On Tue, Nov 02, 2021 at 03:22:24PM +0200, Dov Murik wrote: > > > On 02/11/2021 12:52, Brijesh Singh wrote: > > Hi Dov, > > > > Overall the patch looks good, only question I have is that now we are > > enforce qemu to hash the kernel, initrd and cmdline unconditionally for > > any of the SEV guest launches. This requires anyone wanting to > > calculating the expected measurement need to account for it. Should we > > make the hash page build optional ? > > > > The problem with adding a -enable-add-kernel-hashes QEMU option (or > suboption) is yet another complexity for the user.
I don't view that as complexity - rather it is the user being explicit about what their requirements are. If they ask for the kernel hashes and we can't honour that, we can now give them a clear error and exit instead of carrying on with a broken setup. If they don't ask for kernel hashes, we can skip the whole bit and not have a problem with bogus warnings or back compatibilty worries. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
