From: "Min Xu" <min.m.xu@intel.com>
To: Ard Biesheuvel <ardb+tianocore@kernel.org>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Aktas, Erdem" <erdemaktas@google.com>,
James Bottomley <jejb@linux.ibm.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
"Xu, Min M" <min.m.xu@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: measurement to command-line/initrd for loading kernel via -kernel option
Date: Sat, 17 Sep 2022 02:52:18 +0000 [thread overview]
Message-ID: <PH0PR11MB50644F564BA1A112DF60D44EC54B9@PH0PR11MB5064.namprd11.prod.outlook.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1094 bytes --]
Hi, Ard
I am checking the measurement behavior when loading the kernel via the QEMU -kernel option. I find it is implemented by below 2 driver/lib:
- OvmfPkg/QemuKernelLoaderFsDxe
This is a separate DXE driver that exposes the virtual SimpleFileSystem implementation that carries the kernel and initrd passed via the QEMU command line.
- OvmfPkg/Library/X86QemuLoadImageLib
This is the library that consumes above driver and call LoadImage/StartImage so that the kernel image gets authenticated and/or measured.
See https://edk2.groups.io/g/devel/message/55381
I have some questions about the implementation need your help.
1. In the QemuKernelLoaderFsDxe, AllocatePool is called to allocate memory. Why not call AllocatePages? Kernel image size may be around 15 MB, but initrd size maybe much bigger.
2. Kernel image is authenticated and/or measured in LoadImage. I am wondering if "command line" is measured as well? "Command line" can be treated as an external input and in my opinion it should be measured too.
3. The same question to initrd. Is it measured?
Thanks
Min
[-- Attachment #2: Type: text/html, Size: 8163 bytes --]
next reply other threads:[~2022-09-17 2:53 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-17 2:52 Min Xu [this message]
2022-09-18 12:52 ` measurement to command-line/initrd for loading kernel via -kernel option Ard Biesheuvel
2022-09-19 2:13 ` [edk2-devel] " Min Xu
2022-09-19 6:58 ` Ard Biesheuvel
2022-09-20 0:20 ` Min Xu
2022-09-20 12:29 ` Ard Biesheuvel
2022-09-20 12:55 ` Lu, Ken
2022-09-20 13:03 ` Ard Biesheuvel
2022-09-20 13:24 ` Lu, Ken
2022-09-20 13:43 ` James Bottomley
2022-09-20 14:34 ` Ard Biesheuvel
2022-09-20 14:51 ` Ard Biesheuvel
2022-09-20 15:14 ` Lu, Ken
2022-09-20 13:20 ` Gerd Hoffmann
2022-09-20 13:38 ` Lu, Ken
2022-09-20 14:18 ` Gerd Hoffmann
2022-09-20 14:30 ` Lu, Ken
2022-09-21 7:14 ` Gerd Hoffmann
2022-09-21 11:24 ` Lu, Ken
2022-09-21 12:27 ` Gerd Hoffmann
2022-09-21 15:41 ` Ard Biesheuvel
2022-09-23 9:34 ` Ilias Apalodimas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PH0PR11MB50644F564BA1A112DF60D44EC54B9@PH0PR11MB5064.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox