add 18th iteration of classifier

1 files changed, 76 insertions, 0 deletions

diff --git a/results/classifier/118/device/1142 b/results/classifier/118/device/1142
new file mode 100644
index 000000000..19990a0c7
--- /dev/null
+++ b/results/classifier/118/device/1142
@@ -0,0 +1,76 @@
+device: 0.885
+boot: 0.849
+kernel: 0.825
+i386: 0.805
+files: 0.803
+ppc: 0.795
+socket: 0.793
+architecture: 0.758
+graphic: 0.745
+register: 0.740
+vnc: 0.704
+performance: 0.703
+permissions: 0.681
+PID: 0.655
+risc-v: 0.626
+network: 0.618
+semantic: 0.577
+debug: 0.519
+hypervisor: 0.516
+KVM: 0.504
+arm: 0.500
+virtual: 0.498
+VMM: 0.487
+TCG: 0.469
+mistranslation: 0.441
+peripherals: 0.408
+x86: 0.404
+assembly: 0.398
+user-level: 0.216
+
+Measurements fail with direct kernel boot for AMD SEV confidential virtualization with 7.1 machine type
+Description of problem:
+When booting the QEMU with the 'kernel-hashes:true' property set for 'sev-guest' confidential virtualization, the contents of the `-kernel` file are measured by the firmware.
+
+A remote tenant can then validate the measurement against its expected contents to see if the boot was trustworthy.
+
+With the pc-q35-7.1 machine type the measurement always fails to validate against expected state.
+
+Making the following code change 
+
+```
+diff --git a/hw/i386/pc.c b/hw/i386/pc.c
+index 7280c02ce3..3a4bf5cba3 100644
+--- a/hw/i386/pc.c
++++ b/hw/i386/pc.c
+@@ -1899,6 +1899,8 @@ static void pc_machine_class_init(ObjectClass *oc, void *data)
+     pcmc->rsdp_in_ram = true;
+     pcmc->smbios_defaults = true;
+     pcmc->smbios_uuid_encoded = true;
++    pcmc->legacy_no_rng_seed = true;
++
+     pcmc->gigabyte_align = true;
+     pcmc->has_reserved_memory = true;
+     pcmc->kvmclock_enabled = true;
+```
+
+results in successfully validating the measurement.
+
+THis is not surprising, the RNG seed patch introduced in 
+
+```
+commit 67f7e426e53833a5db75b0d813e8d537b8a75bd2
+Author: Jason A. Donenfeld <Jason@zx2c4.com>
+Date:   Thu Jul 21 14:56:36 2022 +0200
+
+    hw/i386: pass RNG seed via setup_data entry
+```
+
+intentionally modifies the contents of the kernel image before passing it to the firmware, to inject a random seed. This will ensure the boot measuremnts are different every time.
+
+This RNG seed functionality must NOT be used when AMD SEV is active.
+Steps to reproduce:
+1. Create an AMD SEV guest with kernel-hashes=true and pc-q35-7.1 machine type
+2. Attempt to validate the boot measurement
+Additional information:
+