|
From: | Paolo Bonzini |
Subject: | Re: [PATCH v3 2/2] sev: update sev-inject-launch-secret to make gpa optional |
Date: | Fri, 5 Feb 2021 11:58:26 +0100 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 |
On 05/02/21 10:51, Daniel P. Berrangé wrote:
+ if (!pc_system_ovmf_table_find(SEV_SECRET_GUID, &data, NULL)) { + error_setg(errp, "SEV: no secret area found in OVMF," + " gpa must be specified."); + return; + }IIUC, historically QEMU has gone out of its way to avoid creating a direct dependancy on specific firmware implementation details such as this, so this whole approach makes me feel really uneasy.
The problem here is that this secret must be measured and therefore cannot be extracted by the guest out of fw_cfg. Note that there's no reason why other firmware than OVMF could not adopt the same interface.
Paolo
[Prev in Thread] | Current Thread | [Next in Thread] |