summary refs log tree commit diff stats
path: root/gitlab/issues/target_missing/host_missing/accel_missing/1142.toml
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_missing/1142.toml')
-rw-r--r--gitlab/issues/target_missing/host_missing/accel_missing/1142.toml54
1 files changed, 0 insertions, 54 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/1142.toml b/gitlab/issues/target_missing/host_missing/accel_missing/1142.toml
deleted file mode 100644
index 7813e9803..000000000
--- a/gitlab/issues/target_missing/host_missing/accel_missing/1142.toml
+++ /dev/null
@@ -1,54 +0,0 @@
-id = 1142
-title = "Measurements fail with direct kernel boot for AMD SEV confidential virtualization with 7.1 machine type"
-state = "closed"
-created_at = "2022-08-04T12:08:56.036Z"
-closed_at = "2022-11-07T12:53:17.474Z"
-labels = ["kind::Bug"]
-url = "https://gitlab.com/qemu-project/qemu/-/issues/1142"
-host-os = "n/a"
-host-arch = "x86_64"
-qemu-version = "git 2480f3bbd03814b0651a1f74959f5c6631ee5819"
-guest-os = "n/a"
-guest-arch = "n/a"
-description = """When booting the QEMU with the 'kernel-hashes:true' property set for 'sev-guest' confidential virtualization, the contents of the `-kernel` file are measured by the firmware.
-
-A remote tenant can then validate the measurement against its expected contents to see if the boot was trustworthy.
-
-With the pc-q35-7.1 machine type the measurement always fails to validate against expected state.
-
-Making the following code change 
-
-```
-diff --git a/hw/i386/pc.c b/hw/i386/pc.c
-index 7280c02ce3..3a4bf5cba3 100644
---- a/hw/i386/pc.c
-+++ b/hw/i386/pc.c
-@@ -1899,6 +1899,8 @@ static void pc_machine_class_init(ObjectClass *oc, void *data)
-     pcmc->rsdp_in_ram = true;
-     pcmc->smbios_defaults = true;
-     pcmc->smbios_uuid_encoded = true;
-+    pcmc->legacy_no_rng_seed = true;
-+
-     pcmc->gigabyte_align = true;
-     pcmc->has_reserved_memory = true;
-     pcmc->kvmclock_enabled = true;
-```
-
-results in successfully validating the measurement.
-
-THis is not surprising, the RNG seed patch introduced in 
-
-```
-commit 67f7e426e53833a5db75b0d813e8d537b8a75bd2
-Author: Jason A. Donenfeld <Jason@zx2c4.com>
-Date:   Thu Jul 21 14:56:36 2022 +0200
-
-    hw/i386: pass RNG seed via setup_data entry
-```
-
-intentionally modifies the contents of the kernel image before passing it to the firmware, to inject a random seed. This will ensure the boot measuremnts are different every time.
-
-This RNG seed functionality must NOT be used when AMD SEV is active."""
-reproduce = """1. Create an AMD SEV guest with kernel-hashes=true and pc-q35-7.1 machine type
-2. Attempt to validate the boot measurement"""
-additional = """"""