Re: [PATCH 2/3] sev/i386: Warn if using -kernel with invalid OVMF hashes table area

2021-11-05 Thread Dov Murik
On 03/11/2021 18:07, Daniel P. Berrangé wrote: > On Mon, Nov 01, 2021 at 10:21:35AM +, Dov Murik wrote: >> Commit cff03145ed3c ("sev/i386: Introduce sev_add_kernel_loader_hashes >> for measured linux boot", 2021-09-30) introduced measured direct boot >> with -kernel, using an OVMF-designated

Re: [PATCH 2/3] sev/i386: Warn if using -kernel with invalid OVMF hashes table area

2021-11-03 Thread Daniel P . Berrangé
On Mon, Nov 01, 2021 at 10:21:35AM +, Dov Murik wrote: > Commit cff03145ed3c ("sev/i386: Introduce sev_add_kernel_loader_hashes > for measured linux boot", 2021-09-30) introduced measured direct boot > with -kernel, using an OVMF-designated hashes table which QEMU fills. > > However, no checks

Re: [PATCH 2/3] sev/i386: Warn if using -kernel with invalid OVMF hashes table area

2021-11-02 Thread Philippe Mathieu-Daudé
On 11/2/21 19:38, Dr. David Alan Gilbert wrote: > * Dov Murik (dovmu...@linux.ibm.com) wrote: >>> however, maybe it needs to be more thorough before using area->base to >>> qemu_map_ram_ptr? - I think it'll get unhappy if it's a bad address not >>> in a ram block. (Or check you're running over the

Re: [PATCH 2/3] sev/i386: Warn if using -kernel with invalid OVMF hashes table area

2021-11-02 Thread Dr. David Alan Gilbert
* Dov Murik (dovmu...@linux.ibm.com) wrote: > > > On 02/11/2021 14:36, Dr. David Alan Gilbert wrote: > > * Dov Murik (dovmu...@linux.ibm.com) wrote: > >> Commit cff03145ed3c ("sev/i386: Introduce sev_add_kernel_loader_hashes > >> for measured linux boot", 2021-09-30) introduced measured direct bo

Re: [PATCH 2/3] sev/i386: Warn if using -kernel with invalid OVMF hashes table area

2021-11-02 Thread Dov Murik
On 02/11/2021 14:36, Dr. David Alan Gilbert wrote: > * Dov Murik (dovmu...@linux.ibm.com) wrote: >> Commit cff03145ed3c ("sev/i386: Introduce sev_add_kernel_loader_hashes >> for measured linux boot", 2021-09-30) introduced measured direct boot >> with -kernel, using an OVMF-designated hashes tab

Re: [PATCH 2/3] sev/i386: Warn if using -kernel with invalid OVMF hashes table area

2021-11-02 Thread Dr. David Alan Gilbert
* Dov Murik (dovmu...@linux.ibm.com) wrote: > Commit cff03145ed3c ("sev/i386: Introduce sev_add_kernel_loader_hashes > for measured linux boot", 2021-09-30) introduced measured direct boot > with -kernel, using an OVMF-designated hashes table which QEMU fills. > > However, no checks are performed

[PATCH 2/3] sev/i386: Warn if using -kernel with invalid OVMF hashes table area

2021-11-01 Thread Dov Murik
Commit cff03145ed3c ("sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot", 2021-09-30) introduced measured direct boot with -kernel, using an OVMF-designated hashes table which QEMU fills. However, no checks are performed on the validity of the hashes area designated by OVMF.