On Thu, Sep 30, 2021 at 08:49:14AM +0300, Dov Murik wrote: > Add the sev_add_kernel_loader_hashes function to calculate the hashes of > the kernel/initrd/cmdline and fill a designated OVMF encrypted hash > table area. For this to work, OVMF must support an encrypted area to > place the data which is advertised via a special GUID in the OVMF reset > table. > > The hashes of each of the files is calculated (or the string in the case > of the cmdline with trailing '\0' included). Each entry in the hashes > table is GUID identified and since they're passed through the > sev_encrypt_flash interface, the hashes will be accumulated by the AMD > PSP measurement (SEV_LAUNCH_MEASURE). > > Co-developed-by: James Bottomley <j...@linux.ibm.com> > Signed-off-by: James Bottomley <j...@linux.ibm.com> > Signed-off-by: Dov Murik <dovmu...@linux.ibm.com> > --- > target/i386/sev_i386.h | 12 ++++ > target/i386/sev-stub.c | 5 ++ > target/i386/sev.c | 137 +++++++++++++++++++++++++++++++++++++++++ > 3 files changed, 154 insertions(+)
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
