On Tue, Nov 02, 2021 at 07:34:20AM +0000, Dov Murik wrote:
> The SEV launch secret area and the QEMU hashes table area were specified
> in the OvmfPkg/AmdSev/AmdSevX64 MEMFD but not in OvmfPkg/OvmfPkgX64 and
> in OvmgPkg/Microvm/MicrovmX64.
>
> This series adds theses MEMFD entries to both targets. It allows QEMU
> to discover the secrets area when performing SEV/SEV-ES secret
> injection, and to properly fill the hashes table (though currently these
> targets do not perform hashes verification when loading
> kernel/initrd/cmdline from QEMU via fw_cfg).
>
> After applying the patches, the MEMFD section of the three targets' fdf
> files is identical:
>
> $ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/OvmfPkgX64.fdf | sha1sum
> 6ff89173952413fbdb7ffbbf42f8bc389c928500 -
> $ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/Microvm/MicrovmX64.fdf | sha1sum
> 6ff89173952413fbdb7ffbbf42f8bc389c928500 -
> $ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/AmdSev/AmdSevX64.fdf | sha1sum
> 6ff89173952413fbdb7ffbbf42f8bc389c928500 -
>
> Code is in:
> https://github.com/confidential-containers-demo/edk2/tree/add-sev-secret-and-hashes
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#83122): https://edk2.groups.io/g/devel/message/83122
Mute This Topic: https://groups.io/mt/86761213/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-