qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 1/2] x86: only modify setup_data if the boot protocol indi

From: Jason A. Donenfeld
Subject: Re: [PATCH v2 1/2] x86: only modify setup_data if the boot protocol indicates safety
Date: Tue, 6 Sep 2022 12:43:55 +0200 
On Tue, Sep 6, 2022 at 12:40 PM Michael S. Tsirkin <mst@redhat.com> wrote:
>
> On Tue, Sep 06, 2022 at 12:36:56PM +0200, Jason A. Donenfeld wrote:
> > It's only safe to modify the setup_data pointer on newer kernels where
> > the EFI stub loader will ignore it. So condition setting that offset on
> > the newer boot protocol version. While we're at it, gate this on SEV too.
> > This depends on the kernel commit linked below going upstream.
> >
> > Cc: Gerd Hoffmann <kraxel@redhat.com>
> > Cc: Laurent Vivier <laurent@vivier.eu>
> > Cc: Michael S. Tsirkin <mst@redhat.com>
> > Cc: Paolo Bonzini <pbonzini@redhat.com>
> > Cc: Peter Maydell <peter.maydell@linaro.org>
> > Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
> > Cc: Richard Henderson <richard.henderson@linaro.org>
> > Cc: Ard Biesheuvel <ardb@kernel.org>
> > Link: 
> > https://lore.kernel.org/linux-efi/20220904165321.1140894-1-Jason@zx2c4.com/
> > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
>
> BTW what does it have to do with SEV?
> Is this because SEV is not going to trust the data to be random anyway?

Daniel (now CC'd) pointed out in one of the previous threads that this
breaks SEV, because the image hash changes.

Jason
reply via email to
[Prev in Thread] Current Thread [Next in Thread]