Re: [PULL 9/9] hw/i386: pass RNG seed via setup_data entry

[Daniel P . Berrangé]

On Thu, Jul 21, 2022 at 06:36:21PM +0200, Paolo Bonzini wrote:
> From: "Jason A. Donenfeld" <Jason@zx2c4.com>
> 
> Tiny machines optimized for fast boot time generally don't use EFI,
> which means a random seed has to be supplied some other way. For this
> purpose, Linux (≥5.20) supports passing a seed in the setup_data table
> with SETUP_RNG_SEED, specially intended for hypervisors, kexec, and
> specialized bootloaders. The linked commit shows the upstream kernel
> implementation.
> 
> At Paolo's request, we don't pass these to versioned machine types ≤7.0.


This change has also broken direct kernel measured boot with AMD SEV
confidential virtualization.

The vmlinuz that we pass in with -kernel is measured by the BIOS and
since that gets munged with a random seed, the measurement no longer
matches the expected measurements the person attesting boot will
have pre-calculated.

The kernel binary passed to the firmware must be 100% unchanged
from what the user provided in order for boot measurements to
succeed.

So at the very least this codes needs to be conditionalized to
not run when AMD SEV is active.


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|