In SEV-enabled mode we need to reload the BIOS image on loader reset, this
will ensure that BIOS image gets encrypted and included as part of launch
meausrement on guest reset.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
hw/core/loader.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/hw/core/loader.c b/hw/core/loader.c
index 53e0e41..9b03bfe 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -55,6 +55,7 @@
#include "exec/address-spaces.h"
#include "hw/boards.h"
#include "qemu/cutils.h"
+#include "sysemu/kvm.h"
#include <zlib.h>
@@ -1011,7 +1012,11 @@ static void rom_reset(void *unused)
cpu_physical_memory_write_rom(&address_space_memory,
rom->addr, rom->data, rom->datasize);
}
- if (rom->isrom) {
+
+ /* reload the rom on SEV-enabled guest so that it gets included into
+ * guest memory measurement on system reset.
+ */
+ if (!kvm_sev_enabled() && rom->isrom) {
/* rom needs to be written only once */
g_free(rom->data);
rom->data = NULL;
