On Mon, 27 Nov 2023 at 21:04, Tom Lendacky <thomas.lenda...@amd.com> wrote: > > On 3/20/23 05:06, Gerd Hoffmann wrote: > > On Thu, Mar 02, 2023 at 09:15:30AM +0000, Dov Murik wrote: > >> AMD SEV and SEV-ES support measured direct boot with > >> kernel/initrd/cmdline hashes injected by QEMU and verified by OVMF > >> during boot. > >> > >> To enable the same approach for AMD SEV-SNP, we declare the kernel > >> hashes page in the SNP metadata list as a new region type. When QEMU > >> encounters that region in the list, it will insert the hashes of > >> kernel/initrd/cmdline and encrypt the page (or, if the user turned off > >> kernel hashes, it will validate the page as a zero page). > >> > >> The first patch rearranges the pages in AmdSevX64's MEMFD so they are in > >> the same order both as in the main target (OvmfPkgX64), with the > >> exception of the SEV Launch Secret page which isn't defined in > >> OvmfPkgX64. > >> > >> The second patch modifies the SNP metadata structure such that on > >> AmdSev target the SEV Launch Secret page is explicitly defined in SNP > >> metadata list, and therefore it is not included in the ranges that are > >> pre-validated (zero pages) by the VMM; instead the VMM will insert > >> content into this page (the hashes table), or mark it explicitly as a > >> zero page if no hashes are added. > >> > >> This series is available at: > >> https://github.com/confidential-containers-demo/edk2/tree/snp-kernel-hashes-v3 > >> > >> A corresponding QEMU RFC series will be published soon in qemu-devel, or > >> use this tree: > >> https://github.com/confidential-containers-demo/qemu/tree/snp-kernel-hashes-v3 > > > > For the series: > > Acked-by: Gerd Hoffmann <kra...@redhat.com> > > I've noticed that series was never picked up. Any chance that this can be > merged? >
Queued up now Apologies for the delay. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111808): https://edk2.groups.io/g/devel/message/111808 Mute This Topic: https://groups.io/mt/97335488/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
