On 18/07/2021 18:47, Brijesh Singh wrote:
On 7/6/21 3:54 AM, Dov Murik wrote:
In QemuKernelLoaderFsDxeEntrypoint we use FetchBlob to read the contentThe patch itself is okay. Just curious, do we also need to add a
of the kernel/initrd/cmdline from the QEMU fw_cfg interface. Insert a
call to VerifyBlob after fetching to allow BlobVerifierLib
implementations to add a verification step for these blobs.
This will allow confidential computing OVMF builds to add verification
mechanisms for these blobs that originate from an untrusted source
The null implementation of BlobVerifierLib does nothing in VerifyBlob,
and therefore no functional change is expected.
Cc: Laszlo Ersek <firstname.lastname@example.org>
Cc: Ard Biesheuvel <email@example.com>
Cc: Jordan Justen <firstname.lastname@example.org>
Cc: Ashish Kalra <email@example.com>
Cc: Brijesh Singh <firstname.lastname@example.org>
Cc: Erdem Aktas <email@example.com>
Cc: James Bottomley <firstname.lastname@example.org>
Cc: Jiewen Yao <email@example.com>
Cc: Min Xu <firstname.lastname@example.org>
Cc: Tom Lendacky <email@example.com>
Co-developed-by: James Bottomley <firstname.lastname@example.org>
Signed-off-by: James Bottomley <email@example.com>
Signed-off-by: Dov Murik <firstname.lastname@example.org>
verification for the QEMU FW cfg file ?
I don't really understand. This patch adds the VerifyBlob() call on
blobs that were read by FetchBlob(), which in turn reads the contents of
kernel/initrd/cmdline from QEMU FW cfg (using QemuFwCfgReadBytes for
We currently *don't* add verification for all other FW cfg settings,
like number of CPUs, E820 memory entries, ... similar to what we (don't)
do in SEV boot with encrypted root image (in which only OVMF is measured).
What else do you think we should verify?