On 7/20/21 3:03 AM, Dov Murik wrote:
From: James Bottomley <[email protected]> Split the existing 4KB page reserved for SEV launch secrets into two parts: first 3KB for SEV launch secrets and last 1KB for firmware config hashes. The area of the firmware config hashes will be attested (measured) by the PSP and thus the untrusted VMM can't pass in different files from what the guest owner allows. Declare this in the Reset Vector table using GUID 7255371f-3a3b-4b04-927b-1da6efa8d454 and a uint32_t table of a base and size value (similar to the structure used to declare the launch secret block). Cc: Ard Biesheuvel <[email protected]> Cc: Jordan Justen <[email protected]> Cc: Ashish Kalra <[email protected]> Cc: Brijesh Singh <[email protected]> Cc: Erdem Aktas <[email protected]> Cc: James Bottomley <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Min Xu <[email protected]> Cc: Tom Lendacky <[email protected]> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Co-developed-by: Dov Murik <[email protected]> Signed-off-by: Dov Murik <[email protected]> Signed-off-by: James Bottomley <[email protected]> Reviewed-by: Tom Lendacky <[email protected]>
Reviewed-by: Brijesh Singh <[email protected]> thanks -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77976): https://edk2.groups.io/g/devel/message/77976 Mute This Topic: https://groups.io/mt/84328240/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
