[edk2-devel] measurement to command-line/initrd for loading kernel via -kernel option
Min Xu
min.m.xu at intel.com
Sat Sep 17 02:52:18 UTC 2022
Hi, Ard
I am checking the measurement behavior when loading the kernel via the QEMU -kernel option. I find it is implemented by below 2 driver/lib:
- OvmfPkg/QemuKernelLoaderFsDxe
This is a separate DXE driver that exposes the virtual SimpleFileSystem implementation that carries the kernel and initrd passed via the QEMU command line.
- OvmfPkg/Library/X86QemuLoadImageLib
This is the library that consumes above driver and call LoadImage/StartImage so that the kernel image gets authenticated and/or measured.
See https://edk2.groups.io/g/devel/message/55381
I have some questions about the implementation need your help.
1. In the QemuKernelLoaderFsDxe, AllocatePool is called to allocate memory. Why not call AllocatePages? Kernel image size may be around 15 MB, but initrd size maybe much bigger.
2. Kernel image is authenticated and/or measured in LoadImage. I am wondering if "command line" is measured as well? "Command line" can be treated as an external input and in my opinion it should be measured too.
3. The same question to initrd. Is it measured?
Thanks
Min
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#93915): https://edk2.groups.io/g/devel/message/93915
Mute This Topic: https://groups.io/mt/93737108/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/edk2-devel-archive/attachments/20220917/ffee1832/attachment.htm>
More information about the edk2-devel-archive
mailing list