On Fri, Mar 14, 2025 at 03:50:19PM +0100, Alexander Graf wrote:
>
> On 14.03.25 15:08, Gerd Hoffman wrote:
> > Hi,
> >
> > > > Ok, assuming we allow the guest submit a IGVM image (which makes sense
> > > > indeed, otherwise we'll probably end up re-inventing IGVM). How will
> > > > the kernel hashes be handled then? I assume they will not be part of
> > > > the igvm image, but they must be part of the launch measurement ...
> > > The kernel hashes must be embedded in the IGVM image by the time you
> > > invoke
> > > vmfwupdate. That means when you generate the FUKI, you take 4 inputs:
> > > Generic firmware image, kernel, initramfs, cmdline. Out of those, you
> > > generate and embed an IGVM image that consists of the firmware image as
> > > well
> > > as the kernel hash page.
> > If your input firmware image already is an IGVM (say coconut), what is
> > supposed to happen?
>
> I'll leave the details to Jörg on how he envisions it, but IIUC the flow for
> a "readily assembled IGVM" is different. In case of a COCONUT-SVSM IGVM, you
> expect chaining of trust. So the SVSM implements a TPM which then the OS
> would use with measured boot etc etc.
Well, I don't consider igvm being useful for svsm only. Shipping
standard edk2 as igvm looks useful to me. Main benefit: pre-calculate
launch measurements without having to know qemu internals.
> It's a fundamentally different concept from FUKI.
Hmm? IGVM is just a different way to ship the firmware (and optionally
more).
> But it could share the same vmfwupdate mechanism to load.
Yep. But we have to sort the details.
(1) How we are going to load kernel + initrd in case the firmware is
igvm? Just update the igvm to also include linux kernel and
initrd (see parallel reply from Jörg)? If so, how does the
launched firmware find the kernel + initrd?
While digging around in the igvm spec I've seen there is the
concept of 'parameters'. Can this be used to pass on the memory
location of kernel + initrd + cmdline? Maybe the kernel hashes too?
(2) Will the igvm be generated on the fly from FUKI data? Or should
the distros ship igvm images with firmware + kernel + initrd?
(3) How we are going to handle uki add-ons?
(4) Do we want keep the region list? Or declare that igvm should be
used in case a single region is not enough? Or even go all-in and
use IGVM exclusively?
take care,
Gerd
