Re: [PATCH v3 2/2] sev: update sev-inject-launch-secret to make gpa opti

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 2/2] sev: update sev-inject-launch-secret to make gpa opti

From:	Paolo Bonzini
Subject:	Re: [PATCH v3 2/2] sev: update sev-inject-launch-secret to make gpa optional
Date:	Fri, 5 Feb 2021 11:58:26 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0

On 05/02/21 10:51, Daniel P. Berrangé wrote:

+        if (!pc_system_ovmf_table_find(SEV_SECRET_GUID, &data, NULL)) {
+            error_setg(errp, "SEV: no secret area found in OVMF,"
+                       " gpa must be specified.");
+            return;
+        }

IIUC, historically QEMU has gone out of its way to avoid creating a
direct dependancy on specific firmware implementation details such
as this, so this whole approach makes me feel really uneasy.

The problem here is that this secret must be measured and thereforecannot be extracted by the guest out of fw_cfg. Note that there's noreason why other firmware than OVMF could not adopt the same interface.


Paolo

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v3 0/2] sev: enable secret injection to a self described area in OVMF, James Bottomley, 2021/02/04
- [PATCH v3 1/2] pc: add parser for OVMF reset block, James Bottomley, 2021/02/04
  - Re: [PATCH v3 1/2] pc: add parser for OVMF reset block, Dr. David Alan Gilbert, 2021/02/04
- [PATCH v3 2/2] sev: update sev-inject-launch-secret to make gpa optional, James Bottomley, 2021/02/04
  - Re: [PATCH v3 2/2] sev: update sev-inject-launch-secret to make gpa optional, Dr. David Alan Gilbert, 2021/02/04
  - Re: [PATCH v3 2/2] sev: update sev-inject-launch-secret to make gpa optional, Daniel P . Berrangé, 2021/02/05
    - Re: [PATCH v3 2/2] sev: update sev-inject-launch-secret to make gpa optional, Paolo Bonzini <=
    - Re: [PATCH v3 2/2] sev: update sev-inject-launch-secret to make gpa optional, Daniel P . Berrangé, 2021/02/05
    - Re: [PATCH v3 2/2] sev: update sev-inject-launch-secret to make gpa optional, Paolo Bonzini, 2021/02/05
    - Re: [PATCH v3 2/2] sev: update sev-inject-launch-secret to make gpa optional, Daniel P . Berrangé, 2021/02/05
    - Re: [PATCH v3 2/2] sev: update sev-inject-launch-secret to make gpa optional, Dr. David Alan Gilbert, 2021/02/08
- Re: [PATCH v3 0/2] sev: enable secret injection to a self described area in OVMF, Paolo Bonzini, 2021/02/05

Prev by Date: Re: [PATCH 0/2] Remaining work for PKS Implementation
Next by Date: Re: [PATCH v3 0/2] sev: enable secret injection to a self described area in OVMF
Previous by thread: Re: [PATCH v3 2/2] sev: update sev-inject-launch-secret to make gpa optional
Next by thread: Re: [PATCH v3 2/2] sev: update sev-inject-launch-secret to make gpa optional
Index(es):
- Date
- Thread