[libvirt PATCH v3 04/12] tools: support validating SEV direct kernel boot measurements

Sun Nov 6 21:03:15 UTC 2022

On 11/2/22 7:58 AM, Daniel P. Berrangé wrote:
> When doing direct kernel boot we need to include the kernel, initrd and
> cmdline in the measurement.
> 
> Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
> ---
>  docs/manpages/virt-qemu-sev-validate.rst |  43 +++++++++
>  tools/virt-qemu-sev-validate             | 108 ++++++++++++++++++++++-
>  2 files changed, 150 insertions(+), 1 deletion(-)
> 

...

> +
> +class KernelTable(GUIDTable):
> +
> +    TABLE_GUID = UUID('{9438d606-4f22-4cc9-b479-a793-d411fd21}').bytes_le
> +    KERNEL_GUID = UUID('{4de79437-abd2-427f-b835-d5b1-72d2045b}').bytes_le
> +    INITRD_GUID = UUID('{44baf731-3a2f-4bd7-9af1-41e2-9169781d}').bytes_le
> +    CMDLINE_GUID = UUID('{97d02dd8-bd20-4c94-aa78-e771-4d36ab2a}').bytes_le
> +
> +    def __init__(self):
> +        super().__init__(guid=self.TABLE_GUID,
> +                         lenlen=2)
> +
> +        self.kernel = None
> +        self.initrd = sha256(bytes([])).digest()
> +        self.cmdline = sha256(bytes([0])).digest()
> +

This bit here caused a regression from v2. self.initrd and self.cmdline
should be initialized to None. Otherwise the code that triggers
load_kernel and load_initrd never runs.

- Cole