x86/loader: Don't update kernel header for CoCo VMs

[PATCH] x86/loader: Don't update kernel header for CoCo VMs

Xiaoyao Li posted 1 patch 3 months ago

Download mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20250814092111.2353598-1-xiaoyao.li@intel.com

Maintainers: Paolo Bonzini <pbonzini@redhat.com>, Richard Henderson <richard.henderson@linaro.org>, Eduardo Habkost <eduardo@habkost.net>, "Michael S. Tsirkin" <mst@redhat.com>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>

hw/i386/x86-common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Expand all Fold all

[PATCH] x86/loader: Don't update kernel header for CoCo VMs

Posted by Xiaoyao Li 3 months ago

Update the header makes it different from the original kernel that user
provides via "-kernel", which leads to a different hash and breaks the
attestation, e.g., for TDX.

We already skip it for SEV VMs. Instead of adding another check of
is_tdx_vm() to cover the TDX case, check machine->cgs to cover all the
confidential computing case for x86.

Reported-by: Vikrant Garg <vikrant1garg@gmail.com>
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 hw/i386/x86-common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
index b1b5f11e7396..7512be64d67b 100644
--- a/hw/i386/x86-common.c
+++ b/hw/i386/x86-common.c
@@ -952,7 +952,7 @@ void x86_load_linux(X86MachineState *x86ms,
      * kernel on the other side of the fw_cfg interface matches the hash of the
      * file the user passed in.
      */
-    if (!sev_enabled() && protocol > 0) {
+    if (!MACHINE(x86ms)->cgs && protocol > 0) {
         memcpy(setup, header, MIN(sizeof(header), setup_size));
     }
 
-- 
2.43.0

Re: [PATCH] x86/loader: Don't update kernel header for CoCo VMs

Posted by Paolo Bonzini 3 months ago

On 8/14/25 11:21, Xiaoyao Li wrote:
> Update the header makes it different from the original kernel that user
> provides via "-kernel", which leads to a different hash and breaks the
> attestation, e.g., for TDX.
> 
> We already skip it for SEV VMs. Instead of adding another check of
> is_tdx_vm() to cover the TDX case, check machine->cgs to cover all the
> confidential computing case for x86.
> 
> Reported-by: Vikrant Garg <vikrant1garg@gmail.com>
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>

Applied for 10.2, thanks!

Paolo

>   hw/i386/x86-common.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
> index b1b5f11e7396..7512be64d67b 100644
> --- a/hw/i386/x86-common.c
> +++ b/hw/i386/x86-common.c
> @@ -952,7 +952,7 @@ void x86_load_linux(X86MachineState *x86ms,
>        * kernel on the other side of the fw_cfg interface matches the hash of the
>        * file the user passed in.
>        */
> -    if (!sev_enabled() && protocol > 0) {
> +    if (!MACHINE(x86ms)->cgs && protocol > 0) {
>           memcpy(setup, header, MIN(sizeof(header), setup_size));
>       }
>