]> git.proxmox.com Git - mirror_edk2.git/commit
projects / mirror_edk2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0deeab3) | patch
OvmfPkg/AmdSev: add BlobVerifierLibSevHashes
authorDov Murik <dovmurik@linux.ibm.com>
Thu, 1 Jul 2021 13:19:46 +0000 (13:19 +0000)
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Thu, 29 Jul 2021 09:49:50 +0000 (09:49 +0000)
commit385b9d80a0100490b833f6483e5593fa1abc21b4
treefea8ba121765f21565a41b8375b7412191278ce4tree
parent0deeab36d179e79de7b93bb930b4d6eb24185416commit | diff
OvmfPkg/AmdSev: add BlobVerifierLibSevHashes

Add an implementation for BlobVerifierLib that locates the SEV hashes
table and verifies that the calculated hashes of the kernel, initrd, and
cmdline blobs indeed match the expected hashes stated in the hashes
table.

If there's a missing hash or a hash mismatch then EFI_ACCESS_DENIED is
returned which will cause a failure to load a kernel image.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457
Co-developed-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
[ardb: add CryptoPkg to accepted dependencies list for CI]
OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierLibSevHashes.inf [new file with mode: 0644] blob
OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c [new file with mode: 0644] blob
OvmfPkg/OvmfPkg.ci.yaml diff | blob | blame | history
EFI Development Kit II mirror for PVE