[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 2/2] x86/sev: generate SEV kernel loader hashes in x86_loa
From: |
Connor Kuehl |
Subject: |
Re: [PATCH v2 2/2] x86/sev: generate SEV kernel loader hashes in x86_load_linux |
Date: |
Tue, 22 Jun 2021 15:55:42 -0500 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 |
On 6/21/21 2:05 PM, Dov Murik wrote:
> If SEV is enabled and a kernel is passed via -kernel, pass the hashes of
> kernel/initrd/cmdline in an encrypted guest page to OVMF for SEV
> measured boot.
>
> Co-developed-by: James Bottomley <jejb@linux.ibm.com>
> Signed-off-by: James Bottomley <jejb@linux.ibm.com>
> Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
> ---
> hw/i386/x86.c | 25 ++++++++++++++++++++++++-
> 1 file changed, 24 insertions(+), 1 deletion(-)
>
> diff --git a/hw/i386/x86.c b/hw/i386/x86.c
> index ed796fe6ba..5c46463d9f 100644
> --- a/hw/i386/x86.c
> +++ b/hw/i386/x86.c
> @@ -45,6 +45,7 @@
> #include "hw/i386/fw_cfg.h"
> #include "hw/intc/i8259.h"
> #include "hw/rtc/mc146818rtc.h"
> +#include "target/i386/sev_i386.h"
>
> #include "hw/acpi/cpu_hotplug.h"
> #include "hw/irq.h"
> @@ -778,6 +779,7 @@ void x86_load_linux(X86MachineState *x86ms,
> const char *initrd_filename = machine->initrd_filename;
> const char *dtb_filename = machine->dtb;
> const char *kernel_cmdline = machine->kernel_cmdline;
> + KernelLoaderContext kernel_loader_context = {};
>
> /* Align to 16 bytes as a paranoia measure */
> cmdline_size = (strlen(kernel_cmdline) + 16) & ~15;
> @@ -924,6 +926,8 @@ void x86_load_linux(X86MachineState *x86ms,
> fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_ADDR, cmdline_addr);
> fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE, strlen(kernel_cmdline) + 1);
> fw_cfg_add_string(fw_cfg, FW_CFG_CMDLINE_DATA, kernel_cmdline);
> + kernel_loader_context.cmdline_data = (char *)kernel_cmdline;
> + kernel_loader_context.cmdline_size = strlen(kernel_cmdline) + 1;
I just wanted to check my understanding: I'm guessing you didn't set
`kernel_loader_context.cmdline_size` to `cmdline_size` (defined above)
so guest owners don't have to be aware of whatever alignment precaution
QEMU takes when producing their own measurement, right?
Otherwise:
Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
Re: [PATCH v2 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot, Dov Murik, 2021/06/22
Re: [PATCH v2 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot, Connor Kuehl, 2021/06/22
[PATCH v2 2/2] x86/sev: generate SEV kernel loader hashes in x86_load_linux, Dov Murik, 2021/06/21
- Re: [PATCH v2 2/2] x86/sev: generate SEV kernel loader hashes in x86_load_linux,
Connor Kuehl <=