All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dov Murik <dovmurik@linux.ibm.com>
To: qemu-devel@nongnu.org
Cc: "Tom Lendacky" <thomas.lendacky@amd.com>,
	"Ashish Kalra" <ashish.kalra@amd.com>,
	"Brijesh Singh" <brijesh.singh@amd.com>,
	"Eduardo Habkost" <ehabkost@redhat.com>,
	"James Bottomley" <jejb@linux.ibm.com>,
	"Marcelo Tosatti" <mtosatti@redhat.com>,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
	"Dov Murik" <dovmurik@linux.ibm.com>,
	"Tobin Feldman-Fitzthum" <tobin@linux.ibm.com>,
	"Paolo Bonzini" <pbonzini@redhat.com>,
	"Philippe Mathieu-Daudé" <philmd@redhat.com>
Subject: [PATCH 1/3] sev/i386: Allow launching with -kernel if no OVMF hashes table found
Date: Mon,  1 Nov 2021 10:21:34 +0000	[thread overview]
Message-ID: <20211101102136.1706421-2-dovmurik@linux.ibm.com> (raw)
In-Reply-To: <20211101102136.1706421-1-dovmurik@linux.ibm.com>

Commit cff03145ed3c ("sev/i386: Introduce sev_add_kernel_loader_hashes
for measured linux boot", 2021-09-30) introduced measured direct boot
with -kernel, using an OVMF-designated hashes table which QEMU fills.

However, if OVMF doesn't designate such an area, QEMU would completely
abort the VM launch.  This breaks launching with -kernel using older
OVMF images which don't publish the SEV_HASH_TABLE_RV_GUID.

Instead, just warn the user that -kernel was supplied by OVMF doesn't
specify the GUID for the hashes table.  The following warning will be
displayed during VM launch:

    qemu-system-x86_64: warning: SEV: kernel specified but OVMF has no hash table guid

Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reported-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 target/i386/sev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index eede07f11d..682b8ccf6c 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -1204,7 +1204,7 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
     int aligned_len;
 
     if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) {
-        error_setg(errp, "SEV: kernel specified but OVMF has no hash table guid");
+        warn_report("SEV: kernel specified but OVMF has no hash table guid");
         return false;
     }
     area = (SevHashTableDescriptor *)data;
-- 
2.25.1



  reply	other threads:[~2021-11-01 10:31 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-01 10:21 [PATCH 0/3] SEV: fixes for -kernel launch with incompatible OVMF Dov Murik
2021-11-01 10:21 ` Dov Murik [this message]
2021-11-01 14:25   ` [PATCH 1/3] sev/i386: Allow launching with -kernel if no OVMF hashes table found Tom Lendacky
2021-11-01 17:56     ` Dov Murik
2021-11-03 16:02   ` Daniel P. Berrangé
2021-11-04 18:18     ` Dr. David Alan Gilbert
2021-11-04 18:22       ` Daniel P. Berrangé
2021-11-05  7:41         ` Dov Murik
2021-11-01 10:21 ` [PATCH 2/3] sev/i386: Warn if using -kernel with invalid OVMF hashes table area Dov Murik
2021-11-02 12:36   ` Dr. David Alan Gilbert
2021-11-02 12:56     ` Dov Murik
2021-11-02 18:38       ` Dr. David Alan Gilbert
2021-11-02 19:00         ` Philippe Mathieu-Daudé
2021-11-03 16:07   ` Daniel P. Berrangé
2021-11-05  7:52     ` Dov Murik
2021-11-01 10:21 ` [PATCH 3/3] sev/i386: Perform padding calculations at compile-time Dov Murik
2021-11-02 11:36   ` Dr. David Alan Gilbert
2021-11-02 11:50     ` Dov Murik
2021-11-03 14:49   ` Philippe Mathieu-Daudé
2021-11-02 10:52 ` [PATCH 0/3] SEV: fixes for -kernel launch with incompatible OVMF Brijesh Singh
2021-11-02 13:22   ` Dov Murik
2021-11-02 14:48     ` Brijesh Singh
2021-11-03 14:08       ` Dr. David Alan Gilbert
2021-11-03 15:44         ` Brijesh Singh
2021-11-05  7:38           ` Dov Murik
2021-11-05 18:32       ` Dov Murik
2021-11-08 21:22         ` Brijesh Singh
2021-11-09  7:34           ` Dov Murik
2021-11-03 16:10     ` Daniel P. Berrangé

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211101102136.1706421-2-dovmurik@linux.ibm.com \
    --to=dovmurik@linux.ibm.com \
    --cc=ashish.kalra@amd.com \
    --cc=brijesh.singh@amd.com \
    --cc=dgilbert@redhat.com \
    --cc=ehabkost@redhat.com \
    --cc=jejb@linux.ibm.com \
    --cc=mtosatti@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=philmd@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=thomas.lendacky@amd.com \
    --cc=tobin@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.