blob: 19990a0c725937a438d5823f9633c2971b9493db (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
device: 0.885
boot: 0.849
kernel: 0.825
i386: 0.805
files: 0.803
ppc: 0.795
socket: 0.793
architecture: 0.758
graphic: 0.745
register: 0.740
vnc: 0.704
performance: 0.703
permissions: 0.681
PID: 0.655
risc-v: 0.626
network: 0.618
semantic: 0.577
debug: 0.519
hypervisor: 0.516
KVM: 0.504
arm: 0.500
virtual: 0.498
VMM: 0.487
TCG: 0.469
mistranslation: 0.441
peripherals: 0.408
x86: 0.404
assembly: 0.398
user-level: 0.216
Measurements fail with direct kernel boot for AMD SEV confidential virtualization with 7.1 machine type
Description of problem:
When booting the QEMU with the 'kernel-hashes:true' property set for 'sev-guest' confidential virtualization, the contents of the `-kernel` file are measured by the firmware.
A remote tenant can then validate the measurement against its expected contents to see if the boot was trustworthy.
With the pc-q35-7.1 machine type the measurement always fails to validate against expected state.
Making the following code change
```
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 7280c02ce3..3a4bf5cba3 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1899,6 +1899,8 @@ static void pc_machine_class_init(ObjectClass *oc, void *data)
pcmc->rsdp_in_ram = true;
pcmc->smbios_defaults = true;
pcmc->smbios_uuid_encoded = true;
+ pcmc->legacy_no_rng_seed = true;
+
pcmc->gigabyte_align = true;
pcmc->has_reserved_memory = true;
pcmc->kvmclock_enabled = true;
```
results in successfully validating the measurement.
THis is not surprising, the RNG seed patch introduced in
```
commit 67f7e426e53833a5db75b0d813e8d537b8a75bd2
Author: Jason A. Donenfeld <Jason@zx2c4.com>
Date: Thu Jul 21 14:56:36 2022 +0200
hw/i386: pass RNG seed via setup_data entry
```
intentionally modifies the contents of the kernel image before passing it to the firmware, to inject a random seed. This will ensure the boot measuremnts are different every time.
This RNG seed functionality must NOT be used when AMD SEV is active.
Steps to reproduce:
1. Create an AMD SEV guest with kernel-hashes=true and pc-q35-7.1 machine type
2. Attempt to validate the boot measurement
Additional information:
|