From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5])
 by mx.groups.io with SMTP id smtpd.web09.6198.1635838471668609755
 for <devel@edk2.groups.io>;
 Tue, 02 Nov 2021 00:34:32 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=si3tbvMq;
 spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: dovmurik@linux.ibm.com)
Received: from pps.filterd (m0098420.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1A27AteQ015739;
	Tue, 2 Nov 2021 07:34:29 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject
 : date : message-id : content-transfer-encoding : mime-version; s=pp1;
 bh=QyqELtLEj1y7deIeCjhcJyCErtyhIw3u6CI9MXQv0LE=;
 b=si3tbvMqSfxU6Hi4duMZiTkndduaq0D6n1vkAw1lvrxE9Su3PeiIvgd954AS8zZIig+j
 VqYkqTTObBmE/4r4lnQcFEMbb1CSY9bWq3x8UcKQMUvleC4IfZ+gCTvwHuDedOL/cKQe
 OwLJyBswe8pvgECTPTz5Ax1uWOpnQ0UrbzNBu+Vq46b/ailAc6dJQuOSM42F3PYsr3+u
 nHn/tIn+Z47+GSQj6eYpIwgvo3Jg88RqDWSjcXAq0Vn9G/HRjwynU6PAleisVsr26bW1
 yqw92I5jKtBJOq+QQcwTJ7MkuNaLT4aLG8JH/uyaMy3JTiMbd3A4Y+XCnLg6C5PtSuOX /w== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3c2nrnmmmw-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 02 Nov 2021 07:34:29 +0000
Received: from m0098420.ppops.net (m0098420.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 1A27U8rq013863;
	Tue, 2 Nov 2021 07:34:28 GMT
Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3c2nrnmmmm-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 02 Nov 2021 07:34:28 +0000
Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1])
	by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 1A27SsIR023951;
	Tue, 2 Nov 2021 07:34:28 GMT
Received: from b03cxnp08025.gho.boulder.ibm.com (b03cxnp08025.gho.boulder.ibm.com [9.17.130.17])
	by ppma03wdc.us.ibm.com with ESMTP id 3c0wpadacp-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 02 Nov 2021 07:34:28 +0000
Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233])
	by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 1A27YQrO37683700
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Tue, 2 Nov 2021 07:34:27 GMT
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id CAED913605D;
	Tue,  2 Nov 2021 07:34:26 +0000 (GMT)
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 0828413604F;
	Tue,  2 Nov 2021 07:34:25 +0000 (GMT)
Received: from amdrome3.watson.ibm.com (unknown [9.2.130.16])
	by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP;
	Tue,  2 Nov 2021 07:34:25 +0000 (GMT)
From: "Dov Murik" <dovmurik@linux.ibm.com>
To: devel@edk2.groups.io
Cc: Dov Murik <dovmurik@linux.ibm.com>,
        Ard Biesheuvel <ardb+tianocore@kernel.org>,
        Jordan Justen <jordan.l.justen@intel.com>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Brijesh Singh <brijesh.singh@amd.com>,
        Erdem Aktas <erdemaktas@google.com>,
        James Bottomley <jejb@linux.ibm.com>,
        Jiewen Yao <jiewen.yao@intel.com>, Min Xu <min.m.xu@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH 0/2] OvmgPkg: Add SEV launch secret and hashes table areas
Date: Tue,  2 Nov 2021 07:34:20 +0000
Message-Id: <20211102073422.340858-1-dovmurik@linux.ibm.com>
X-Mailer: git-send-email 2.25.1
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: Xdzy3Dy3ANkrYJ5C83ogEJxDIoZLyYIl
X-Proofpoint-ORIG-GUID: Uu-_wenP-7iu2X_tIFTfHI6lVASCJqty
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475
 definitions=2021-11-02_06,2021-11-01_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015
 priorityscore=1501 suspectscore=0 lowpriorityscore=0 malwarescore=0
 mlxscore=0 spamscore=0 bulkscore=0 adultscore=0 impostorscore=0
 mlxlogscore=840 phishscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.12.0-2110150000 definitions=main-2111020044
Content-Transfer-Encoding: 8bit

The SEV launch secret area and the QEMU hashes table area were specified
in the OvmfPkg/AmdSev/AmdSevX64 MEMFD but not in OvmfPkg/OvmfPkgX64 and
in OvmgPkg/Microvm/MicrovmX64.

This series adds theses MEMFD entries to both targets.  It allows QEMU
to discover the secrets area when performing SEV/SEV-ES secret
injection, and to properly fill the hashes table (though currently these
targets do not perform hashes verification when loading
kernel/initrd/cmdline from QEMU via fw_cfg).

After applying the patches, the MEMFD section of the three targets' fdf
files is identical:

    $ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/OvmfPkgX64.fdf | sha1sum
    6ff89173952413fbdb7ffbbf42f8bc389c928500  -
    $ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/Microvm/MicrovmX64.fdf | sha1sum
    6ff89173952413fbdb7ffbbf42f8bc389c928500  -
    $ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/AmdSev/AmdSevX64.fdf | sha1sum
    6ff89173952413fbdb7ffbbf42f8bc389c928500  -

Code is in:
https://github.com/confidential-containers-demo/edk2/tree/add-sev-secret-and-hashes

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>

Dov Murik (2):
  OvmfPkg/OvmfPkgX64: Add SEV launch secret and hashes table areas to
    MEMFD
  OvmfPkg/Microvm: Add SEV launch secret and hashes table areas to MEMFD

 OvmfPkg/Microvm/MicrovmX64.fdf | 8 +++++++-
 OvmfPkg/OvmfPkgX64.fdf         | 8 +++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

-- 
2.25.1