On 28/10/2021 11:41, Dov Murik wrote:
>
>
> On 27/10/2021 22:43, Brijesh Singh wrote:
>> Hi Dov,
>>
>> Sorry for coming a bit late on it but I am seeing another issue with
>> this patch. The hash build logic looks for a SEV_HASH_TABLE_RV_GUID in
>> the GUID list. If found, it uses the base
On 27/10/2021 22:43, Brijesh Singh wrote:
> Hi Dov,
>
> Sorry for coming a bit late on it but I am seeing another issue with
> this patch. The hash build logic looks for a SEV_HASH_TABLE_RV_GUID in
> the GUID list. If found, it uses the base address to store the hash'es.
> Looking at the OVMF,
Hi Dov,
Sorry for coming a bit late on it but I am seeing another issue with
this patch. The hash build logic looks for a SEV_HASH_TABLE_RV_GUID in
the GUID list. If found, it uses the base address to store the hash'es.
Looking at the OVMF, it seems that base address for this GUID is zero.
On 10/19/21 1:18 AM, Dov Murik wrote:
On 18/10/2021 21:02, Tom Lendacky wrote:
On 9/30/21 12:49 AM, Dov Murik wrote:
...
+/*
+ * Add the hashes of the linux kernel/initrd/cmdline to an encrypted
guest page
+ * which is included in SEV's initial memory measurement.
+ */
+bool
On 18/10/2021 21:02, Tom Lendacky wrote:
> On 9/30/21 12:49 AM, Dov Murik wrote:
>
> ...
>
>> +/*
>> + * Add the hashes of the linux kernel/initrd/cmdline to an encrypted
>> guest page
>> + * which is included in SEV's initial memory measurement.
>> + */
>> +bool
On 9/30/21 12:49 AM, Dov Murik wrote:
...
+/*
+ * Add the hashes of the linux kernel/initrd/cmdline to an encrypted guest page
+ * which is included in SEV's initial memory measurement.
+ */
+bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
+{
+uint8_t *data;
+
On 30/09/2021 11:32, Daniel P. Berrangé wrote:
>
> Reviewed-by: Daniel P. Berrangé
>
Thanks!
-Dov
On Thu, Sep 30, 2021 at 08:49:14AM +0300, Dov Murik wrote:
> Add the sev_add_kernel_loader_hashes function to calculate the hashes of
> the kernel/initrd/cmdline and fill a designated OVMF encrypted hash
> table area. For this to work, OVMF must support an encrypted area to
> place the data which
Add the sev_add_kernel_loader_hashes function to calculate the hashes of
the kernel/initrd/cmdline and fill a designated OVMF encrypted hash
table area. For this to work, OVMF must support an encrypted area to
place the data which is advertised via a special GUID in the OVMF reset
table.
The