diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-05-30 16:52:07 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-05-30 16:52:17 +0200 |
| commit | 9260319e7411ff8281700a532caa436f40120ec4 (patch) | |
| tree | 2f6bfe5f3458dd49d328d3a9eb508595450adec0 /gitlab/issues/target_missing/host_missing/accel_missing/1142.toml | |
| parent | 225caa38269323af1bfc2daadff5ec8bd930747f (diff) | |
| download | qemu-analysis-9260319e7411ff8281700a532caa436f40120ec4.tar.gz qemu-analysis-9260319e7411ff8281700a532caa436f40120ec4.zip | |
gitlab scraper: download in toml and text format
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_missing/1142.toml')
| -rw-r--r-- | gitlab/issues/target_missing/host_missing/accel_missing/1142.toml | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/1142.toml b/gitlab/issues/target_missing/host_missing/accel_missing/1142.toml deleted file mode 100644 index 7813e9803..000000000 --- a/gitlab/issues/target_missing/host_missing/accel_missing/1142.toml +++ /dev/null @@ -1,54 +0,0 @@ -id = 1142 -title = "Measurements fail with direct kernel boot for AMD SEV confidential virtualization with 7.1 machine type" -state = "closed" -created_at = "2022-08-04T12:08:56.036Z" -closed_at = "2022-11-07T12:53:17.474Z" -labels = ["kind::Bug"] -url = "https://gitlab.com/qemu-project/qemu/-/issues/1142" -host-os = "n/a" -host-arch = "x86_64" -qemu-version = "git 2480f3bbd03814b0651a1f74959f5c6631ee5819" -guest-os = "n/a" -guest-arch = "n/a" -description = """When booting the QEMU with the 'kernel-hashes:true' property set for 'sev-guest' confidential virtualization, the contents of the `-kernel` file are measured by the firmware. - -A remote tenant can then validate the measurement against its expected contents to see if the boot was trustworthy. - -With the pc-q35-7.1 machine type the measurement always fails to validate against expected state. - -Making the following code change - -``` -diff --git a/hw/i386/pc.c b/hw/i386/pc.c -index 7280c02ce3..3a4bf5cba3 100644 ---- a/hw/i386/pc.c -+++ b/hw/i386/pc.c -@@ -1899,6 +1899,8 @@ static void pc_machine_class_init(ObjectClass *oc, void *data) - pcmc->rsdp_in_ram = true; - pcmc->smbios_defaults = true; - pcmc->smbios_uuid_encoded = true; -+ pcmc->legacy_no_rng_seed = true; -+ - pcmc->gigabyte_align = true; - pcmc->has_reserved_memory = true; - pcmc->kvmclock_enabled = true; -``` - -results in successfully validating the measurement. - -THis is not surprising, the RNG seed patch introduced in - -``` -commit 67f7e426e53833a5db75b0d813e8d537b8a75bd2 -Author: Jason A. Donenfeld <Jason@zx2c4.com> -Date: Thu Jul 21 14:56:36 2022 +0200 - - hw/i386: pass RNG seed via setup_data entry -``` - -intentionally modifies the contents of the kernel image before passing it to the firmware, to inject a random seed. This will ensure the boot measuremnts are different every time. - -This RNG seed functionality must NOT be used when AMD SEV is active.""" -reproduce = """1. Create an AMD SEV guest with kernel-hashes=true and pc-q35-7.1 machine type -2. Attempt to validate the boot measurement""" -additional = """""" |