Re: [edk2-devel] [PATCH v3 11/11] OvmfPkg/AmdSev: Enforce hash verification of kernel blobs

On 7/20/21 3:04 AM, Dov Murik wrote: > In the AmdSevX64 build, use BlobVerifierLibSevHashes to enforce > verification of hashes of the kernel/initrd/cmdline blobs fetched from > firmware config. > > This allows for secure (measured) boot of SEV guests with QEMU's > -kernel/-initrd/-append

[edk2-devel] [PATCH v3 11/11] OvmfPkg/AmdSev: Enforce hash verification of kernel blobs

In the AmdSevX64 build, use BlobVerifierLibSevHashes to enforce verification of hashes of the kernel/initrd/cmdline blobs fetched from firmware config. This allows for secure (measured) boot of SEV guests with QEMU's -kernel/-initrd/-append switches (with the corresponding QEMU support for