| commit | cff03145ed3cec5c7bd542ea2e6b4458439e0bb0 | |
| author | Dov Murik <dovmurik@linux.ibm.com> | |
| Thu, 30 Sep 2021 05:49:14 +0000 (30 08:49 +0300) | ||
| committer | Paolo Bonzini <pbonzini@redhat.com> | |
| Tue, 5 Oct 2021 10:47:24 +0000 (5 12:47 +0200) | ||
| tree | d8be69a47ccfb38678ceac655186ae6674387f2c | treesnapshot (tar.gz zip) |
| parent | 7f7c8d0ce3630849a4df3d627b11de354fcb3bb0 | commitdiff |
sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot
Add the sev_add_kernel_loader_hashes function to calculate the hashes of
the kernel/initrd/cmdline and fill a designated OVMF encrypted hash
table area. For this to work, OVMF must support an encrypted area to
place the data which is advertised via a special GUID in the OVMF reset
table.
The hashes of each of the files is calculated (or the string in the case
of the cmdline with trailing '\0' included). Each entry in the hashes
table is GUID identified and since they're passed through the
sev_encrypt_flash interface, the hashes will be accumulated by the AMD
PSP measurement (SEV_LAUNCH_MEASURE).
Co-developed-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210930054915.13252-2-dovmurik@linux.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Add the sev_add_kernel_loader_hashes function to calculate the hashes of
the kernel/initrd/cmdline and fill a designated OVMF encrypted hash
table area. For this to work, OVMF must support an encrypted area to
place the data which is advertised via a special GUID in the OVMF reset
table.
The hashes of each of the files is calculated (or the string in the case
of the cmdline with trailing '\0' included). Each entry in the hashes
table is GUID identified and since they're passed through the
sev_encrypt_flash interface, the hashes will be accumulated by the AMD
PSP measurement (SEV_LAUNCH_MEASURE).
Co-developed-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210930054915.13252-2-dovmurik@linux.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| target/i386/sev-stub.c | diffblobblamehistory | |
| target/i386/sev.c | diffblobblamehistory | |
| target/i386/sev_i386.h | diffblobblamehistory |