Re: [PATCH v4 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot

2021-11-01 Thread Dov Murik
On 28/10/2021 11:41, Dov Murik wrote: > > > On 27/10/2021 22:43, Brijesh Singh wrote: >> Hi Dov, >> >> Sorry for coming a bit late on it but I am seeing another issue with >> this patch. The hash build logic looks for a SEV_HASH_TABLE_RV_GUID in >> the GUID list. If found, it uses the base

Re: [PATCH v4 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot

2021-10-28 Thread Dov Murik
On 27/10/2021 22:43, Brijesh Singh wrote: > Hi Dov, > > Sorry for coming a bit late on it but I am seeing another issue with > this patch. The hash build logic looks for a SEV_HASH_TABLE_RV_GUID in > the GUID list. If found, it uses the base address to store the hash'es. > Looking at the OVMF,

Re: [PATCH v4 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot

2021-10-27 Thread Brijesh Singh
Hi Dov, Sorry for coming a bit late on it but I am seeing another issue with this patch. The hash build logic looks for a SEV_HASH_TABLE_RV_GUID in the GUID list. If found, it uses the base address to store the hash'es. Looking at the OVMF, it seems that base address for this GUID is zero.

Re: [PATCH v4 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot

2021-10-20 Thread Tom Lendacky
On 10/19/21 1:18 AM, Dov Murik wrote: On 18/10/2021 21:02, Tom Lendacky wrote: On 9/30/21 12:49 AM, Dov Murik wrote: ... +/* + * Add the hashes of the linux kernel/initrd/cmdline to an encrypted guest page + * which is included in SEV's initial memory measurement. + */ +bool

Re: [PATCH v4 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot

2021-10-19 Thread Dov Murik
On 18/10/2021 21:02, Tom Lendacky wrote: > On 9/30/21 12:49 AM, Dov Murik wrote: > > ... > >> +/* >> + * Add the hashes of the linux kernel/initrd/cmdline to an encrypted >> guest page >> + * which is included in SEV's initial memory measurement. >> + */ >> +bool

Re: [PATCH v4 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot

2021-10-18 Thread Tom Lendacky
On 9/30/21 12:49 AM, Dov Murik wrote: ... +/* + * Add the hashes of the linux kernel/initrd/cmdline to an encrypted guest page + * which is included in SEV's initial memory measurement. + */ +bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) +{ +uint8_t *data; +

Re: [PATCH v4 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot

2021-09-30 Thread Dov Murik
On 30/09/2021 11:32, Daniel P. Berrangé wrote: > > Reviewed-by: Daniel P. Berrangé > Thanks! -Dov

Re: [PATCH v4 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot

2021-09-30 Thread Daniel P . Berrangé
On Thu, Sep 30, 2021 at 08:49:14AM +0300, Dov Murik wrote: > Add the sev_add_kernel_loader_hashes function to calculate the hashes of > the kernel/initrd/cmdline and fill a designated OVMF encrypted hash > table area. For this to work, OVMF must support an encrypted area to > place the data which

[PATCH v4 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot

2021-09-30 Thread Dov Murik
Add the sev_add_kernel_loader_hashes function to calculate the hashes of the kernel/initrd/cmdline and fill a designated OVMF encrypted hash table area. For this to work, OVMF must support an encrypted area to place the data which is advertised via a special GUID in the OVMF reset table. The