Hi,
Please see inline
чт, 31 дек. 2020 г. в 20:39, James Bottomley :
>
> For AMD SEV environments, the grub boot password has to be retrieved
> from a given memory location rather than prompted for. This means
> that the standard password getter needs to be replaced with one that
> gets the pass
This module is designed to provide an efisecret command which
interrogates the EFI configuration table to find the location of the
confidential computing secret and tries to register the secret with
the cryptodisk.
The secret is stored in a boot allocated area, usually a page in size.
The layout o
Make use of the new OS provided secrets API so that if the new '-s'
option is passed in we try to extract the secret from the API rather
than prompting for it.
The primary consumer of this is AMD SEV, which has been programmed to
provide an injectable secret to the encrypted virtual machine. OVMF
For AMD SEV environments, the grub boot password has to be retrieved
from a given memory location rather than prompted for. This means
that the standard password getter needs to be replaced with one that
gets the passphrase from the SEV area and uses that instead. Adding
the password getter as a
v3: make password getter specify prompt requirement. Update for TDX:
Make name more generic and expand size of secret area
https://github.com/tianocore/edk2/commit/96201ae7bf97c3a2c0ef386110bb93d25e9af1ba
https://github.com/tianocore/edk2/commit/caf8b3872ae2ac961c9fdf4d1d2c5d072c207
