[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for
|
From: |
Dov Murik |
|
Subject: |
Re: [PATCH v3 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot |
|
Date: |
Fri, 2 Jul 2021 15:29:38 +0300 |
|
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 |
On 01/07/2021 20:23, Connor Kuehl wrote:
> On 6/24/21 3:20 AM, Dov Murik wrote:
>> Add the sev_add_kernel_loader_hashes function to calculate the hashes of
>> the kernel/initrd/cmdline and fill a designated OVMF encrypted hash
>> table area. For this to work, OVMF must support an encrypted area to
>> place the data which is advertised via a special GUID in the OVMF reset
>> table.
>>
>> The hashes of each of the files is calculated (or the string in the case
>> of the cmdline with trailing '\0' included). Each entry in the hashes
>> table is GUID identified and since they're passed through the
>> sev_encrypt_flash interface, the hashes will be accumulated by the PSP
>> measurement (SEV_LAUNCH_MEASURE).
>>
>> Co-developed-by: James Bottomley <jejb@linux.ibm.com>
>> Signed-off-by: James Bottomley <jejb@linux.ibm.com>
>> Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
>> ---
>
> Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
>
Thanks, Connor!
-Dov