On Tue, Nov 02, 2021 at 07:34:20AM +0000, Dov Murik wrote: > The SEV launch secret area and the QEMU hashes table area were specified > in the OvmfPkg/AmdSev/AmdSevX64 MEMFD but not in OvmfPkg/OvmfPkgX64 and > in OvmgPkg/Microvm/MicrovmX64. > > This series adds theses MEMFD entries to both targets. It allows QEMU > to discover the secrets area when performing SEV/SEV-ES secret > injection, and to properly fill the hashes table (though currently these > targets do not perform hashes verification when loading > kernel/initrd/cmdline from QEMU via fw_cfg). > > After applying the patches, the MEMFD section of the three targets' fdf > files is identical: > > $ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/OvmfPkgX64.fdf | sha1sum > 6ff89173952413fbdb7ffbbf42f8bc389c928500 - > $ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/Microvm/MicrovmX64.fdf | > sha1sum > 6ff89173952413fbdb7ffbbf42f8bc389c928500 - > $ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/AmdSev/AmdSevX64.fdf | > sha1sum > 6ff89173952413fbdb7ffbbf42f8bc389c928500 - > > Code is in: > https://github.com/confidential-containers-demo/edk2/tree/add-sev-secret-and-hashes
Acked-by: Gerd Hoffmann <kra...@redhat.com> take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#83122): https://edk2.groups.io/g/devel/message/83122 Mute This Topic: https://groups.io/mt/86761213/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
