On 11/7/22 7:28 AM, Daniel P. Berrangé wrote:
On Sun, Nov 06, 2022 at 04:03:15PM -0500, Cole Robinson wrote:
On 11/2/22 7:58 AM, Daniel P. Berrangé wrote:
When doing direct kernel boot we need to include the kernel, initrd and cmdline in the measurement.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- docs/manpages/virt-qemu-sev-validate.rst | 43 +++++++++ tools/virt-qemu-sev-validate | 108 ++++++++++++++++++++++- 2 files changed, 150 insertions(+), 1 deletion(-)
...
+ +class KernelTable(GUIDTable): + + TABLE_GUID = UUID('{9438d606-4f22-4cc9-b479-a793-d411fd21}').bytes_le + KERNEL_GUID = UUID('{4de79437-abd2-427f-b835-d5b1-72d2045b}').bytes_le + INITRD_GUID = UUID('{44baf731-3a2f-4bd7-9af1-41e2-9169781d}').bytes_le + CMDLINE_GUID = UUID('{97d02dd8-bd20-4c94-aa78-e771-4d36ab2a}').bytes_le + + def __init__(self): + super().__init__(guid=self.TABLE_GUID, + lenlen=2) + + self.kernel = None + self.initrd = sha256(bytes([])).digest() + self.cmdline = sha256(bytes([0])).digest() +
This bit here caused a regression from v2. self.initrd and self.cmdline should be initialized to None. Otherwise the code that triggers load_kernel and load_initrd never runs.
I'm not seeing any regression. The call to load_kernel/load_intrd is conditioned on args.initrd != None, not self.initrd != None.
Sorry, I should have been more clear. It's the load_initrd call triggered from XML code path, not the cli --initrd code path. - Cole