Re: [PATCH v3 1/2] sev/i386: Introduce sev_add_kernel_loader

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for

From:	Dov Murik
Subject:	Re: [PATCH v3 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot
Date:	Wed, 29 Sep 2021 12:39:32 +0300
User-agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0


On 27/09/2021 20:00, Daniel P. Berrangé wrote:
> On Wed, Aug 25, 2021 at 07:35:37AM +0000, Dov Murik wrote:
>> Add the sev_add_kernel_loader_hashes function to calculate the hashes of
>> the kernel/initrd/cmdline and fill a designated OVMF encrypted hash
>> table area.  For this to work, OVMF must support an encrypted area to
>> place the data which is advertised via a special GUID in the OVMF reset
>> table.
>>
>> The hashes of each of the files is calculated (or the string in the case
>> of the cmdline with trailing '\0' included).  Each entry in the hashes
>> table is GUID identified and since they're passed through the
>> sev_encrypt_flash interface, the hashes will be accumulated by the PSP
>> measurement (SEV_LAUNCH_MEASURE).
>>
>> Co-developed-by: James Bottomley <jejb@linux.ibm.com>
>> Signed-off-by: James Bottomley <jejb@linux.ibm.com>
>> Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
>> Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
>> ---
>>  target/i386/sev_i386.h |  12 ++++
>>  target/i386/sev-stub.c |   5 ++
>>  target/i386/sev.c      | 137 +++++++++++++++++++++++++++++++++++++++++
>>  3 files changed, 154 insertions(+)
>>
>> diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h
>> index ae6d840478..deb3eec409 100644
>> --- a/target/i386/sev_i386.h
>> +++ b/target/i386/sev_i386.h
>> @@ -28,6 +28,17 @@
>>  #define SEV_POLICY_DOMAIN       0x10
>>  #define SEV_POLICY_SEV          0x20
>>  
>> +typedef struct KernelLoaderContext {
>> +    char *setup_data;
>> +    size_t setup_size;
>> +    char *kernel_data;
>> +    size_t kernel_size;
>> +    char *initrd_data;
>> +    size_t initrd_size;
>> +    char *cmdline_data;
>> +    size_t cmdline_size;
>> +} KernelLoaderContext;
> 
> I'd expect the struct to have 'Sev' as its name prefix, in common
> with everything else SEV related that's exported here. 

Yes, you're right.  I'll fix that.

-Dov

> 
>> +
>>  extern bool sev_es_enabled(void);
>>  extern uint64_t sev_get_me_mask(void);
>>  extern SevInfo *sev_get_info(void);
>> @@ -37,5 +48,6 @@ extern char *sev_get_launch_measurement(void);
>>  extern SevCapability *sev_get_capabilities(Error **errp);
>>  extern SevAttestationReport *
>>  sev_get_attestation_report(const char *mnonce, Error **errp);
>> +extern bool sev_add_kernel_loader_hashes(KernelLoaderContext *ctx, Error 
>> **errp);
> 
> Regards,
> Daniel
>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH v3 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot, Daniel P . Berrangé, 2021/09/27
- Re: [PATCH v3 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot, Dov Murik <=

Prev by Date: Re: [PATCH 0/1] vmx: Fix <genid/> mapping
Next by Date: Re: [PATCH v3 2/2] x86/sev: generate SEV kernel loader hashes in x86_load_linux
Previous by thread: Re: [PATCH v3 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot
Next by thread: [PULL 00/21] Integration testing patches for 2021-09-27
Index(es):
- Date
- Thread