From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web11.7035.1623241554124826438 for ; Wed, 09 Jun 2021 05:25:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=q8jH4gJ0; spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: dovmurik@linux.ibm.com) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 159CCKdf144110; Wed, 9 Jun 2021 08:25:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=subject : to : cc : references : from : message-id : date : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pp1; bh=9GKdiY2VjItb1WZk5om1VlnRElnwB9nbldUmp7hVkM8=; b=q8jH4gJ0kF6PN4HlFBWKE526l1OuWvpEczqR+DWKK7OzCA2aI34v2aLq8JSfM3GNQTb0 62HzobNBzwZJSLjl/tDWdTMQaWiYnbobAdZDMTnft4EqNtzd9pNpR45kxdy8qwqQ/s+b E3oJg4dQxApjPMrG0ZcW7ImMLhQlm1k2QznqYY9FNYYpWBYTdg1IcxRiwpsXUZfUpE4E 0DGeCIbXS0Hd5XNFhDQryNfTGd9kufkSe3Hk732gvbk/PjNLoYCRyoRevi1RB1sv/mwn 1gl1HxQKFNZm1F1vRYC5AMKIqRKhGVw6kxYlqjSzYRniAS1uc30Jcltp8PnyTJ69oQH5 eA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 392w48990k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 09 Jun 2021 08:25:52 -0400 Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 159CCc2m145469; Wed, 9 Jun 2021 08:25:51 -0400 Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0a-001b2d01.pphosted.com with ESMTP id 392w4898ye-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 09 Jun 2021 08:25:51 -0400 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 159CDqL1032201; Wed, 9 Jun 2021 12:25:49 GMT Received: from b06avi18626390.portsmouth.uk.ibm.com (b06avi18626390.portsmouth.uk.ibm.com [9.149.26.192]) by ppma03ams.nl.ibm.com with ESMTP id 3900w8j54b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 09 Jun 2021 12:25:49 +0000 Received: from d06av21.portsmouth.uk.ibm.com (d06av21.portsmouth.uk.ibm.com [9.149.105.232]) by b06avi18626390.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 159COw8j36962574 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 9 Jun 2021 12:24:58 GMT Received: from d06av21.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 28F5E52050; Wed, 9 Jun 2021 12:25:46 +0000 (GMT) Received: from [9.160.30.75] (unknown [9.160.30.75]) by d06av21.portsmouth.uk.ibm.com (Postfix) with ESMTP id 47CF85204F; Wed, 9 Jun 2021 12:25:42 +0000 (GMT) Subject: Re: [edk2-devel] [PATCH v1 0/8] Measured SEV boot with kernel/initrd/cmdline To: Laszlo Ersek , devel@edk2.groups.io, Ard Biesheuvel Cc: Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , Jim Cadden , James Bottomley , Hubertus Franke , Jordan Justen , Ashish Kalra , Brijesh Singh , Erdem Aktas , Jiewen Yao , Min Xu , Tom Lendacky References: <20210525053116.1533673-1-dovmurik@linux.ibm.com> <5d8c598e-31de-7973-df51-e913bba54587@redhat.com> <3cead34f-a736-3a5d-4933-cebc085ca868@redhat.com> <980736b6-2450-c695-98f5-84870c4ba3ee@redhat.com> From: "Dov Murik" Message-ID: <510c9680-c0c7-a413-5bac-80e54578d1df@linux.ibm.com> Date: Wed, 9 Jun 2021 15:25:41 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: <980736b6-2450-c695-98f5-84870c4ba3ee@redhat.com> X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: Lb4luoH6VbCY-6tzWYy3_zqqAzaCMUHn X-Proofpoint-GUID: skt12_OH99dG6r-VwnlJcddQXYpj-g36 X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.761 definitions=2021-06-09_04:2021-06-04,2021-06-09 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 adultscore=0 mlxscore=0 priorityscore=1501 lowpriorityscore=0 malwarescore=0 impostorscore=0 clxscore=1011 spamscore=0 mlxlogscore=999 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2106090059 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 08/06/2021 18:59, Laszlo Ersek wrote: > On 06/08/21 14:09, Dov Murik wrote: >> On 08/06/2021 13:59, Laszlo Ersek wrote: >>> On 06/08/21 11:57, Dov Murik wrote: > >> >> But if we go with (1) -- do you (and Ard) prefer: >> >> (a) leave X86QemuLoadImageLib as it is in master; >> >> -or- >> >> (b) modify X86QemuLoadImageLib the "main" path to use the >> QemuKernelLoaderFs (what I started doing) and leave the "legacy" path >> with QemuFwCfg >> >> ? > > I prefer option (a), with the extension that we need to update the > following file-top comment in the files under > "OvmfPkg/Library/X86QemuLoadImageLib": > > X86 specific implementation of QemuLoadImageLib library class interface > with support for loading mixed mode images and non-EFI stub images > First attempt at this is submitted to the mailing list: https://edk2.groups.io/g/devel/message/76265 > We should add a warning there that this library instance (a) depends on > fw_cfg directly, and (b) is therefore unsuitable for blob verification > purposes. I'll add the warning (b) when I add the blob verification feature. -Dov