Re: [PATCH 0/3] SEV: fixes for -kernel launch with incompatible OVMF

[Daniel P . Berrangé]

On Tue, Nov 02, 2021 at 03:22:24PM +0200, Dov Murik wrote:
> 
> 
> On 02/11/2021 12:52, Brijesh Singh wrote:
> > Hi Dov,
> > 
> > Overall the patch looks good, only question I have is that now we are
> > enforce qemu to hash the kernel, initrd and cmdline unconditionally for
> > any of the SEV guest launches. This requires anyone wanting to
> > calculating the expected measurement need to account for it. Should we
> > make the hash page build optional ?
> > 
> 
> The problem with adding a -enable-add-kernel-hashes QEMU option (or
> suboption) is yet another complexity for the user.

I don't view that as complexity - rather it is the user being explicit
about what their requirements are. If they ask for the kernel hashes
and we can't honour that, we can now give them a clear error and
exit instead of carrying on with a broken setup.

If they don't ask for kernel hashes, we can skip the whole bit and
not have a problem with bogus warnings or back compatibilty worries.


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|