From: "Daniel P. Berrangé" <berrange@redhat.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: "Paolo Bonzini" <pbonzini@redhat.com>,
"QEMU Developers" <qemu-devel@nongnu.org>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Eduardo Habkost" <eduardo@habkost.net>,
"Peter Maydell" <peter.maydell@linaro.org>,
"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
"Laurent Vivier" <laurent@vivier.eu>,
"Michael S . Tsirkin" <mst@redhat.com>
Subject: Re: [PULL 9/9] hw/i386: pass RNG seed via setup_data entry
Date: Thu, 4 Aug 2022 13:48:11 +0100 [thread overview]
Message-ID: <YuvAC3tqRAYeeVJm@redhat.com> (raw)
In-Reply-To: <CAHmME9rNo7omz8s1rgDPjZnd9Pmzj5TjCenvQU30wMTS99_5GQ@mail.gmail.com>
On Thu, Aug 04, 2022 at 02:13:41PM +0200, Jason A. Donenfeld wrote:
> Hi Daniel,
>
> On Thu, Aug 4, 2022 at 2:01 PM Daniel P. Berrangé <berrange@redhat.com> wrote:
> >
> > On Thu, Jul 21, 2022 at 06:36:21PM +0200, Paolo Bonzini wrote:
> > > From: "Jason A. Donenfeld" <Jason@zx2c4.com>
> > >
> > > Tiny machines optimized for fast boot time generally don't use EFI,
> > > which means a random seed has to be supplied some other way. For this
> > > purpose, Linux (≥5.20) supports passing a seed in the setup_data table
> > > with SETUP_RNG_SEED, specially intended for hypervisors, kexec, and
> > > specialized bootloaders. The linked commit shows the upstream kernel
> > > implementation.
> > >
> > > At Paolo's request, we don't pass these to versioned machine types ≤7.0.
> >
> >
> > This change has also broken direct kernel measured boot with AMD SEV
> > confidential virtualization.
> >
> > The vmlinuz that we pass in with -kernel is measured by the BIOS and
> > since that gets munged with a random seed, the measurement no longer
> > matches the expected measurements the person attesting boot will
> > have pre-calculated.
> >
> > The kernel binary passed to the firmware must be 100% unchanged
> > from what the user provided in order for boot measurements to
> > succeed.
> >
> > So at the very least this codes needs to be conditionalized to
> > not run when AMD SEV is active.
>
> If you look at the v2 patch, I move all of the setup_data stuff
> outside of the kernel image, so the kernel image itself doesn't get
> modified. So SEV should still work.
>
> Can you test that patch and see?
It looks like the v2 patch fixes it, 'kernel' is no longer modified
and we throw away the modified 'setup' data for SEV.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2022-08-04 12:54 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-21 16:36 [PULL 0/9] More fixes + random seed patches for QEMU 7.1 Paolo Bonzini
2022-07-21 16:36 ` [PULL 1/9] docs: Add caveats for Windows as the build platform Paolo Bonzini
2022-07-21 16:36 ` [PULL 2/9] accel/kvm: Avoid Coverity warning in query_stats() Paolo Bonzini
2022-07-21 16:36 ` [PULL 3/9] oss-fuzz: remove binaries from qemu-bundle tree Paolo Bonzini
2022-07-21 16:36 ` [PULL 4/9] oss-fuzz: ensure base_copy is a generic-fuzzer Paolo Bonzini
2022-07-21 16:36 ` [PULL 5/9] hw/nios2: virt: pass random seed to fdt Paolo Bonzini
2022-07-21 16:36 ` [PULL 6/9] hw/mips: boston: " Paolo Bonzini
2022-07-21 16:36 ` [PULL 7/9] hw/guest-loader: " Paolo Bonzini
2022-07-21 19:36 ` Alex Bennée
2022-07-21 20:20 ` Jason A. Donenfeld
2022-07-22 9:45 ` Alex Bennée
2022-07-22 11:26 ` Jason A. Donenfeld
2022-07-22 14:27 ` Alex Bennée
2022-07-22 16:32 ` Paolo Bonzini
2022-07-22 19:07 ` Jason A. Donenfeld
2022-07-22 12:04 ` Paolo Bonzini
2022-07-22 12:21 ` Jason A. Donenfeld
2022-07-21 16:36 ` [PULL 8/9] hw/rx: " Paolo Bonzini
2022-07-21 16:36 ` [PULL 9/9] hw/i386: pass RNG seed via setup_data entry Paolo Bonzini
2022-08-02 3:28 ` Xiaoyao Li
2022-08-02 13:21 ` Jason A. Donenfeld
2022-08-02 14:53 ` Xiaoyao Li
2022-08-02 15:06 ` Jason A. Donenfeld
2022-08-02 15:13 ` Jason A. Donenfeld
2022-08-03 1:34 ` Xiaoyao Li
2022-08-03 10:52 ` Daniel P. Berrangé
2022-08-03 13:11 ` Jason A. Donenfeld
2022-08-03 13:34 ` Jason A. Donenfeld
2022-08-03 17:07 ` Jason A. Donenfeld
2022-08-03 22:03 ` Michael S. Tsirkin
2022-08-03 22:08 ` Jason A. Donenfeld
2022-08-03 22:23 ` Michael S. Tsirkin
2022-08-04 5:40 ` Laszlo Ersek
2022-08-04 12:01 ` Daniel P. Berrangé
2022-08-04 12:13 ` Jason A. Donenfeld
2022-08-04 12:48 ` Daniel P. Berrangé [this message]
2022-08-04 16:56 ` Alex Bennée
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YuvAC3tqRAYeeVJm@redhat.com \
--to=berrange@redhat.com \
--cc=Jason@zx2c4.com \
--cc=eduardo@habkost.net \
--cc=f4bug@amsat.org \
--cc=laurent@vivier.eu \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.