Re: [PATCH] x86: Don't add RNG seed to Linux cmdline for SEV guests

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86: Don't add RNG seed to Linux cmdline for SEV guests

From:	Dov Murik
Subject:	Re: [PATCH] x86: Don't add RNG seed to Linux cmdline for SEV guests
Date:	Wed, 8 Feb 2023 13:27:01 +0200
User-agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1

Hi Daniel,

On 08/02/2023 11:30, Daniel P. Berrangé wrote:
> On Tue, Feb 07, 2023 at 08:41:16AM +0000, Dov Murik wrote:
>> Recent feature to supply RNG seed to the guest kernel modifies the
>> kernel command-line by adding extra data at its end; this breaks
>> measured boot with SEV and OVMF, and possibly signed boot.
> 
> I presume you mean whether it impacts SecureBoot when using
> -kernel with OVMF, but without SEV ?
> 
> IIRC, today OVMF ignores SecureBoot failures when using -kernel,
> but we shouldn't make an assumption of that being the case on
> the QEMU side.
> 

hmm, I'm not sure.  James mentioned something about Fedora attempting to
ship a unified signed kernel+cmdline+initrd package (and this RNG seed
addition to the cmdline will interfere), but maybe I'm confusing other
matters.

-Dov

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH] x86: Don't add RNG seed to Linux cmdline for SEV guests, (continued)
- Re: [PATCH] x86: Don't add RNG seed to Linux cmdline for SEV guests, Daniel P . Berrangé, 2023/02/08
  - Re: [PATCH] x86: Don't add RNG seed to Linux cmdline for SEV guests, Dov Murik <=

Prev by Date: Re: [PATCH] x86: Don't add RNG seed to Linux cmdline for SEV guests
Next by Date: Re: [PATCH] x86: Don't add RNG seed to Linux cmdline for SEV guests
Previous by thread: Re: [PATCH] x86: Don't add RNG seed to Linux cmdline for SEV guests
Next by thread: [PATCH] target/riscv: Remove .min_priv_ver restriction from RVV CSRs
Index(es):
- Date
- Thread