Tom, Brijesh, Ard,
I think I found a bug in this patch. I used libfuzzer to test the
VerifyBlob implementation here, and it immediately found a few "read
memory out of range" issues. See details below in VerifyBlob.
If the Guest Owner properly validates the measurement (which includes
the
On 7/20/21 3:04 AM, Dov Murik wrote:
Add an implementation for BlobVerifierLib that locates the SEV hashes
table and verifies that the calculated hashes of the kernel, initrd, and
cmdline blobs indeed match the expected hashes stated in the hashes
table.
If there's a missing hash or a hash
On 7/20/21 3:04 AM, Dov Murik wrote:
> Add an implementation for BlobVerifierLib that locates the SEV hashes
> table and verifies that the calculated hashes of the kernel, initrd, and
> cmdline blobs indeed match the expected hashes stated in the hashes
> table.
>
> If there's a missing hash or a
Add an implementation for BlobVerifierLib that locates the SEV hashes
table and verifies that the calculated hashes of the kernel, initrd, and
cmdline blobs indeed match the expected hashes stated in the hashes
table.
If there's a missing hash or a hash mismatch then EFI_ACCESS_DENIED is
returned