On 6/24/21 3:20 AM, Dov Murik wrote: > Add the sev_add_kernel_loader_hashes function to calculate the hashes of > the kernel/initrd/cmdline and fill a designated OVMF encrypted hash > table area. For this to work, OVMF must support an encrypted area to > place the data which is advertised via a special GUID in the OVMF reset > table. > > The hashes of each of the files is calculated (or the string in the case > of the cmdline with trailing '\0' included). Each entry in the hashes > table is GUID identified and since they're passed through the > sev_encrypt_flash interface, the hashes will be accumulated by the PSP > measurement (SEV_LAUNCH_MEASURE). > > Co-developed-by: James Bottomley <j...@linux.ibm.com> > Signed-off-by: James Bottomley <j...@linux.ibm.com> > Signed-off-by: Dov Murik <dovmu...@linux.ibm.com> > ---
Reviewed-by: Connor Kuehl <cku...@redhat.com>
