Re: [libvirt PATCH v3 04/12] tools: support validating SEV direct kernel boot measurements

On Sun, Nov 06, 2022 at 04:03:15PM -0500, Cole Robinson wrote: > On 11/2/22 7:58 AM, Daniel P. Berrangé wrote: >> When doing direct kernel boot we need to include the kernel, initrd and >> cmdline in the measurement. >> >> Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com&gt; >> --- >> docs/manpages/virt-qemu-sev-validate.rst | 43 +++++++++ >> tools/virt-qemu-sev-validate | 108 ++++++++++++++++++++++- >> 2 files changed, 150 insertions(+), 1 deletion(-) >> > > ... > >> + >> +class KernelTable(GUIDTable): >> + >> + TABLE_GUID = UUID('{9438d606-4f22-4cc9-b479-a793-d411fd21}').bytes_le >> + KERNEL_GUID = UUID('{4de79437-abd2-427f-b835-d5b1-72d2045b}').bytes_le >> + INITRD_GUID = UUID('{44baf731-3a2f-4bd7-9af1-41e2-9169781d}').bytes_le >> + CMDLINE_GUID = UUID('{97d02dd8-bd20-4c94-aa78-e771-4d36ab2a}').bytes_le >> + >> + def __init__(self): >> + super().__init__(guid=self.TABLE_GUID, >> + lenlen=2) >> + >> + self.kernel = None >> + self.initrd = sha256(bytes([])).digest() >> + self.cmdline = sha256(bytes([0])).digest() >> + > > This bit here caused a regression from v2. self.initrd and self.cmdline > should be initialized to None. Otherwise the code that triggers > load_kernel and load_initrd never runs. I'm not seeing any regression. The call to load_kernel/load_intrd is conditioned on args.initrd != None, not self.initrd != None.