Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest

[Michael S. Tsirkin]

On Tue, Sep 13, 2016 at 10:50:24AM -0400, Brijesh Singh wrote:
> In SEV-enabled mode we need to reload the BIOS image on loader reset, this
> will ensure that BIOS image gets encrypted and included as part of launch
> meausrement on guest reset.
> 
> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>

Could you pls explain what does measurement mean in this
context, and how is it helpful to reload rom on
every boot as opposed to first boot after migration?


> ---
>  hw/core/loader.c |    7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/core/loader.c b/hw/core/loader.c
> index 53e0e41..9b03bfe 100644
> --- a/hw/core/loader.c
> +++ b/hw/core/loader.c
> @@ -55,6 +55,7 @@
>  #include "exec/address-spaces.h"
>  #include "hw/boards.h"
>  #include "qemu/cutils.h"
> +#include "sysemu/kvm.h"
>  
>  #include <zlib.h>
>  
> @@ -1011,7 +1012,11 @@ static void rom_reset(void *unused)
>              cpu_physical_memory_write_rom(&address_space_memory,
>                                            rom->addr, rom->data, 
> rom->datasize);
>          }
> -        if (rom->isrom) {
> +
> +        /* reload the rom on SEV-enabled guest so that it gets included into
> +         * guest memory measurement on system reset.
> +         */
> +        if (!kvm_sev_enabled() && rom->isrom) {
>              /* rom needs to be written only once */
>              g_free(rom->data);
>              rom->data = NULL;