[edk2-devel] [PATCH v3 2/2] OvmfPkg/ResetVector: Define SNP metadata for kernel hashes

(if kernel hashes are not used). Note that for SNP, the launch secret part of the page (lower 3KB) are not relevant and will remain zero. The last 1KB is used for the hashes. This should have no effect on OvmfPkgX64 targets (which don't define PcdSevLaunchSecretBase). Signed-off-by: Dov Murik

[edk2-devel] [PATCH v3 1/2] OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in OvmfPkgX64.fdf

01 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize Signed-off-by: Dov Murik --- OvmfPkg/AmdSev/AmdSevX64.fdf | 27 ++-- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 5fb3b5

[edk2-devel] [PATCH v3 0/2] OvmfPkg: Enable measured direct boot on AMD SEV-SNP

.groups.io/g/devel/message/88137 Dov Murik (2): OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in OvmfPkgX64.fdf OvmfPkg/ResetVector: Define SNP metadata for kernel hashes OvmfPkg/AmdSev/AmdSevX64.fdf| 27 ++-- OvmfPkg/ResetVector/ResetVector.nasmb

Re: [edk2-devel] [RESEND] [PATCH v2 2/2] OvmfPkg/ResetVector: Exclude SEV launch secrets page from pre-validation

On 23/02/2023 16:58, Dov Murik wrote: > > > On 21/02/2023 11:38, Gerd Hoffmann wrote: >> On Mon, Feb 20, 2023 at 08:44:23AM -0600, Tom Lendacky wrote: >>> On 2/20/23 02:49, Dov Murik wrote: >>>> In order to allow the VMM (such as QEMU) to add a page with

Re: [edk2-devel] [RESEND] [PATCH v2 2/2] OvmfPkg/ResetVector: Exclude SEV launch secrets page from pre-validation

On 21/02/2023 11:38, Gerd Hoffmann wrote: > On Mon, Feb 20, 2023 at 08:44:23AM -0600, Tom Lendacky wrote: >> On 2/20/23 02:49, Dov Murik wrote: >>> In order to allow the VMM (such as QEMU) to add a page with hashes of >>> kernel/initrd/cmdline for measured direct

[edk2-devel] [RESEND] [PATCH v2 2/2] OvmfPkg/ResetVector: Exclude SEV launch secrets page from pre-validation

(which don't define PcdSevLaunchSecretBase). Signed-off-by: Dov Murik --- OvmfPkg/ResetVector/ResetVector.nasmb | 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb index 94fbb0a87b37

[edk2-devel] [RESEND] [PATCH v2 1/2] OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in OvmfPkgX64.fdf

01 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize Signed-off-by: Dov Murik --- OvmfPkg/AmdSev/AmdSevX64.fdf | 27 ++-- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 5fb3b5

[edk2-devel] [RESEND] [PATCH v2 0/2] OvmfPkg: Enable measured direct boot on AMD SEV-SNP

Dov Murik (2): OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in OvmfPkgX64.fdf OvmfPkg/ResetVector: Exclude SEV launch secrets page from pre-validation OvmfPkg/AmdSev/AmdSevX64.fdf | 27 ++-- OvmfPkg/ResetVector/ResetVector.nasmb | 14 +- 2

Re: [edk2-devel] [PATCH v2 0/2] OvmfPkg: Enable measured direct boot on AMD SEV-SNP

On 16/02/2023 10:06, Dov Murik wrote: > (Note: This is a new version of this one-year-old patch series; the v1 > series [1] got a few Acked-by but it's been so long that I don't > consider them relevant anymore.) > > AMD SEV and SEV-ES support measured direct boot with > ker

[edk2-devel] [PATCH v2 2/2] OvmfPkg/ResetVector: Exclude SEV launch secrets page from pre-validation

(which don't define PcdSevLaunchSecretBase). Signed-off-by: Dov Murik --- OvmfPkg/ResetVector/ResetVector.nasmb | 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb index 94fbb0a87b37

[edk2-devel] [PATCH v2 0/2] OvmfPkg: Enable measured direct boot on AMD SEV-SNP

Aktas Cc: James Bottomley Cc: Min Xu Cc: Tom Lendacky Cc: Michael Roth Cc: Ashish Kalra Cc: Mario Smarduch Cc: Tobin Feldman-Fitzthum --- v2 changes: * Rebased on master * Updated AmdSev MEMFD size to match OvmfX64 v1: [1] https://edk2.groups.io/g/devel/message/88137 Dov Murik (2

[edk2-devel] [PATCH v2 1/2] OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in OvmfPkgX64.fdf

01 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize Signed-off-by: Dov Murik --- OvmfPkg/AmdSev/AmdSevX64.fdf | 27 ++-- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 5fb3b5

Re: [edk2-devel] [PATCH 1/4] OvmfPkg/AmdSevDxe: Allocate SEV-SNP CC blob as EfiACPIReclaimMemory

vel@edk2.groups.io On Behalf Of Roth, >> Michael via groups.io >> Sent: Thursday, December 22, 2022 12:07 AM >> To: devel@edk2.groups.io >> Cc: Tom Lendacky ; Ni, Ray >> ; Dov Murik >> Subject: [edk2-devel] [PATCH 1/4] OvmfPkg/AmdSevDxe: Allocate SEV-SNP CC >>

Re: [edk2-devel] [PATCH 1/4] OvmfPkg/AmdSevDxe: Allocate SEV-SNP CC blob as EfiACPIReclaimMemory

ating system later. > > Reported-by: Dov Murik > Suggested-by: Dov Murik > Signed-off-by: Michael Roth Reviewed-by: Dov Murik > --- > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 62 +++ > 1 file changed, 48 insertions(+), 14 deletions(-) &g

[edk2-devel] [PATCH v3 1/1] OvmfPkg/AmdSev/SecretDxe: Allocate secret location as EfiACPIReclaimMemory

ky Signed-off-by: Dov Murik --- v3 changes: * Whitespace fix v2 changes: * Allocate with EfiACPIReclaimMemory memory type (thanks Ard) --- OvmfPkg/AmdSev/SecretDxe/SecretDxe.c | 22 ++-- 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/OvmfPkg/AmdSev/SecretDxe/Secr

Re: [edk2-devel] [PATCH v2 1/1] OvmfPkg/AmdSev/SecretDxe: Allocate CC secret location as EfiACPIReclaimMemory

ent: Monday, December 12, 2022 11:01 PM >> To: Dov Murik ; devel@edk2.groups.io >> Cc: Tobin Feldman-Fitzthum ; Ard Biesheuvel >> ; Aktas, Erdem ; >> Gerd Hoffmann ; James Bottomley >> ; Yao, Jiewen ; Justen, Jordan >> L ; Michael Roth ; Xu, >> Min M ; T

[edk2-devel] [PATCH v2 1/1] OvmfPkg/AmdSev/SecretDxe: Allocate CC secret location as EfiACPIReclaimMemory

Justen Cc: Michael Roth Cc: Min Xu Cc: Tobin Feldman-Fitzthum Cc: Tom Lendacky Signed-off-by: Dov Murik --- v2 changes: * Allocate with EfiACPIReclaimMemory memory type (thanks Ard) --- OvmfPkg/AmdSev/SecretDxe/SecretDxe.c | 22 ++-- 1 file changed, 16 insertions(+), 6 dele

Re: [edk2-devel] [PATCH 1/1] OvmfPkg/AmdSev/SecretDxe: Allocate CC secret location as runtime memory

Thanks Ard for reviewing this patch. On 09/12/2022 1:02, Ard Biesheuvel wrote: > On Thu, 8 Dec 2022 at 09:08, Dov Murik wrote: >> >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4186 >> >> Commit 079a58276b98 ("OvmfPkg/AmdSev/SecretPei: Mark SEV launch sec

[edk2-devel] [PATCH 1/1] OvmfPkg/AmdSev/SecretDxe: Allocate CC secret location as runtime memory

c: Min Xu Cc: Tobin Feldman-Fitzthum Cc: Tom Lendacky Signed-off-by: Dov Murik --- OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf | 2 ++ OvmfPkg/AmdSev/SecretDxe/SecretDxe.c | 17 +++-- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.i

Re: [edk2-devel] [PATCH v2 1/1] OvmfPkg/AmdSev: remove unused SMM bits from .dsc and .fdf files

Gerd, thanks for the cleanup. Tested-by: Dov Murik Reviewed-by: Dov Murik On 02/06/2022 12:11, Gerd Hoffmann wrote: > Signed-off-by: Gerd Hoffmann > --- > OvmfPkg/AmdSev/AmdSevX64.dsc | 47 > OvmfPkg/AmdSev/AmdSevX64.fdf | 15 ---

Re: [edk2-devel] [PATCH 2/2] OvmfPkg/ResetVector: Exclude SEV launch secrets page from pre-validation

On 30/03/2022 22:35, Brijesh Singh wrote: > > > On 3/30/22 14:31, Dov Murik wrote: >> >> >> On 30/03/2022 22:27, Brijesh Singh wrote: >>> >>> >>> On 3/30/22 01:04, Dov Murik wrote: >>>> >>>> >>>> On 30/0

Re: [edk2-devel] [PATCH 2/2] OvmfPkg/ResetVector: Exclude SEV launch secrets page from pre-validation

On 30/03/2022 22:27, Brijesh Singh wrote: > > > On 3/30/22 01:04, Dov Murik wrote: >> >> >> On 30/03/2022 8:20, Gerd Hoffmann wrote: >>>    Hi, >>> >>>> Check if that page is defined; if it is, skip it in the metadata list. >>&g

Re: [edk2-devel] [PATCH 2/2] OvmfPkg/ResetVector: Exclude SEV launch secrets page from pre-validation

On 30/03/2022 8:20, Gerd Hoffmann wrote: > Hi, > >> Check if that page is defined; if it is, skip it in the metadata list. >> In such case, VMM should fill the page with the hashes content, or >> explicitly update it as a zero page (if kernel hashes are not used). > > Is it an option to

Re: [edk2-devel] [PATCH 1/2] OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in OvmfPkgX64.fdf

On 30/03/2022 8:14, Gerd Hoffmann wrote: > On Tue, Mar 29, 2022 at 03:32:36PM +0300, Dov Murik wrote: >> Thanks Gerd for reviewing. >> >> On 29/03/2022 14:36, Gerd Hoffmann wrote: >>> On Mon, Mar 28, 2022 at 06:45:29PM +, Dov Murik wrote: >>>&

Re: [edk2-devel] [PATCH 1/2] OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in OvmfPkgX64.fdf

Thanks Gerd for reviewing. On 29/03/2022 14:36, Gerd Hoffmann wrote: > On Mon, Mar 28, 2022 at 06:45:29PM +0000, Dov Murik wrote: >> Reorder the pages in the MEMFD section of AmdSevX64.fdf so that it >> matches the same order used in OvmfPkgX64.fdf. > > Makes sense. > &

[edk2-devel] [PATCH 1/2] OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in OvmfPkgX64.fdf

amBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Cc: Tobin Feldman-Fitzthum Signed-off-by: Dov Murik --- OvmfPkg/

[edk2-devel] [PATCH 0/2] OvmfPkg: Enable measured direct boot on AMD SEV-SNP

will be published soon. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Cc: Tobin Feldman-Fitzthum Dov Murik (2): OvmfPkg/AmdSev: Reorder MEMFD pages to match the order

[edk2-devel] [PATCH 2/2] OvmfPkg/ResetVector: Exclude SEV launch secrets page from pre-validation

(which don't define PcdSevLaunchSecretBase). Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Cc: Tobin Feldman-Fitzthum Signed-off-by: Dov Murik --- OvmfPkg

Re: [edk2-devel] [PATCH RESEND] OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved

On 04/01/2022 11:00, Yao, Jiewen wrote: > Merged: > https://github.com/tianocore/edk2/commit/079a58276b98dc97ca363e3bc8b35cc7baa56d76 > Thanks! -Dov >> -Original Message- >> From: devel@edk2.groups.io On Behalf Of Dov Murik >> Sent: Tuesday, January 4

[edk2-devel] [PATCH RESEND] OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved

Yao Cc: Min Xu Cc: Tom Lendacky Cc: Tobin Feldman-Fitzthum Signed-off-by: Dov Murik Acked-by: Gerd Hoffmann Acked-by: Jiewen Yao Reviewed-by: Brijesh Singh --- Resending with Acked-by and Reviewed-by tags. Please let me know if there's anything else missing. Thanks, -Dov --- OvmfPkg

Re: [edk2-devel] [PATCH] OvmfPkg/AmdSev: Erase secret area content on ExitBootServices

OS doesn't need to copy it around. This is also similar to the approach taken in the SNP patches for the SNP-Secrets and SNP-CPUID pages. Added bonus is that it's less code both in OVMF and in kernel's efi and efi/libstub. Thanks, -Dov On 02/11/2021 10:25, Dov Murik wrote: > The confident

[edk2-devel] [PATCH] OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved

Yao Cc: Min Xu Cc: Tom Lendacky Cc: Tobin Feldman-Fitzthum Signed-off-by: Dov Murik --- OvmfPkg/AmdSev/SecretPei/SecretPei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.c b/OvmfPkg/AmdSev/SecretPei/SecretPei.c index db94c26b54d1

Re: [edk2-devel] [PATCH v3 6/7] OvmfPkg/PlatformCI: dummy grub.efi for AmdSev

uild-test the > AmdSev variant. Note that it will also allow (later) to test with QEMU with -kernel (AKA direct measured Linux boot), which doesn't reach the grub part. (if the CI supports such tests.) > > Acked-by: Jiewen Yao > Acked-by: Ard Biesheuvel > Signed-off-by: Gerd Hof

Re: [edk2-devel] [PATCH 1/1] OvmfPkg/AmdSev: remove unused SMM bits from .dsc and .fdf files

Thanks Gerd, On 04/11/2021 11:21, Gerd Hoffmann wrote: > Signed-off-by: Gerd Hoffmann Reviewed-by: Dov Murik Tested-by: Dov Murik -Dov > --- > OvmfPkg/AmdSev/AmdSevX64.dsc | 47 > OvmfPkg/AmdSev/AmdSevX64.fdf | 15 > 2 fi

Re: [edk2-devel] [PATCH 1/2] OvmfPkg/OvmfPkgX64: Add SEV launch secret and hashes table areas to MEMFD

On 03/11/2021 8:07, Gerd Hoffmann wrote: > Hi, > Does SEV need and/or use SMM mode? Looking through AmdSevX64.dsc doesn't give a clear answer, on one hand there is a LibraryClasses.common.SMM_CORE section, but on the other hand it uses the non-SMM variable driver stack.

Re: [edk2-devel] [PATCH 1/2] OvmfPkg/OvmfPkgX64: Add SEV launch secret and hashes table areas to MEMFD

On 02/11/2021 15:29, Gerd Hoffmann wrote: > Hi, > >>> I'm wondering whenever you actually tried to boot a sev guest >>> in microvm? >> >> No I haven't tried. Do you want Microvm to be able to boot SEV guests, >> or do you intentionally want to keep functionality out so it stays small? > >

Re: [edk2-devel] [PATCH 1/2] OvmfPkg/OvmfPkgX64: Add SEV launch secret and hashes table areas to MEMFD

Hi Gerd, (I assume your comments are for patch 2/2) On 02/11/2021 12:03, Gerd Hoffmann wrote: > On Tue, Nov 02, 2021 at 07:34:21AM +0000, Dov Murik wrote: >> The SEV launch secret area and the QEMU hashes table area were specified >> in the OvmfPkg/AmdSev/AmdSevX64 MEMFD but

[edk2-devel] [PATCH] OvmfPkg/AmdSev: Erase secret area content on ExitBootServices

in Linux). Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Gerd Hoffmann Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Cc: Tobin Feldman-Fitzthum Signed-off-by: Dov Murik --- Code is in: https://github.com/confidential-containers-demo/edk2/tree

[edk2-devel] [PATCH 2/2] OvmfPkg/Microvm: Add SEV launch secret and hashes table areas to MEMFD

/MicrovmX64.fdf | sha1sum 6ff89173952413fbdb7ffbbf42f8bc389c928500 - $ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/AmdSev/AmdSevX64.fdf | sha1sum 6ff89173952413fbdb7ffbbf42f8bc389c928500 - Signed-off-by: Dov Murik Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Gerd Hoffmann Cc: Brijesh

[edk2-devel] [PATCH 0/2] OvmgPkg: Add SEV launch secret and hashes table areas

Xu Cc: Tom Lendacky Dov Murik (2): OvmfPkg/OvmfPkgX64: Add SEV launch secret and hashes table areas to MEMFD OvmfPkg/Microvm: Add SEV launch secret and hashes table areas to MEMFD OvmfPkg/Microvm/MicrovmX64.fdf | 8 +++- OvmfPkg/OvmfPkgX64.fdf | 8 +++- 2 files changed

[edk2-devel] [PATCH 1/2] OvmfPkg/OvmfPkgX64: Add SEV launch secret and hashes table areas to MEMFD

| sha1sum 6ff89173952413fbdb7ffbbf42f8bc389c928500 - $ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/AmdSev/AmdSevX64.fdf | sha1sum 6ff89173952413fbdb7ffbbf42f8bc389c928500 - Signed-off-by: Dov Murik Reported-by: Brijesh Singh Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Gerd Hoffmann Cc

Re: [edk2-devel] Error when launching SEV-ES guest with OvmfPkg/AmdSev build

and Jiewen for your help with this issue. -Dov On 13/10/2021 12:35, Dov Murik wrote: > Hello, > > I encountered the following problem when trying to launch SEV-ES > (policy=0x5) guests with the OvmfPkg/AmdSev/AmdSevX64 package build: > > > $ sudo /home/dmurik/git/qemu/build

Re: [edk2-devel] [PATCH 2/2] OvmfPkg/AmdSev: update the fdf to use new workarea PCD

On 17/10/2021 1:32, Brijesh Singh wrote: > > On 10/16/21 1:38 PM, Dov Murik wrote: >> [+Tobin] >> >> >> On 14/10/2021 21:17, Brijesh Singh wrote: >>> The commit 80e67af9afca added support for the generic work area concept >>> used mainly b

Re: [edk2-devel] [PATCH 2/2] OvmfPkg/AmdSev: update the fdf to use new workarea PCD

Cc: Min Xu > Cc: Jiewen Yao > Cc: Tom Lendacky > Cc: Jordan Justen > Cc: Ard Biesheuvel > Cc: Erdem Aktas > Cc: Gerd Hoffmann > Reported-by: Dov Murik > Signed-off-by: Brijesh Singh > --- > OvmfPkg/AmdSev/AmdSevX64.fdf | 9 - > 1 file changed

Re: [edk2-devel] Error when launching SEV-ES guest with OvmfPkg/AmdSev build

Thanks Brijesh for looking into this. On 13/10/2021 22:41, Brijesh Singh wrote: > Hi Dov, > > On 10/13/21 2:35 AM, Dov Murik wrote: >> Hello, >> >> I encountered the following problem when trying to launch SEV-ES >> (policy=0x5) guests with the OvmfP

[edk2-devel] Error when launching SEV-ES guest with OvmfPkg/AmdSev build

Hello, I encountered the following problem when trying to launch SEV-ES (policy=0x5) guests with the OvmfPkg/AmdSev/AmdSevX64 package build: $ sudo /home/dmurik/git/qemu/build/qemu-system-x86_64 -enable-kvm -machine q35 -smp 1 -m 2G -machine confidential-guest-support=sev0 -object

Re: [edk2-devel] [PATCH v5 00/11] Measured SEV boot with kernel/initrd/cmdline

On 29/07/2021 12:51, Ard Biesheuvel wrote: > On Wed, 28 Jul 2021 at 19:30, Dov Murik wrote: >> >> >> On 28/07/2021 19:41, Yao, Jiewen wrote: >>> For OvmfPkg, reviewed-by: Jiewen Yao >>> For ArmVirtPkg, acked-by: Jiewen Yao >>> >> >>

Re: [edk2-devel] [PATCH v5 00/11] Measured SEV boot with kernel/initrd/cmdline

On 28/07/2021 19:41, Yao, Jiewen wrote: > For OvmfPkg, reviewed-by: Jiewen Yao > For ArmVirtPkg, acked-by: Jiewen Yao > Thanks Jiewen! -Dov -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#78303):

[edk2-devel] [PATCH v5 06/11] ArmVirtPkg: add BlobVerifierLibNull to DSC

://bugzilla.tianocore.org/show_bug.cgi?id=3457 Signed-off-by: Dov Murik --- ArmVirtPkg/ArmVirtQemu.dsc | 5 - ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 - 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 7ef5e7297bc7

[edk2-devel] [PATCH v5 08/11] OvmfPkg/AmdSev/SecretPei: build hob for full page

: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Signed-off-by: Dov Murik Reviewed-by: Tom Lendacky Reviewed-by: Brijesh Singh --- OvmfPkg/AmdSev/SecretPei/SecretPei.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff

[edk2-devel] [PATCH v5 09/11] OvmfPkg/AmdSev: reserve MEMFD space for for firmware config hashes

Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Co-developed-by: Dov Murik Signed-off-by: Dov Murik Signed-off-by: James Bottomley Reviewed-by: Tom Lendacky Reviewed-by: Brijesh

[edk2-devel] [PATCH v5 04/11] OvmfPkg: add library class BlobVerifierLib with null implementation

Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Signed-off-by: Dov Murik Reviewed-by: Tom Lendacky --- OvmfPkg/OvmfPkg.dec | 3 ++ OvmfPkg/Library/BlobVerifierLibNull

[edk2-devel] [PATCH v5 01/11] OvmfPkg/AmdSev/SecretDxe: fix header comment to generic naming

From: James Bottomley Commit 96201ae7bf97 ("OvmfPkg/AmdSev/SecretDxe: make secret location naming generic", 2020-12-15) replaced references to SEV with the generic term Confidential Computing, but missed the file header comment. Fix the naming in that header. Cc: Ard Biesheuvel Cc: Jordan

[edk2-devel] [PATCH v5 11/11] OvmfPkg/AmdSev: Enforce hash verification of kernel blobs

for injecting the hashes table into initial measured guest memory). Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Signed-off-by: Dov Murik

[edk2-devel] [PATCH v5 00/11] Measured SEV boot with kernel/initrd/cmdline

ps.io/g/devel/message/75567 Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Cc: Leif Lindholm Cc: Sami Mujawar Dov Murik (8): OvmfPkg/AmdSev: use GenericQemuLoadImageLib in AmdSev builds

[edk2-devel] [PATCH v5 02/11] OvmfPkg/AmdSev: use GenericQemuLoadImageLib in AmdSev builds

Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Signed-off-by: Dov Murik Reviewed-by: Brijesh Singh --- OvmfPkg/AmdSev/AmdSevX64.dsc | 2

[edk2-devel] [PATCH v5 10/11] OvmfPkg/AmdSev: add BlobVerifierLibSevHashes

Bottomley Signed-off-by: James Bottomley Signed-off-by: Dov Murik --- OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierLibSevHashes.inf | 37 OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c | 202 2 files changed, 239 insertions(+) diff --git

[edk2-devel] [PATCH v5 07/11] OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg

Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Co-developed-by: James Bottomley Signed-off-by: James Bottomley Signed-off-by: Dov Murik Reviewed-by: Brijesh Singh Reviewed-by: Tom Lendacky

[edk2-devel] [PATCH v5 03/11] OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg

From: James Bottomley Support QEMU's -kernel option. Create a QemuKernel.c for PlatformBootManagerLibGrub which is an exact copy of the file PlatformBootManagerLib/QemuKernel.c . Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley

Re: [edk2-devel] [PATCH v4 00/11] Measured SEV boot with kernel/initrd/cmdline

Thanks for the explanations. Comments below: On 25/07/2021 11:17, Yao, Jiewen wrote: > Thank you Dov. > Comment below: > >> -Original Message----- >> From: Dov Murik >> Sent: Sunday, July 25, 2021 3:53 PM >> To: Yao, Jiewen ; devel@edk2.groups.io >

Re: [edk2-devel] [PATCH v4 00/11] Measured SEV boot with kernel/initrd/cmdline

irection we're going to, then there's no need to separate the code. Thanks, -Dov > Thank you > Yao Jiewen > > >> -Original Message- >> From: devel@edk2.groups.io On Behalf Of Dov Murik >> Sent: Thursday, July 22, 2021 4:43 PM >> To: devel@edk2.grou

Re: [edk2-devel] [PATCH v4 10/11] OvmfPkg: add BlobVerifierLibSevHashes

sizeof Ptr->Guid + sizeof Ptr->Len)) { + if (Ptr == NULL || Size < sizeof *Ptr || + !CompareGuid (>Guid, _HASH_TABLE_GUID) || + Ptr->Len < sizeof *Ptr || Ptr->Len > Size) { return RETURN_SUCCESS; } On 22/07/2021 11:43, Dov Murik wrote: > Add an implementation for

[edk2-devel] [PATCH v4 02/11] OvmfPkg/AmdSev: use GenericQemuLoadImageLib in AmdSev builds

Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Signed-off-by: Dov Murik Reviewed-by: Brijesh Singh --- OvmfPkg/AmdSev/AmdSevX64.dsc | 2

[edk2-devel] [PATCH v4 10/11] OvmfPkg: add BlobVerifierLibSevHashes

Bottomley Signed-off-by: James Bottomley Signed-off-by: Dov Murik --- OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibSevHashes.inf | 37 OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c | 199 2 files changed, 236 insertions(+) diff --git a/OvmfPkg/Library

[edk2-devel] [PATCH v4 04/11] OvmfPkg: add library class BlobVerifierLib with null implementation

Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Signed-off-by: Dov Murik Reviewed-by: Tom Lendacky --- OvmfPkg/OvmfPkg.dec | 3 ++ OvmfPkg/Library/BlobVerifierLib

[edk2-devel] [PATCH v4 11/11] OvmfPkg/AmdSev: Enforce hash verification of kernel blobs

for injecting the hashes table into initial measured guest memory). Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Signed-off-by: Dov Murik

[edk2-devel] [PATCH v4 03/11] OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg

From: James Bottomley Support QEMU's -kernel option. Create a QemuKernel.c for PlatformBootManagerLibGrub which is an exact copy of the file PlatformBootManagerLib/QemuKernel.c . Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley

[edk2-devel] [PATCH v4 06/11] ArmVirtPkg: add BlobVerifierLibNull to DSC

://bugzilla.tianocore.org/show_bug.cgi?id=3457 Signed-off-by: Dov Murik --- ArmVirtPkg/ArmVirtQemu.dsc | 5 - ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 - 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 7ef5e7297bc7

[edk2-devel] [PATCH v4 09/11] OvmfPkg/AmdSev: reserve MEMFD space for for firmware config hashes

Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Co-developed-by: Dov Murik Signed-off-by: Dov Murik Signed-off-by: James Bottomley Reviewed-by: Tom Lendacky Reviewed-by: Brijesh

[edk2-devel] [PATCH v4 08/11] OvmfPkg/AmdSev/SecretPei: build hob for full page

: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Signed-off-by: Dov Murik Reviewed-by: Tom Lendacky Reviewed-by: Brijesh Singh --- OvmfPkg/AmdSev/SecretPei/SecretPei.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff

[edk2-devel] [PATCH v4 07/11] OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg

Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Co-developed-by: James Bottomley Signed-off-by: James Bottomley Signed-off-by: Dov Murik Reviewed-by: Brijesh Singh Reviewed-by: Tom Lendacky

[edk2-devel] [PATCH v4 05/11] OvmfPkg: add BlobVerifierLibNull to DSC

Signed-off-by: Dov Murik Reviewed-by: Tom Lendacky --- OvmfPkg/AmdSev/AmdSevX64.dsc | 6 +- OvmfPkg/OvmfPkgIa32.dsc | 5 - OvmfPkg/OvmfPkgIa32X64.dsc | 5 - OvmfPkg/OvmfPkgX64.dsc | 5 - 4 files changed, 17 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/AmdSev

[edk2-devel] [PATCH v4 00/11] Measured SEV boot with kernel/initrd/cmdline

ndholm Cc: Sami Mujawar --- Ard: please review patch 6 (ArmVirtPkg). Thanks. Tom, Brijesh: I'll also send the diff for patch 10. Thanks. --- Dov Murik (8): OvmfPkg/AmdSev: use GenericQemuLoadImageLib in AmdSev builds OvmfPkg: add library class BlobVerifierLib with null impl

[edk2-devel] [PATCH v4 01/11] OvmfPkg/AmdSev/SecretDxe: fix header comment to generic naming

From: James Bottomley Commit 96201ae7bf97 ("OvmfPkg/AmdSev/SecretDxe: make secret location naming generic", 2020-12-15) replaced references to SEV with the generic term Confidential Computing, but missed the file header comment. Fix the naming in that header. Cc: Ard Biesheuvel Cc: Jordan

Re: [edk2-devel] [PATCH v3 10/11] OvmfPkg: add BlobVerifierLibSevHashes

anges it's not supposed to, and that's why I think hardening this parsing function is a good idea. I'll submit another version with added validity checks of the hashes table structure. I'll also add the INT32 explanation comment per Tom's suggestion. On Tue, Jul 20, 2021 at 08:04:00AM +, Dov M

Re: [edk2-devel] [PATCH v3 00/11] Measured SEV boot with kernel/initrd/cmdline

On 20/07/2021 20:27, Ard Biesheuvel wrote: > On Tue, 20 Jul 2021 at 19:22, Tom Lendacky wrote: >> >> On 7/20/21 3:03 AM, Dov Murik wrote: >>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 >> >> I believe the convention is that this line be in the

[edk2-devel] [PATCH v3 08/11] OvmfPkg/AmdSev/SecretPei: build hob for full page

: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Signed-off-by: Dov Murik --- OvmfPkg/AmdSev/SecretPei/SecretPei.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.c b

[edk2-devel] [PATCH v3 02/11] OvmfPkg/AmdSev: use GenericQemuLoadImageLib in AmdSev builds

Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Signed-off-by: Dov Murik Reviewed-by: Brijesh Singh --- OvmfPkg/AmdSev/AmdSevX64.dsc | 2

[edk2-devel] [PATCH v3 03/11] OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg

From: James Bottomley Support QEMU's -kernel option. Create a QemuKernel.c for PlatformBootManagerLibGrub which is an exact copy of the file PlatformBootManagerLib/QemuKernel.c . Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley

[edk2-devel] [PATCH v3 07/11] OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg

Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Co-developed-by: James Bottomley Signed-off-by: James Bottomley Signed-off-by: Dov Murik Reviewed-by: Brijesh Singh --- OvmfPkg

[edk2-devel] [PATCH v3 05/11] OvmfPkg: add BlobVerifierLibNull to DSC

Signed-off-by: Dov Murik --- OvmfPkg/AmdSev/AmdSevX64.dsc | 6 +- OvmfPkg/OvmfPkgIa32.dsc | 5 - OvmfPkg/OvmfPkgIa32X64.dsc | 5 - OvmfPkg/OvmfPkgX64.dsc | 5 - 4 files changed, 17 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev

[edk2-devel] [PATCH v3 11/11] OvmfPkg/AmdSev: Enforce hash verification of kernel blobs

for injecting the hashes table into initial measured guest memory). Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Signed-off-by: Dov Murik

[edk2-devel] [PATCH v3 10/11] OvmfPkg: add BlobVerifierLibSevHashes

Bottomley Signed-off-by: James Bottomley Signed-off-by: Dov Murik --- OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibSevHashes.inf | 37 OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c | 200 2 files changed, 237 insertions(+) diff --git a/OvmfPkg/Library

[edk2-devel] [PATCH v3 09/11] OvmfPkg/AmdSev: reserve MEMFD space for for firmware config hashes

Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Co-developed-by: Dov Murik Signed-off-by: Dov Murik Signed-off-by: James Bottomley Reviewed-by: Tom Lendacky --- OvmfPkg

[edk2-devel] [PATCH v3 06/11] ArmVirtPkg: add BlobVerifierLibNull to DSC

://bugzilla.tianocore.org/show_bug.cgi?id=3457 Signed-off-by: Dov Murik --- ArmVirtPkg/ArmVirtQemu.dsc | 5 - ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 - 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 7ef5e7297bc7

[edk2-devel] [PATCH v3 04/11] OvmfPkg: add library class BlobVerifierLib with null implementation

Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Signed-off-by: Dov Murik --- OvmfPkg/OvmfPkg.dec | 3 ++ OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibNull.inf | 24

[edk2-devel] [PATCH v3 00/11] Measured SEV boot with kernel/initrd/cmdline

a Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Cc: Leif Lindholm Cc: Sami Mujawar Dov Murik (8): OvmfPkg/AmdSev: use GenericQemuLoadImageLib in AmdSev builds OvmfPkg: add library class BlobVerifierLib with null implementation OvmfPkg

[edk2-devel] [PATCH v3 01/11] OvmfPkg/AmdSev/SecretDxe: fix header comment to generic naming

From: James Bottomley Commit 96201ae7bf97 ("OvmfPkg/AmdSev/SecretDxe: make secret location naming generic", 2020-12-15) replaced references to SEV with the generic term Confidential Computing, but missed the file header comment. Fix the naming in that header. Cc: Ard Biesheuvel Cc: Jordan

Re: [edk2-devel] [PATCH v2 03/11] OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg

On 19/07/2021 22:14, Dov Murik wrote: > > > On 19/07/2021 18:21, Tom Lendacky wrote: >> On 7/6/21 3:54 AM, Dov Murik wrote: >>> From: James Bottomley >>> >>> Support QEMU's -kernel option. >>> >>> OvmfPkg/Library/PlatformBootManager

Re: [edk2-devel] [PATCH v2 03/11] OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg

On 20/07/2021 1:36, Christoph Willing wrote: > On 20/7/21 3:58 am, Dov Murik wrote: >> >> >> On 19/07/2021 15:56, Christoph Willing wrote: >>> Thanks for the clarification Dov. >>> >>> I've been trying with just "normal" VMs, not SEV. I

Re: [edk2-devel] [PATCH] UefiCpuPkg VTF0 X64: Build page tables using 1-GByte Page Granularity

On 19/07/2021 10:09, Ard Biesheuvel wrote: > On Mon, 19 Jul 2021 at 05:14, Ni, Ray wrote: >> >> This change generates the reset vector binary which only contains 1G page >> table. If a platform doesn't support 1G page table, this will cause system >> hang. >> >> To Ard and Jordan, >> Can you

Re: [edk2-devel] [PATCH v2 07/11] OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg

On 19/07/2021 18:19, Brijesh Singh wrote: > > > On 7/19/21 7:22 AM, Dov Murik wrote: >>> The patch itself is okay. Just curious, do we also need to add a >>> verification for the QEMU FW cfg file ? >>> >> >> I don't really understand.  T

Re: [edk2-devel] [PATCH v2 10/11] OvmfPkg: add SevHashesBlobVerifierLib

On 19/07/2021 20:28, Tom Lendacky wrote: > On 7/6/21 3:55 AM, Dov Murik wrote: >> Add an implementation for BlobVerifierLib that locates the SEV hashes >> table and verifies that the calculated hashes of the kernel, initrd, and >> cmdline blobs indeed match the e

Re: [edk2-devel] [PATCH v2 08/11] OvmfPkg/AmdSev/SecretPei: build hob for full page

On 19/07/2021 19:19, Tom Lendacky wrote: > On 7/6/21 3:54 AM, Dov Murik wrote: >> Round up the size of the SEV launch secret area to a whole page, as >> required by BuildMemoryAllocationHob. This will allow the secret >> area defined in the MEMFD to take less than a who

Re: [edk2-devel] [PATCH v2 07/11] OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg

On 19/07/2021 18:57, Tom Lendacky wrote: > On 7/6/21 3:54 AM, Dov Murik wrote: >> In QemuKernelLoaderFsDxeEntrypoint we use FetchBlob to read the content >> of the kernel/initrd/cmdline from the QEMU fw_cfg interface. Insert a >> call to VerifyBlob after fetching to

Re: [edk2-devel] [PATCH v2 04/11] OvmfPkg: add library class BlobVerifierLib with null implementation

On 19/07/2021 18:50, Tom Lendacky wrote: > On 7/6/21 3:54 AM, Dov Murik wrote: >> BlobVerifierLib will be used to verify blobs fetching them from QEMU's >> firmware config (fw_cfg) in platforms that enable such verification. >> >> The null implementation NullBlobV

Re: [edk2-devel] [PATCH v2 03/11] OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg

On 19/07/2021 18:21, Tom Lendacky wrote: > On 7/6/21 3:54 AM, Dov Murik wrote: >> From: James Bottomley >> >> Support QEMU's -kernel option. >> >> OvmfPkg/Library/PlatformBootManagerLibGrub/QemuKernel.c is an exact copy >> of OvmfPkg/Library/Platform

Re: [edk2-devel] [PATCH v2 00/11] Measured SEV boot with kernel/initrd/cmdline

On 19/07/2021 18:14, Tom Lendacky wrote: > On 7/6/21 3:54 AM, Dov Murik wrote: >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 > > This BZ link should be part of all the commit messages in the series. > Oh I missed a few. I'll fix. Thanks. > Thanks, &

Re: [edk2-devel] [PATCH v2 03/11] OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg

On 19/07/2021 15:56, Christoph Willing wrote: > Thanks for the clarification Dov. > > I've been trying with just "normal" VMs, not SEV. I did already find and try > the confidential-containers-demo sev-hashes-v2 branch but it didn't help - > not surprising if it's not relevant to normal VMs.

Re: [edk2-devel] [PATCH v2 07/11] OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg

On 18/07/2021 18:47, Brijesh Singh wrote: > > On 7/6/21 3:54 AM, Dov Murik wrote: >> In QemuKernelLoaderFsDxeEntrypoint we use FetchBlob to read the content >> of the kernel/initrd/cmdline from the QEMU fw_cfg interface. Insert a >> call to VerifyBlob after fetching

  1   2   >