t; ; Dov Murik
> Subject: Re: [edk2-devel] [PATCH v4 10/11] OvmfPkg: add
> BlobVerifierLibSevHashes
>
>
> Here's the diff from the v3 of this patch. It's supposed to catch
> more cases of bad length fields overflowing the reserved MEMFD space or
> the declared length of
Here's the diff from the v3 of this patch. It's supposed to catch
more cases of bad length fields overflowing the reserved MEMFD space or
the declared length of the table.
diff --git a/OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c
b/OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHash
Add an implementation for BlobVerifierLib that locates the SEV hashes
table and verifies that the calculated hashes of the kernel, initrd, and
cmdline blobs indeed match the expected hashes stated in the hashes
table.
If there's a missing hash or a hash mismatch then EFI_ACCESS_DENIED is
returned
