[edk2-devel] [RFC PATCH v5 07/28] OvmfPkg/ResetVector: pre-validate the data pages used in SEC phase
Erdem Aktas via groups.io
erdemaktas=google.com at groups.io
Sat Jul 31 08:44:56 UTC 2021
On Wed, Jun 30, 2021 at 5:54 AM Brijesh Singh <brijesh.singh at amd.com> wrote:
>
> a) Enhance the OVMF reset vector code to validate the pages as described
> above (go through step 2 - 3).
> OR
> b) Validate the pages during the guest creation time. The SEV firmware
> provides a command which can be used by the VMM to validate the pages
> without affecting the measurement of the launch.
Are you referring to the PAGE_TYPE_UNMEASURED? Does it not affect the
measurement , PAGE_INFO will be still measured, right?
> Approach #b seems much simpler; it does not require any changes to the
> OVMF reset vector code.
I am worried about verifying the measurement. I understand the secret
page and cpuid page being part of measurement because both of them are
mentioned in the AMD SNP SPEC but now we are introducing a new
parameters (all the 4KB page addresses between SNP_HV_VALIDATED_START
and SNP_HV_VALIDATED_END) that VM owner needs to know to calculate the
measurement and verify the attestation.
Sorry if I am overthinking or missing something here.
-Erdem
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78464): https://edk2.groups.io/g/devel/message/78464
Mute This Topic: https://groups.io/mt/83891520/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list