From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 by mx.groups.io with SMTP id smtpd.web11.891.1627490513449782339
 for <devel@edk2.groups.io>;
 Wed, 28 Jul 2021 09:41:53 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=XlBt4E+r;
 spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: jiewen.yao@intel.com)
X-IronPort-AV: E=McAfee;i="6200,9189,10059"; a="298285550"
X-IronPort-AV: E=Sophos;i="5.84,276,1620716400"; 
   d="scan'208";a="298285550"
Received: from orsmga003.jf.intel.com ([10.7.209.27])
  by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Jul 2021 09:41:50 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.84,276,1620716400"; 
   d="scan'208";a="417821032"
Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81])
  by orsmga003.jf.intel.com with ESMTP; 28 Jul 2021 09:41:49 -0700
Received: from fmsmsx606.amr.corp.intel.com (10.18.126.86) by
 fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.10; Wed, 28 Jul 2021 09:41:48 -0700
Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by
 fmsmsx606.amr.corp.intel.com (10.18.126.86) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.10 via Frontend Transport; Wed, 28 Jul 2021 09:41:48 -0700
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.169)
 by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2242.10; Wed, 28 Jul 2021 09:41:46 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=X8jKzHnUV917Ru2EQH72ydD91ouj2jfOojpL7QRKCIWnbaaWiwZXhcvU9nunDdClYS/5Tr77Z66U2fuP+jycVZbbPbMudDuay3AyQJLCE4eD2hwoHasWu7GNLXF0ElmrtHw7HhQZzV/RKXCedGq9cMk9hPjDLQ7tk9Vvx7AFWbA5B4Y8x4ONKKAdY+S4nMWpWPiGJRuLNdvoSXDMJuUA7NsiD9SNo+GDmgnkny9sc80hXsl/Q04qqD/BkwP0mVGzZDHLE+D9ALKv7IbNjJuE2it6bf6gOkrvCSxPKM1iYxusUvdwnVrpHAng4Cyci+iqvvyryZKBxqY7qfuSZp9jkA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=LUukfJuBuZ8bREVmJEVzw4AQco9jnvsFY3CcInEC1xQ=;
 b=eJG1Wrb5Qhs2TPDIHqYoVkghmu2FeEVz3UGCHuSZgYPzLkdc4d62DnHigeky0cH7hktHZ0Nem3Yq6c/xtqn7mO4FbhAIyTUnldfvqjancXnVphFSIsyTlHIlLLnJK9Q7ShV3O9nk6oamziXFUR1Ocu6UxegqgtUO9n29C341ev29qFeUagg3CyCRUrm47OM+h4pdfJvKCSV4fGick8DuljmnmUgOn2LsCXYEU5+jMjtavvPrqIRHsSLUhHE7x2tryorYnumwLpQl74XrbB2PmIRG/eQEtZOkLFSDOA2KL0uURXqhmID/olFcG412XY1YKP7zYdX7zfRG/McartaMfw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=LUukfJuBuZ8bREVmJEVzw4AQco9jnvsFY3CcInEC1xQ=;
 b=XlBt4E+r7m22Nck+TPCocFZQaRb0DMmPkGqVrZcgwESfro9g9XYBJLASPchtlokFmSOsppeP15nFUBgLW5xGN20AbGiw+0ibceUQ6KlB7yyk6c+cSDbUaYnycO5vhIchyBR+Yk7yEQas4JwoIAxDZHHIo3xTTTcgGFYxEOeTfzo=
Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14)
 by PH0PR11MB4838.namprd11.prod.outlook.com (2603:10b6:510:40::24) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.29; Wed, 28 Jul
 2021 16:41:43 +0000
Received: from PH0PR11MB4885.namprd11.prod.outlook.com
 ([fe80::6c99:8170:1c3c:9121]) by PH0PR11MB4885.namprd11.prod.outlook.com
 ([fe80::6c99:8170:1c3c:9121%3]) with mapi id 15.20.4352.031; Wed, 28 Jul 2021
 16:41:43 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "dovmurik@linux.ibm.com"
	<dovmurik@linux.ibm.com>
CC: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>, Tobin Feldman-Fitzthum
	<tobin@ibm.com>, Jim Cadden <jcadden@ibm.com>, James Bottomley
	<jejb@linux.ibm.com>, Hubertus Franke <frankeh@us.ibm.com>, Ard Biesheuvel
	<ardb+tianocore@kernel.org>, "Justen, Jordan L" <jordan.l.justen@intel.com>,
	Ashish Kalra <ashish.kalra@amd.com>, Brijesh Singh <brijesh.singh@amd.com>,
	Erdem Aktas <erdemaktas@google.com>, "Xu, Min M" <min.m.xu@intel.com>, "Tom
 Lendacky" <thomas.lendacky@amd.com>, Leif Lindholm <leif@nuviainc.com>, "Sami
 Mujawar" <sami.mujawar@arm.com>
Subject: Re: [edk2-devel] [PATCH v5 00/11] Measured SEV boot with kernel/initrd/cmdline
Thread-Topic: [edk2-devel] [PATCH v5 00/11] Measured SEV boot with
 kernel/initrd/cmdline
Thread-Index: AQHXgxqyWpJlCXVYFkWYWybzmtQWl6tYmGPg
Date: Wed, 28 Jul 2021 16:41:42 +0000
Message-ID: <PH0PR11MB4885F18A692E1E6CDA7B67F18CEA9@PH0PR11MB4885.namprd11.prod.outlook.com>
References: <20210727190724.3586867-1-dovmurik@linux.ibm.com>
In-Reply-To: <20210727190724.3586867-1-dovmurik@linux.ibm.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-version: 11.5.1.3
dlp-product: dlpe-windows
dlp-reaction: no-action
authentication-results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 98c9405f-730a-4232-3171-08d951e694c8
x-ms-traffictypediagnostic: PH0PR11MB4838:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <PH0PR11MB4838D4AC4A8DDDC7646C98BF8CEA9@PH0PR11MB4838.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: rdsgBdQo9beOv4pEblHHLgULkzgphw8dSOItLlT4wl10WQljSZUV63a9Wkl6WqttYE5SApMsHOE2giHbZNFtbQA2WIPjaby6YTNAGLvkNBqhtXerThZrFKMzJiunEZKD+/l7xRO3ryUsRmyt8GfQ7r5E1XMSaYkS86r0FUawcAGq6TvcONUe8Tdi1MDy7BUpqgZUjqAhM07ZHx8z9Kj7mYqnVKl0b4v2Ie5OrwH9QOrQQQfl+HWjghQF+mlg7MmWXHXA2ezyZe7bOMzvGzLbFmNro/xtKDDRpP1OPE4Sr+5yud6jZLSUHPe1Z/+PLhpYshlzHa2SOvJ8m57OTpfsLutlengslGOOXYzSdvKYIVMyec8ATDYhFNqzifhT7u0nDVLGyhX77j/9Acpe4GCvjHR8veRE8dNFgYfKVi/N7ZgP5DrL9yzfBEMERkD8hgYlbg1Y1Wt6LaKbGy6oSySJ4ihMY/d5wBsbmb6FvBPmjKTBfZamFTFZksQtpXjb1ttbmEVXnlMDCR/O3ZuObDleE/Be0D9/DIFES40j23BhfNSs0GuVv5tlzHgnV/nfDsZWjQ1mXKSncWiJ5Qp+qIMVlwMjt3bL3IepMv/Wm0eLjLr3u1jxyVXJi3K0QkMP4iwSonibj91YRENZfdyXZe2uuuwEzlxVWoJUJuC1lJB+GSLkoTaFSmJmPFBZgi2RFV6zkmTmWYCncY0wc7zalVt0N6GxM6n22P1OW3AsZeIErJaSzIJ+b7AmHo9HBE/F0VLAmVjjui5Ju+7jg72yaT0NmO8O488P3Y73KoI4mO0faujW2NX+aqRnQTbAF3bAu+Kr5BlknqC0WRqrmdJdK4nZJQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(396003)(346002)(366004)(39860400002)(136003)(5660300002)(33656002)(122000001)(4326008)(66556008)(7416002)(8676002)(186003)(66946007)(19627235002)(66446008)(83380400001)(66476007)(71200400001)(478600001)(55016002)(966005)(9686003)(64756008)(86362001)(316002)(76116006)(38100700002)(26005)(8936002)(2906002)(53546011)(6506007)(52536014)(7696005)(110136005)(54906003)(38070700005);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?IgLt2MbYfU41SQBI/xDua1yJsz3rdjZ2DlxyC3ea5wYxnnAJmI0ap0+rWcvG?=
 =?us-ascii?Q?N8PqcuV2R6r7o/qruvSvAVNc/OTgJ+mUk2w99H0Nda/Btr6SMd2epRCI/PF6?=
 =?us-ascii?Q?DmcQo6BUis5wQPBjj8/Un/3ptAED3D2ausCG2zGH30fvqh29rZ+SXYfUis1f?=
 =?us-ascii?Q?5K8IPFrl8bPzOUcrMPRWSNvMRJQhRs75ZskhBBxZZXtmtlAnTkromxgdYjDO?=
 =?us-ascii?Q?QClHMgZHQr0VLRasyxh+iRVNpYgGqM1iUC08LXKAwRhLWH8akHbwZYZnqpEO?=
 =?us-ascii?Q?ityM2XhQsbnwg8oNuFL5hX2X+aB8c85wi0/K2oQD5hBhCVSdXGbHnu+e2qHc?=
 =?us-ascii?Q?J4eZ7zOVF0xq7pbFUFPdi+ihARc2we90+nEXJS6dLvTP6d/wBbLCaKdRq9p/?=
 =?us-ascii?Q?3FIHVrsW8SdgIpT8Z+LhGblmdZH/UTAqF9q+oyd3ATo4ZqPcKFMv+uu9/OVZ?=
 =?us-ascii?Q?xrsqa+N31K2162/DWxBZ3hD3j/K190GflKp9c3Tueeo/uqBu5oTScWSAyhpB?=
 =?us-ascii?Q?IaJAV33pGT0+9Q/mHPuy+nx3vUP+bDM29gGvPjzC2+WgOx1WA5Si5rdXvO4X?=
 =?us-ascii?Q?1eMa/s1suC0BHhmEUFxRRVid5GVTE5NoGh9kb5LnO9UMoYBGcUpUS0Z2jfG8?=
 =?us-ascii?Q?r8w9MIgN+elr64VUjM/1WsCFUgA/RYJKS0SJXqEjjJ+UO9nqkydaFeuy5K6f?=
 =?us-ascii?Q?EtRVrOlrfNQPKR6YPl2/TjANo3XeGX8xV+Md8/dFvb3GVNpihh2L0M6o6GVU?=
 =?us-ascii?Q?2PBmY+AToJ0jHuCD1tD/kYfgXfJc+8haUJtuJlWqyeGpm7rkH6lb+7Q7+37f?=
 =?us-ascii?Q?lhKORupdvjwEvMuwvZfP+RdlCOI57IKXsVVGZOls6H+3+weocSWmm9ms6bLf?=
 =?us-ascii?Q?p7C2a4kgDnKbfrN20MTSLOS84jOpkwibuzuJPs2hQfE5cKgKTwVzF9F6dp/v?=
 =?us-ascii?Q?uWiVGKUd3EM0wb1rBFcz3u2INb9tG6HzDEssL6ulyCCfAagSP5t5zR9qI/UB?=
 =?us-ascii?Q?pAH41dQb6GjkQAdzYj1ceEF9aaWAfJ6kDZlBqEy+lQ23Kx/LradO1OvIhGNJ?=
 =?us-ascii?Q?y/qzKwRiJhNiSiYC8N89qtiZzRAzpeuYrHtcelgLJF5kPfnoHz6RATZuV4s7?=
 =?us-ascii?Q?JaboH7ZzCKTtW+EueWhGbOP92EuXUtbnCkkl6wdEsIJh7Kad3fgZ35fM+07D?=
 =?us-ascii?Q?GmEcA+LOwuy0Be3/gRDZ/672Q4MPtEQe6ft/QG8NEXOTcYRX/KS82CwiGm/J?=
 =?us-ascii?Q?u21njCMkDbA1aIGuAhKePi2MNlMAdNK9iN4CDXPgKRuP3GbBKNbxaxYplJBa?=
 =?us-ascii?Q?S+qf6mkCk0pxxKDbMqQV3rWY?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 98c9405f-730a-4232-3171-08d951e694c8
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jul 2021 16:41:42.9195
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: DNmdwqkk7+xiT8O08QnPgwIByHlcD+5wYv4qB7u3+abYLm1XG/a9OJfNYaDC+i4i6zCaBnz9/Ojhov4+vMZdGA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4838
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

For OvmfPkg, reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
For ArmVirtPkg, acked-by: Jiewen Yao <Jiewen.yao@intel.com>



> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Dov Murik
> Sent: Wednesday, July 28, 2021 3:07 AM
> To: devel@edk2.groups.io
> Cc: Dov Murik <dovmurik@linux.ibm.com>; Tobin Feldman-Fitzthum
> <tobin@linux.ibm.com>; Tobin Feldman-Fitzthum <tobin@ibm.com>; Jim
> Cadden <jcadden@ibm.com>; James Bottomley <jejb@linux.ibm.com>;
> Hubertus Franke <frankeh@us.ibm.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Justen, Jordan L <jordan.l.justen@intel.com=
>;
> Ashish Kalra <ashish.kalra@amd.com>; Brijesh Singh <brijesh.singh@amd.co=
m>;
> Erdem Aktas <erdemaktas@google.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Xu, Min M <min.m.xu@intel.com>; Tom Lendacky
> <thomas.lendacky@amd.com>; Leif Lindholm <leif@nuviainc.com>; Sami
> Mujawar <sami.mujawar@arm.com>
> Subject: [edk2-devel] [PATCH v5 00/11] Measured SEV boot with
> kernel/initrd/cmdline
>=20
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457
>=20
> Booting with SEV prevented the loading of kernel, initrd, and kernel
> command-line via QEMU fw_cfg interface because they arrive from the VMM
> which is untrusted in SEV.
>=20
> However, in some cases the kernel, initrd, and cmdline are not secret
> but should not be modified by the host.  In such a case, we want to
> verify inside the trusted VM that the kernel, initrd, and cmdline are
> indeed the ones expected by the Guest Owner, and only if that is the
> case go on and boot them up (removing the need for grub inside OVMF in
> that mode).
>=20
> This patch series reserves an area in MEMFD (previously the last 1KB of
> the launch secret page) which will contain the hashes of these three
> blobs (kernel, initrd, cmdline), each under its own GUID entry.  This
> tables of hashes is populated by QEMU before launch, and encrypted as
> part of the initial VM memory; this makes sure these hashes are part of
> the SEV measurement (which has to be approved by the Guest Owner for
> secret injection, for example).  Note that populating the hashes table
> requires QEMU support [1].
>=20
> OVMF parses the table of hashes populated by QEMU (patch 10), and as it
> reads the fw_cfg blobs from QEMU, it will verify each one against the
> expected hash.  This is all done inside the trusted VM context.  If all
> the hashes are correct, boot of the kernel is allowed to continue.
>=20
> Any attempt by QEMU to modify the kernel, initrd, cmdline (including
> dropping one of them), or to modify the OVMF code that verifies those
> hashes, will cause the initial SEV measurement to change and therefore
> will be detectable by the Guest Owner during launch before secret
> injection.
>=20
> Relevant part of OVMF serial log during boot with AmdSevX86 build and
> QEMU with -kernel/-initrd/-append:
>=20
>   ...
>   BlobVerifierLibSevHashesConstructor: Found injected hashes table in se=
cure
> location
>   Select Item: 0x17
>   Select Item: 0x8
>   FetchBlob: loading 7379328 bytes for "kernel"
>   Select Item: 0x18
>   Select Item: 0x11
>   VerifyBlob: Found GUID 4DE79437-ABD2-427F-B835-D5B172D2045B in table
>   VerifyBlob: Hash comparison succeeded for "kernel"
>   Select Item: 0xB
>   FetchBlob: loading 12483878 bytes for "initrd"
>   Select Item: 0x12
>   VerifyBlob: Found GUID 44BAF731-3A2F-4BD7-9AF1-41E29169781D in table
>   VerifyBlob: Hash comparison succeeded for "initrd"
>   Select Item: 0x14
>   FetchBlob: loading 86 bytes for "cmdline"
>   Select Item: 0x15
>   VerifyBlob: Found GUID 97D02DD8-BD20-4C94-AA78-E7714D36AB2A in table
>   VerifyBlob: Hash comparison succeeded for "cmdline"
>   ...
>=20
> The patch series is organized as follows:
>=20
> 1:     Simple comment fix in adjacent area in the code.
> 2:     Use GenericQemuLoadImageLib to gain one location for fw_cfg blob
>        fetching.
> 3:     Allow the (previously blocked) usage of -kernel in AmdSevX64.
> 4-7:   Add BlobVerifierLib with null implementation and use it in the co=
rrect
>        location in QemuKernelLoaderFsDxe.
> 8-9:   Reserve memory for hashes table, declare this area in the reset v=
ector.
> 10-11: Add the secure implementation BlobVerifierLibSevHashes and use it=
 in
>        AmdSevX64 builds.
>=20
> [1] https://lore.kernel.org/qemu-devel/20210624102040.2015280-1-
> dovmurik@linux.ibm.com/
>=20
> Code is at
> https://github.com/confidential-containers-demo/edk2/tree/sev-hashes-v5
>=20
> v5 changes:
>  - rename the null implementation dir to OvmfPkg/Library/BlobVerifierLib=
Null
>    (note that I didn't remove the R-b tags on these patches; please let =
me
>    know if I should have acted otherwise)
>  - move the SevHashes implementation to
> OvmfPkg/AmdSev/BlobVerifierLibSevHashes
>  - BlobVerifierLib.h: fix #ifndef according to ECC warnings
>  - separate variable declaration and assignment in
>    BlobVerifierLibSevHashesConstructor (ECC warning)
>=20
> v4: https://edk2.groups.io/g/devel/message/78075
> v4 changes:
>  - BlobVerifierSevHashes (patch 10): more comprehensive overflow tests
>    when parsing the SEV hashes table structure
>=20
> v3: https://edk2.groups.io/g/devel/message/77955
> v3 changes:
>  - Rename to BlobVerifierLibNull, use decimal INF_VERSION, remove unused
>    DebugLib reference, fix doxygen comments, add missing IN attribute
>  - Rename to BlobVerifierLibSevHashes, use decimal INF_VERSION, fix
>    doxygen comments, add missing IN attribute,
>    calculate buffer hash only when the guid is found in hashes table
>  - SecretPei: use ALIGN_VALUE to round the hob size
>  - Coding style fixes
>  - Add missing 'Ref:' in patch 1 commit message
>  - Fix phrasing and typos in commit messages
>  - Remove Cc: Laszlo from series
>=20
> v2: https://edk2.groups.io/g/devel/message/77505
> v2 changes:
>  - Use the last 1KB of the existing SEV launch secret page for hashes ta=
ble
>    (instead of reserving a whole new MEMFD page).
>  - Build on top of commit cf203024745f ("OvmfPkg/GenericQemuLoadImageLib=
:
> Read
>    cmdline from QemuKernelLoaderFs", 2021-06-28) to have a single locati=
on in
>    which all of kernel/initrd/cmdline are fetched from QEMU.
>  - Use static linking of the two BlobVerifierLib implemenatations.
>  - Reorganize series.
>=20
> v1: https://edk2.groups.io/g/devel/message/75567
>=20
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Ashish Kalra <ashish.kalra@amd.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> Cc: Sami Mujawar <sami.mujawar@arm.com>
>=20
> Dov Murik (8):
>   OvmfPkg/AmdSev: use GenericQemuLoadImageLib in AmdSev builds
>   OvmfPkg: add library class BlobVerifierLib with null implementation
>   OvmfPkg: add BlobVerifierLibNull to DSC
>   ArmVirtPkg: add BlobVerifierLibNull to DSC
>   OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg
>   OvmfPkg/AmdSev/SecretPei: build hob for full page
>   OvmfPkg/AmdSev: add BlobVerifierLibSevHashes
>   OvmfPkg/AmdSev: Enforce hash verification of kernel blobs
>=20
> James Bottomley (3):
>   OvmfPkg/AmdSev/SecretDxe: fix header comment to generic naming
>   OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg
>   OvmfPkg/AmdSev: reserve MEMFD space for for firmware config hashes
>=20
>  OvmfPkg/OvmfPkg.dec                                                    =
             |   9 +
>  ArmVirtPkg/ArmVirtQemu.dsc                                             =
             |   5 +-
>  ArmVirtPkg/ArmVirtQemuKernel.dsc                                       =
             |   5 +-
>  OvmfPkg/AmdSev/AmdSevX64.dsc                                           =
             |   9 +-
>  OvmfPkg/OvmfPkgIa32.dsc                                                =
             |   5 +-
>  OvmfPkg/OvmfPkgIa32X64.dsc                                             =
             |   5 +-
>  OvmfPkg/OvmfPkgX64.dsc                                                 =
             |   5 +-
>  OvmfPkg/AmdSev/AmdSevX64.fdf                                           =
             |   5 +-
>  OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierLibSevHashes.inf
> |  37 ++++
>  OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf            =
             |  24
> +++
>=20
> OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManagerLibGrub.
> inf           |   2 +
>  OvmfPkg/ResetVector/ResetVector.inf                                    =
             |   2 +
>  OvmfPkg/Include/Library/BlobVerifierLib.h                              =
             |  38 ++++
>  OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h               =
             |
> 11 ++
>  OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c
> | 202 ++++++++++++++++++++
>  OvmfPkg/AmdSev/SecretDxe/SecretDxe.c                                   =
             |   2 +-
>  OvmfPkg/AmdSev/SecretPei/SecretPei.c                                   =
             |   3 +-
>  OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierNull.c                 =
             |  33
> ++++
>  OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c               =
             |
> 5 +
>  OvmfPkg/Library/{PlatformBootManagerLib =3D>
> PlatformBootManagerLibGrub}/QemuKernel.c |   0
>  OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
> |   9 +
>  OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm                           =
             |  20 ++
>  OvmfPkg/ResetVector/ResetVector.nasmb                                  =
             |   2 +
>  23 files changed, 428 insertions(+), 10 deletions(-)
>  create mode 100644
> OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierLibSevHashes.inf
>  create mode 100644
> OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf
>  create mode 100644 OvmfPkg/Include/Library/BlobVerifierLib.h
>  create mode 100644
> OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c
>  create mode 100644 OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierNull=
.c
>  copy OvmfPkg/Library/{PlatformBootManagerLib =3D>
> PlatformBootManagerLibGrub}/QemuKernel.c (100%)
>=20
> --
> 2.25.1
>=20
>=20
>=20
>=20
>=20