Re: [edk2-devel] measurement to command-line/initrd for loading kernel via -kernel option

["Gerd Hoffmann" <kraxel@redhat.com>]

On Tue, Sep 20, 2022 at 02:30:01PM +0000, Lu, Ken wrote:
> > > So there are two types loaders:
> > > 1. QemuKernelLoaderFsDxe  -   this way just put kernel/initrd blob into a FS
> > for any future's usage, may be continue boot or not.
> > > 2. QemuLoadKernelImage,    -    this is consumed by TryRunningQemuKernel()
> > - standard Qemu direct boot path
> > 
> > Nope.  QemuLoadKernelImage loads the linux kernel from the virtual filesystem
> > created by QemuKernelLoaderFsDxe.  And for the initrd it'll just pass
> > 'inittd=initrd' and the stub loads it.
> > 
> > We have two variants:
> >   GenericQemuLoadImageLib - supports efi stub only
> >   X86QemuLoadImageLib     - has fallback code paths for the legacy
> >                             pre-efi-stub boot protocol (guess that
> >                             is the one grub has deprecated for 2.06).
> > 
> > So, yes, with the legacy protocol there is no stub which can measure things, but
> > for the snake of confidential computing we can completely ignore that.  Kernels
> > which are *that* old certainly will not have support for SEV / TDX ...
> > 
> 
> Thanks Hoffman. Hmm.. GenericQemuLoadImageLib sound like is used by ArmVirtQemu.dsc, OvmfXen.dsc, AmdSevX64.dsc,.....
> But X86QemuLoadImageLib is used by OvmfPkgX64.dsc and Intel TDX~~
> 
> Headache.... do you want use GenericQemuLoadImageLib to replace X86 one for OvmfPkgX64.dsc also?

I think most x86 should stick to X86QemuLoadImageLib for backward
compatibility reasons.

The AmdSevX64 and IntelTDX variants can most likely be switched over to
GenericQemuLoadImageLib without breaking stuff.  Linux kernels new
enough to support sev / tdx should not need the legacy support.

> But either in GenericQemuLoadImageLib, it can do measurement for command line and initrd, correct?

Yes, it could.  But why given that the linux kernel efi stub measures anyway?

take care,
  Gerd