[Resending due to missing Cc in actual patches emails.] (Note: This is a new version of this one-year-old patch series; the v1 series [1] got a few Acked-by but it's been so long that I don't consider them relevant anymore.)
AMD SEV and SEV-ES support measured direct boot with kernel/initrd/cmdline hashes injected by QEMU and verified by OVMF during boot. To enable the same approach for AMD SEV-SNP we make sure the page in which QEMU inserts the hashes of kernel/initrd/cmdline is not already pre-validated, as SNP doesn't allow validating a page twice. The first patch rearranges the pages in AmdSevX64's MEMFD so they are in the same order both as in the main target (OvmfPkgX64), with the exception of the SEV Launch Secret page which isn't defined in OvmfPkgX64. The second patch modifies the SNP metadata structure such that on AmdSev target the SEV Launch Secret page is not included in the ranges that are pre-validated (zero pages) by the VMM; instead the VMM will insert content into this page (the hashes table), or mark it explicitly as a zero page if no hashes are added. This series is available at: https://github.com/confidential-containers-demo/edk2/tree/snp-kernel-hashes-v2 The corresponding RFC patch series for QEMU is in: https://lore.kernel.org/qemu-devel/[email protected]/ or use this tree: https://github.com/confidential-containers-demo/qemu/tree/snp-kernel-hashes-v2 Cc: Ard Biesheuvel <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Jordan Justen <[email protected]> Cc: Gerd Hoffmann <[email protected]> Cc: Erdem Aktas <[email protected]> Cc: James Bottomley <[email protected]> Cc: Min Xu <[email protected]> Cc: Tom Lendacky <[email protected]> Cc: Michael Roth <[email protected]> Cc: Ashish Kalra <[email protected]> Cc: Mario Smarduch <[email protected]> Cc: Tobin Feldman-Fitzthum <[email protected]> --- v2 changes: * Rebased on master * Updated AmdSev MEMFD size to match OvmfX64 v1: [1] https://edk2.groups.io/g/devel/message/88137 Dov Murik (2): OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in OvmfPkgX64.fdf OvmfPkg/ResetVector: Exclude SEV launch secrets page from pre-validation OvmfPkg/AmdSev/AmdSevX64.fdf | 27 ++++++++++---------- OvmfPkg/ResetVector/ResetVector.nasmb | 14 +++++++++- 2 files changed, 27 insertions(+), 14 deletions(-) -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100362): https://edk2.groups.io/g/devel/message/100362 Mute This Topic: https://groups.io/mt/97082681/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
