Hi Michael, [+cc Connor, Dave]
On 03/07/2021 19:42, Michael S. Tsirkin wrote: > On Tue, May 25, 2021 at 06:59:31AM +0000, Dov Murik wrote: >> From: James Bottomley <j...@linux.ibm.com> >> >> If the VM is using memory encryption and also specifies a kernel/initrd >> or appended command line, calculate the hashes and add them to the >> encrypted data. For this to work, OVMF must support an encrypted area >> to place the data which is advertised via a special GUID in the OVMF >> reset table (if the GUID doesn't exist, the user isn't allowed to pass >> in the kernel/initrd/cmdline via the fw_cfg interface). > > Sorry about asking basic questions so late in the game. No worries. Please noice there's a newer version: https://lore.kernel.org/qemu-devel/20210624102040.2015280-1-dovmu...@linux.ibm.com/ > I'm a bit curious why this feature makes sense. If someone can play > with a Linux kernel command line isn't it pretty much game over security > wise? What protections does Linux have against malicious actors > manipulating the command line? > You're right -- if the host can modify the kernel command-line it's a game over. This is why this patch (together with the corresponding OVMF patches; still under review) measures and verifies the content of the kernel blob and the initrd blob *and* the command-line blob. Any modification/omission of any of them by the host will make the expected SEV PSP measurement invalid, which should then indicate to the Guest Owner that something is wrong with this guest. At that point the Guest Owner should refuse to inject secrets into the guest (and also complain to the Cloud Service Provider). -Dov
