Re: [PATCH 1/2] OvmfPkg/OvmfPkgX64: Add SEV launch secret and hashes table areas to MEMFD


Dov Murik
 

Hi Gerd,

(I assume your comments are for patch 2/2)

On 02/11/2021 12:03, Gerd Hoffmann wrote:
On Tue, Nov 02, 2021 at 07:34:21AM +0000, Dov Murik wrote:
The SEV launch secret area and the QEMU hashes table area were specified
in the OvmfPkg/AmdSev/AmdSevX64 MEMFD but not in OvmfPkg/OvmfPkgX64.

Add them in OvmfPkgX64.fdf.

After this change the two MEMFD descriptions are identical:

$ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/OvmfPkgX64.fdf | sha1sum
6ff89173952413fbdb7ffbbf42f8bc389c928500 -
$ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/AmdSev/AmdSevX64.fdf | sha1sum
6ff89173952413fbdb7ffbbf42f8bc389c928500 -
I'm wondering whenever you actually tried to boot a sev guest
in microvm?
No I haven't tried. Do you want Microvm to be able to boot SEV guests,
or do you intentionally want to keep functionality out so it stays small?

I suspect it'll need more changes to actually work.
I saw MicrovmX64.fdf already has some SEV-related entries (like
PcdOvmfSecGhcbBackupBase), so I just added these so that its MEMFD will
be identical to AmdSevX64 and OvmfPkgX64.

-Dov

Join devel@edk2.groups.io to automatically receive all group messages.