On 14.03.25 15:08, Gerd Hoffman wrote:
Hi,
Ok, assuming we allow the guest submit a IGVM image (which makes sense
indeed, otherwise we'll probably end up re-inventing IGVM). How will
the kernel hashes be handled then? I assume they will not be part of
the igvm image, but they must be part of the launch measurement ...
The kernel hashes must be embedded in the IGVM image by the time you invoke
vmfwupdate. That means when you generate the FUKI, you take 4 inputs:
Generic firmware image, kernel, initramfs, cmdline. Out of those, you
generate and embed an IGVM image that consists of the firmware image as well
as the kernel hash page.
If your input firmware image already is an IGVM (say coconut), what is
supposed to happen?
I'll leave the details to Jörg on how he envisions it, but IIUC the flow
for a "readily assembled IGVM" is different. In case of a COCONUT-SVSM
IGVM, you expect chaining of trust. So the SVSM implements a TPM which
then the OS would use with measured boot etc etc.
It's a fundamentally different concept from FUKI. But it could share the
same vmfwupdate mechanism to load.
Alex
