From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web09.8130.1623246874475818140 for ; Wed, 09 Jun 2021 06:54:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=MhXSATRl; spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623246873; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vCxL0l4w6l4LLxoCXGF/Rbxma1g4vvKwOuqxpsQ28lM=; b=MhXSATRlfyhF0duTtQd1VKPoPd3eDiL6YZ3SquEJ31C6DVQnwDYBd5ZfsIz2e85pbAb3fk AvgclhANYK1yI7mXTbfwy9wACo8ngnA66s7lYtMzvGaRY04lCHoOohHuKBPnYGQSD8qm0t iWEvV0suQgF9uPdHIYIp5SUNYs1Em4Y= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-169-vP5k2WSvPrOBD9Ayb_OL3w-1; Wed, 09 Jun 2021 09:54:30 -0400 X-MC-Unique: vP5k2WSvPrOBD9Ayb_OL3w-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id DFE42A40D3; Wed, 9 Jun 2021 13:54:27 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-249.ams2.redhat.com [10.36.113.249]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E8F985C230; Wed, 9 Jun 2021 13:54:24 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v1 0/8] Measured SEV boot with kernel/initrd/cmdline To: Dov Murik , devel@edk2.groups.io, Ard Biesheuvel Cc: Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , Jim Cadden , James Bottomley , Hubertus Franke , Jordan Justen , Ashish Kalra , Brijesh Singh , Erdem Aktas , Jiewen Yao , Min Xu , Tom Lendacky References: <20210525053116.1533673-1-dovmurik@linux.ibm.com> <5d8c598e-31de-7973-df51-e913bba54587@redhat.com> <3cead34f-a736-3a5d-4933-cebc085ca868@redhat.com> <980736b6-2450-c695-98f5-84870c4ba3ee@redhat.com> <510c9680-c0c7-a413-5bac-80e54578d1df@linux.ibm.com> From: "Laszlo Ersek" Message-ID: <30251804-1409-4469-af31-50cbea8703cb@redhat.com> Date: Wed, 9 Jun 2021 15:54:23 +0200 MIME-Version: 1.0 In-Reply-To: <510c9680-c0c7-a413-5bac-80e54578d1df@linux.ibm.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 06/09/21 14:25, Dov Murik wrote: > > > On 08/06/2021 18:59, Laszlo Ersek wrote: >> On 06/08/21 14:09, Dov Murik wrote: >>> On 08/06/2021 13:59, Laszlo Ersek wrote: >>>> On 06/08/21 11:57, Dov Murik wrote: >> > >>> >>> But if we go with (1) -- do you (and Ard) prefer: >>> >>> (a) leave X86QemuLoadImageLib as it is in master; >>> >>> -or- >>> >>> (b) modify X86QemuLoadImageLib the "main" path to use the >>> QemuKernelLoaderFs (what I started doing) and leave the "legacy" path >>> with QemuFwCfg >>> >>> ? >> >> I prefer option (a), with the extension that we need to update the >> following file-top comment in the files under >> "OvmfPkg/Library/X86QemuLoadImageLib": >> >> X86 specific implementation of QemuLoadImageLib library class interface >> with support for loading mixed mode images and non-EFI stub images >> > > First attempt at this is submitted to the mailing list: > https://edk2.groups.io/g/devel/message/76265 > > >> We should add a warning there that this library instance (a) depends on >> fw_cfg directly, and (b) is therefore unsuitable for blob verification >> purposes. > > I'll add the warning (b) when I add the blob verification feature. That makes sense to me, thanks. Laszlo