From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.56])
 by mx.groups.io with SMTP id smtpd.web11.29055.1626707685208130312
 for <devel@edk2.groups.io>;
 Mon, 19 Jul 2021 08:14:45 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@amd.com header.s=selector1 header.b=Rz8VU8Bg;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.244.56, mailfrom: thomas.lendacky@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=VIPaK4qcDBniIv4450BCtSjLqk+ov+hfeGnMegANRCYP1v2rccP3OWXzI4aRXk63TLF/Lyq63kYLM1d9xukNseHaccR4gETkr07AttD4oCqHQe1A20sDx/YF3fi+xQ8ObtI5SGyP3wUTpQeHS2XwMBf7GdkDTiz1poV2F4rp8vg9cD4g7YSp13x1ZSO1aw1lbeMUIzYTXipAiYVLjwoEbpFz1YRopCbmTEva7cuRW/3apCrFJeArtri5se0hfBpA5k4A7tj38bprm8Dl9nJ/ULUcsr2rfif2AqzNwoVPGRUKN7BhASi2pgovGw4GCyFHTXOvmkJxYlI58larFg+arA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Lyyh0+1QWRoKj1T3x+YCBEY1dXbzlbVzQQB7uE2Bhso=;
 b=kMp7U1ggL8r7ApVXmlavfzTrP92fNvnCZXE70+Q/6diO9E/KokPJn9YvJXZerGHkUR2u4CjE0FEfduj7cfBxad/wKOObFVaOzw0tO/9c1fh8Hjx8+pt1f4TSGxGzPaqfNlbWSCxHCmcpzDpM9JLlAxXE8A1GPVZ+xYGTY6lcaPiBF4gV/jAOUN69eQijnmXc+rhpYjxMd4l00I9JNJXVPmu9CS3uzH3oiMTa4pPoHBQARmla0R6IU7dnFBO2dsJRU3s/3ek2gtEZmQE3BCmjIjv66a0yzSjEUprOgDw0yis0YejDFLDXFqxFkbLBbUTb4ywkvWz6B1/7jjjlTDjKIw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Lyyh0+1QWRoKj1T3x+YCBEY1dXbzlbVzQQB7uE2Bhso=;
 b=Rz8VU8Bg3abybRDNOMYXLD0LNfCOjQa9pTiNeietXPd1dabONpnHpPUOEunw2DWFwujL4U4/afaxyZif0jGcY0SUWpV6Zbe0sXcOt/7koXNXp/qN7iNuZghlu7QnprldsgBN1TxQgRfafFvzkeqCc13o4Jg+7sGJOghLX9rshfI=
Authentication-Results: arm.com; dkim=none (message not signed)
 header.d=none;arm.com; dmarc=none action=none header.from=amd.com;
Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12)
 by DM4PR12MB5296.namprd12.prod.outlook.com (2603:10b6:5:39d::21) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.22; Mon, 19 Jul
 2021 15:14:42 +0000
Received: from DM4PR12MB5229.namprd12.prod.outlook.com
 ([fe80::73:2581:970b:3208]) by DM4PR12MB5229.namprd12.prod.outlook.com
 ([fe80::73:2581:970b:3208%3]) with mapi id 15.20.4331.032; Mon, 19 Jul 2021
 15:14:42 +0000
Subject: Re: [PATCH v2 00/11] Measured SEV boot with kernel/initrd/cmdline
To: Dov Murik <dovmurik@linux.ibm.com>, devel@edk2.groups.io
Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
 Tobin Feldman-Fitzthum <tobin@ibm.com>, Jim Cadden <jcadden@ibm.com>,
 James Bottomley <jejb@linux.ibm.com>, Hubertus Franke <frankeh@us.ibm.com>,
 Laszlo Ersek <lersek@redhat.com>, Ard Biesheuvel
 <ardb+tianocore@kernel.org>, Jordan Justen <jordan.l.justen@intel.com>,
 Ashish Kalra <ashish.kalra@amd.com>, Brijesh Singh <brijesh.singh@amd.com>,
 Erdem Aktas <erdemaktas@google.com>, Jiewen Yao <jiewen.yao@intel.com>,
 Min Xu <min.m.xu@intel.com>, Leif Lindholm <leif@nuviainc.com>,
 Sami Mujawar <sami.mujawar@arm.com>
References: <20210706085501.1260662-1-dovmurik@linux.ibm.com>
From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
Message-ID: <b0b12d1a-c17a-7fe1-7bdf-45f74ad1522b@amd.com>
Date: Mon, 19 Jul 2021 10:14:40 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.11.0
In-Reply-To: <20210706085501.1260662-1-dovmurik@linux.ibm.com>
X-ClientProxiedBy: SN7PR04CA0067.namprd04.prod.outlook.com
 (2603:10b6:806:121::12) To DM4PR12MB5229.namprd12.prod.outlook.com
 (2603:10b6:5:398::12)
Return-Path: thomas.lendacky@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.236.30.241] (165.204.77.1) by SN7PR04CA0067.namprd04.prod.outlook.com (2603:10b6:806:121::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.22 via Frontend Transport; Mon, 19 Jul 2021 15:14:41 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 8b98a266-f002-4410-aeb2-08d94ac7ef3c
X-MS-TrafficTypeDiagnostic: DM4PR12MB5296:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<DM4PR12MB5296EF11287FA14A9BD3FD44ECE19@DM4PR12MB5296.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:2803;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	Cwvft7rcKbEGufOYR88TYdvrNKVIDhQlsXsB2Bp386NhdVsSTRQ/X42oIRCaYKgjCFmKRhp+VhKUSBhsD8kzZETRCxi0t0frwPbL7TCCpWSFXldXMB6MTRymUts1HqOF8FJVIjsR08DPGnSGZauF0rbF8eSPf2+5Q97oVOh136DgbeQJSaHNn94NGmqN0iuK5/eAAhaL/fZXtKHLLkWZURW/WwSmXHgom5Dt27eVVl3Ci3BpmwgeZk/+948hGMGYcU7JC6U1pvGQtBxvwnHZYR6iSNMAG2QJ931S3FkIUZfkEOgOOBaa9knigIucevWIAOWVGi4innbTM+6GhHNA+04X3dUQ7puBUBfadv6Jjph1dvgHpjCkGT3RhDX12N9yc1hjaQuCpqZ6LWQYBfZeX67nFotTS3Z4VAht4NUx85Uaq1indSKuLCHLC8K/5tCa7av2HYzF4zAflCJIDBCEOxLG13s21HTlwnXUbxO4UPreIbEzzs8PsAqswXxzwOWf092OId995YqAqNSXW0dPAaekSsPIkNtoeH3EpFZFnMBINY7PP5SOXEBLrIXPfryvtVVOyoB1wyCu/9H+ZSBoikAROmImR4VqCEK5CD0e+E+uLWKmfTGeinbAlaE15uWgWyuFxbc/PZoZUhQNHMVi2DnODMZ5scb6Kjmc4R+rJk5gF0nejbYOSlA6Wb/pQ/DUdd+r2sUtCHhn37KayH/oZAssyXmYWL8Qlncy9yOZ45niX3MSGZenKzo+C+XPebRCegssSlcLlBVeUFsBDVFtpNb3TsSE/1FS4KqsnzLkVe8brSZ5c/ENQSbLQU+VWRqIBmgTqwZezirjbX+pIGCS1L+Ld5M6lozvxqvtE9rhjLE=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(346002)(396003)(39860400002)(31696002)(19627235002)(53546011)(2906002)(66556008)(66476007)(66946007)(966005)(16576012)(26005)(316002)(36756003)(31686004)(83380400001)(8676002)(8936002)(186003)(478600001)(54906003)(86362001)(4326008)(7416002)(2616005)(956004)(38100700002)(5660300002)(6486002)(45980500001)(43740500002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?utf-8?B?dFJZU1RzM00rZ1ZWV2pCSFFZOWluYXBHcTFFL1lkVnV4b1lZZldNZlZuOEZP?=
 =?utf-8?B?Znk3NzZ4MUxScTFvOGdNa1RGNkNkMUtHbGU3anFiQkJSUlFIRU9PRng1NVZo?=
 =?utf-8?B?Z2pNL3pJZnQ3WHlFamlaeExtTTVlaEdRaUVLV2ZtNkMyZ3RaY09hdSthRXd2?=
 =?utf-8?B?ODh2Y1o2SXUyZWhBNHdVUCtLd0ZIWW5CSWVkbHJJa1FnN3YxZ1ZwNFRSd3FF?=
 =?utf-8?B?SjZoN0NSS2Vyb3ZOZ1pOYTJzV1NKMUpHaHU3OSszL3E0OHRxcVBERHNBOVBJ?=
 =?utf-8?B?dXBqRUcrQm9XQnVmbzM1bmpqWlFLdFRqSjgyNjhjNkdqN3VQVHZ2OE1pb3dW?=
 =?utf-8?B?clZIMjYyWlRZN1I5M0FKQnlldzVqc1N0ckRtMkNRU2ZheUZzcjhteURVYk1H?=
 =?utf-8?B?MFlLVG5oTlg5ZFp2KzZKNWZkMVlxWjZBUlI5MFR4SzAwQkRQTkhCSVhrZGVr?=
 =?utf-8?B?KzJJSitDcGlWTk01VXZyc09rTXJGTDBBZGdVY284VnlLZXZERVRmeWQrN3d5?=
 =?utf-8?B?NmkyMkhNbnM0Nk5oVXY1OUo0OGs3dWhOMGV2a0JLMm5FUFBEQm5xTUVsOStR?=
 =?utf-8?B?ZnlNVU5WcEFUbTRhVWtEd0Z4MExSZWU2T3BYaGllb1d2eG9XcTNkR09CUEVE?=
 =?utf-8?B?OXgzNTQ5aFFpa0VlOFJFNXlZc3ZVNVRPT2RPbzQyc3pFTVdJRzQxcDkrUTlk?=
 =?utf-8?B?UlA1MmY2d3gyNEo4TWZQeUZreXJNSFA4LzNJT2dwbDN4TzZFRXdPeVIzcFBL?=
 =?utf-8?B?Y3YxSzVQYW1zelJVL29jaHdORENKRG5naEhyYmRMcWU0QVJMaEZnNkhvOVJa?=
 =?utf-8?B?b3pJS2VjNEFPdHEyVC9ycXlCeE5mV1BocDd2aWQ2aFphUG9WajRNZnpLb2JF?=
 =?utf-8?B?SmkyVis4b3k0bzhrTTR2empIWWhIT1B3dzJWZ0puRVVWcWp3RjQzOVI0MXhm?=
 =?utf-8?B?UkVoWnJtSFNtRTdoMVV6WTR1anM5ZjhpNTgvQW9wVmwxT2tGeWtJSVpnMDBH?=
 =?utf-8?B?Z0wrWlUxYnkybTVKTWFUM3B4TXdzOGljVS9RWmJ1V2lFa0cxNHJITjlrcXpn?=
 =?utf-8?B?K1pTbDUxQ0lQNHhTU0ZkOVZoWHhheGRMSWptQnppRUowK0JpckZuSlRlUkN2?=
 =?utf-8?B?S3BGdlAwNWFzZ3RqdEI4aUp4SlNYTHIwQnNPbnRwcThnM3RiOW1hbHlQWk5n?=
 =?utf-8?B?QkhhNk01VlNnelZ5ZU5xVzFUOE9qbDZTKzdMa0NFc2JtOVFEb3F1ZWZkSUMz?=
 =?utf-8?B?R3FMNGh1UUxOdnRrRXkwODB4aDlsdVpJaFI5S1lDMHBRdGxEbWZGRDBjUkJy?=
 =?utf-8?B?ZEM1VmZtQUx4amtySHplckFwQzlkWmdGYm1PSWRBMWpsUzhnVW1VeWtWbnl4?=
 =?utf-8?B?b2VpSmRiYUxicjJ6dEtVZ2NNUnJBMVFnZEtjb3hnVnh5RDh4NmdJSjhoaEs1?=
 =?utf-8?B?Q2tzTXB2SG4rWHpLVzN0RnpKMDlTeHM4RW1icVlORlQ0dld0VDREZjUwR1I3?=
 =?utf-8?B?bTFhWUxkTXdQaXQrdE5wUFp5bmN0ZXJaQ0V4cE4yNDRHdEw4bXk0QXJyNndw?=
 =?utf-8?B?MW43dHhqaG9LT1RsZVNYRHpyc1pMSmlNS0FBU2dqZVVZNnNJVnh0YXJxRmt5?=
 =?utf-8?B?V3VlRnZBQzFPeXlTQjJPOFJ3QW1Gc241cUxLK2NkWTFranc0RDFPZU5ISXVz?=
 =?utf-8?B?UGYxeUZGK1dJazE5SG9xd0M0bjZnS29KWlRCT3FESi91amVFaE9Jam5PY2NS?=
 =?utf-8?Q?I8AjMmfCdM994lZuBTIpXcHnJpwO3XYCbW+gyLK?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8b98a266-f002-4410-aeb2-08d94ac7ef3c
X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jul 2021 15:14:42.4793
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: ZD/3xf5+0AL6qFtVKYQHcz11XCCy/ibYJ7ZJbm+cNMXgSxsxqV7999841PEDZAie5nn96h4LbYoFGkQ8I55gTg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5296
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 7/6/21 3:54 AM, Dov Murik wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3457

This BZ link should be part of all the commit messages in the series.

Thanks,
Tom

> 
> Booting with SEV prevented the loading of kernel, initrd, and kernel
> command-line via QEMU fw_cfg interface because they arrive from the VMM
> which is untrusted in SEV.
> 
> However, in some cases the kernel, initrd, and cmdline are not secret
> but should not be modified by the host.  In such a case, we want to
> verify inside the trusted VM that the kernel, initrd, and cmdline are
> indeed the ones expected by the Guest Owner, and only if that is the
> case go on and boot them up (removing the need for grub inside OVMF in
> that mode).
> 
> This patch series reserves an area in MEMFD (previously the last 1KB of
> the launch secret page) which will contain the
> hashes of these three blobs (kernel, initrd, cmdline), each under its
> own GUID entry.  This tables of hashes is populated by QEMU before
> launch, and encrypted as part of the initial VM memory; this makes sure
> theses hashes are part of the SEV measurement (which has to be approved
> by the Guest Owner for secret injection, for example).  Note that this
> requires QEMU support [1].
> 
> OVMF parses the table of hashes populated by QEMU (patch 5), and as it
> reads the fw_cfg blobs from QEMU, it will verify each one against the
> expected hash (kernel and initrd verifiers are introduced in patch 6,
> and command-line verifier is introduced in patches 7+8).  This is all
> done inside the trusted VM context.  If all the hashes are correct, boot
> of the kernel is allowed to continue.
> 
> Any attempt by QEMU to modify the kernel, initrd, cmdline (including
> dropping one of them), or to modify the OVMF code that verifies those
> hashes, will cause the initial SEV measurement to change and therefore
> will be detectable by the Guest Owner during launch before secret
> injection.
> 
> Relevant part of OVMF serial log during boot with AmdSevX86 build and QEMU with
> -kernel/-initrd/-append:
> 
>   ...
>   SevHashesBlobVerifierLibConstructor: found injected hashes table in secure location
>   Select Item: 0x17
>   Select Item: 0x8
>   FetchBlob: loading 7379328 bytes for "kernel"
>   Select Item: 0x18
>   Select Item: 0x11
>   VerifyBlob: Found GUID 4DE79437-ABD2-427F-B835-D5B172D2045B in table
>   VerifyBlob: Hash comparison succeeded for entry 'kernel'
>   Select Item: 0xB
>   FetchBlob: loading 12483878 bytes for "initrd"
>   Select Item: 0x12
>   VerifyBlob: Found GUID 44BAF731-3A2F-4BD7-9AF1-41E29169781D in table
>   VerifyBlob: Hash comparison succeeded for entry 'initrd'
>   Select Item: 0x14
>   FetchBlob: loading 86 bytes for "cmdline"
>   Select Item: 0x15
>   VerifyBlob: Found GUID 97D02DD8-BD20-4C94-AA78-E7714D36AB2A in table
>   VerifyBlob: Hash comparison succeeded for entry 'cmdline'
>   ...
> 
> The patch series is organized as follows:
> 
> 1:     Simple comment fix in adjacent area in the code.
> 2:     Use GenericQemuLoadImageLib to gain one location for fw_cfg blob
>        fetching.
> 3:     Allow the (previously blocked) usage of -kernel in AmdSevX64.
> 4-7:   Add BlobVerifierLib with null implementation and use it in the correct
>        location in QemuKernelLoaderFsDxe.
> 8-9:   Reserve memory for hashes table, declare this area in the reset vector.
> 10-11: Add the secure implementation SevHashesBlobVerifierLib and use it in
>        AmdSevX64 builds.
> 
> [1] https://lore.kernel.org/qemu-devel/20210624102040.2015280-1-dovmurik@linux.ibm.com/
> 
> Code is at
> https://github.com/confidential-containers-demo/edk2/tree/sev-hashes-v2
> 
> v2 changes:
>  - Use the last 1KB of the existing SEV launch secret page for hashes table
>    (instead of reserving a whole new MEMFD page).
>  - Build on top of commit cf203024745f ("OvmfPkg/GenericQemuLoadImageLib: Read
>    cmdline from QemuKernelLoaderFs", 2021-06-28) to have a single location in
>    which all of kernel/initrd/cmdline are fetched from QEMU.
>  - Use static linking of the two BlobVerifierLib implemenatations.
>  - Reorganize series.
> 
> v1: https://edk2.groups.io/g/devel/message/75567
> 
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Ashish Kalra <ashish.kalra@amd.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> Cc: Sami Mujawar <sami.mujawar@arm.com>
> 
> Dov Murik (8):
>   OvmfPkg/AmdSev: use GenericQemuLoadImageLib in AmdSev builds
>   OvmfPkg: add library class BlobVerifierLib with null implementation
>   OvmfPkg: add NullBlobVerifierLib to DSC
>   ArmVirtPkg: add NullBlobVerifierLib to DSC
>   OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg
>   OvmfPkg/AmdSev/SecretPei: build hob for full page
>   OvmfPkg: add SevHashesBlobVerifierLib
>   OvmfPkg/AmdSev: Enforce hash verification of kernel blobs
> 
> James Bottomley (3):
>   OvmfPkg/AmdSev/SecretDxe: fix header comment to generic naming
>   OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg
>   OvmfPkg/AmdSev: reserve MEMFD space for for firmware config hashes
> 
>  OvmfPkg/OvmfPkg.dec                                                                 |   9 +
>  ArmVirtPkg/ArmVirtQemu.dsc                                                          |   5 +-
>  ArmVirtPkg/ArmVirtQemuKernel.dsc                                                    |   5 +-
>  OvmfPkg/AmdSev/AmdSevX64.dsc                                                        |   9 +-
>  OvmfPkg/OvmfPkgIa32.dsc                                                             |   5 +-
>  OvmfPkg/OvmfPkgIa32X64.dsc                                                          |   5 +-
>  OvmfPkg/OvmfPkgX64.dsc                                                              |   5 +-
>  OvmfPkg/AmdSev/AmdSevX64.fdf                                                        |   5 +-
>  OvmfPkg/Library/BlobVerifierLib/NullBlobVerifierLib.inf                             |  27 +++
>  OvmfPkg/Library/BlobVerifierLib/SevHashesBlobVerifierLib.inf                        |  36 ++++
>  OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManagerLibGrub.inf           |   2 +
>  OvmfPkg/ResetVector/ResetVector.inf                                                 |   2 +
>  OvmfPkg/Include/Library/BlobVerifierLib.h                                           |  38 ++++
>  OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h                            |  11 ++
>  OvmfPkg/AmdSev/SecretDxe/SecretDxe.c                                                |   2 +-
>  OvmfPkg/AmdSev/SecretPei/SecretPei.c                                                |   9 +-
>  OvmfPkg/Library/BlobVerifierLib/NullBlobVerifier.c                                  |  34 ++++
>  OvmfPkg/Library/BlobVerifierLib/SevHashesBlobVerifier.c                             | 199 ++++++++++++++++++++
>  OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c                            |   5 +
>  OvmfPkg/Library/{PlatformBootManagerLib => PlatformBootManagerLibGrub}/QemuKernel.c |   0
>  OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c                               |   9 +
>  OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm                                        |  20 ++
>  OvmfPkg/ResetVector/ResetVector.nasmb                                               |   2 +
>  23 files changed, 434 insertions(+), 10 deletions(-)
>  create mode 100644 OvmfPkg/Library/BlobVerifierLib/NullBlobVerifierLib.inf
>  create mode 100644 OvmfPkg/Library/BlobVerifierLib/SevHashesBlobVerifierLib.inf
>  create mode 100644 OvmfPkg/Include/Library/BlobVerifierLib.h
>  create mode 100644 OvmfPkg/Library/BlobVerifierLib/NullBlobVerifier.c
>  create mode 100644 OvmfPkg/Library/BlobVerifierLib/SevHashesBlobVerifier.c
>  copy OvmfPkg/Library/{PlatformBootManagerLib => PlatformBootManagerLibGrub}/QemuKernel.c (100%)
>