P. Berrangé wrote:
[...]
>
> IOW, I think there's only two scenarios that make sense
>
> 1. The combined launch digest over firmware, kernel hashes
>and VMSA state.
>
> 2. Individual hashes for each of firmware, kernel hashes table and
>VMSA state
>
Just
On Thu, Feb 10, 2022 at 07:39:01PM +, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrangé (berra...@redhat.com) wrote:
> > I wonder if we're thinking of this at the wrong level though. Does
> > it actually need to be QEMU providing this info to the guest owner ?
> >
> > Guest owners aren't go
* Daniel P. Berrangé (berra...@redhat.com) wrote:
> On Mon, Jan 31, 2022 at 03:38:47PM +0200, Dov Murik wrote:
> >
> >
> > On 31/01/2022 13:44, Daniel P. Berrangé wrote:
> > > On Mon, Jan 31, 2022 at 11:15:39AM +, Dov Murik wrote:
> > >> Currently the responses of QMP commands query-sev-launc
On 1/31/22 9:26 AM, Daniel P. Berrangé wrote:
>
> Ok, so the usage scenario is that the platform owner is deciding
> which OVMF build in use, not the guest owner. That guest owner just
> knows that it is an OVMF build from a set of builds published by the
> platform owner. Good enough if you
On Mon, Jan 31, 2022 at 03:38:47PM +0200, Dov Murik wrote:
>
>
> On 31/01/2022 13:44, Daniel P. Berrangé wrote:
> > On Mon, Jan 31, 2022 at 11:15:39AM +, Dov Murik wrote:
> >> Currently the responses of QMP commands query-sev-launch-measure and
> >> query-sev-attestation-report return just th
On 31/01/2022 13:44, Daniel P. Berrangé wrote:
> On Mon, Jan 31, 2022 at 11:15:39AM +, Dov Murik wrote:
>> Currently the responses of QMP commands query-sev-launch-measure and
>> query-sev-attestation-report return just the signed measurement. In
>> order to validate it, the Guest Owner must
On Mon, Jan 31, 2022 at 11:15:39AM +, Dov Murik wrote:
> Currently the responses of QMP commands query-sev-launch-measure and
> query-sev-attestation-report return just the signed measurement. In
> order to validate it, the Guest Owner must know the exact guest launch
> digest, besides other ho
Currently the responses of QMP commands query-sev-launch-measure and
query-sev-attestation-report return just the signed measurement. In
order to validate it, the Guest Owner must know the exact guest launch
digest, besides other host and guest properties which are included in
the measurement.
The