Comments (2)
jpecholt
commented on August 26, 2024
2
@nicopal
QEMU provides a means to obtain the launch measure of a VM which was previously calculated by the SEV firmware. See the QMP monitor and the query-sev-launch-measure command for reference. Note that the VM must be started with SEV support, the desired guest policy, launch blob, GODH and a QMP socket. Using the SEV-tool and its calculate_measurement command, you can compute the expected launch measure and compare the provided with the expected one.
When you want to inject a secret (e.g. a disk encryption passphrase) into the VM, the corresponding UEFI/bootloader must be capable of reading it out and actually use it, thus a custom image is required. This is more complex and involves the EDK II project/OVMF and grub patches. This article is a good reference.
To summarize: Parts are implemented but they have to be manually combined into a full protocol (afaik).
from amdsev.
lilienbm-zz
commented on August 26, 2024
1
Yes, it can be found in the SEV API spec (Secure Encrypted Virtualization API) on https://developer.amd.com/sev/
from amdsev.
Related Issues (20)
- Is it possible for AMD to consider to add "Access-Control-Allow-Origin: *" header into the CEK certificate web server?
- Cannot launch SEV-SNP VM: `sev_kvm_init: kernel does not support restricted guest memory` HOT 2
- `stable-commits` are not stable HOT 2
- qemu-system-x86_64: sev_snp_launch_finish: SNP_LAUNCH_FINISH ret=-5 fw_error=11 'Bad measurement' HOT 16
- Disabled kernel flags
- [Help] Distro with SEV-SNP support already enabled? HOT 20
- Changes to enable measured direct boot and run SEV-SNP guests correctly? HOT 9
- Does SEV-SNP require a memory-backend? HOT 6
- grub 2.06 not working with SNP enabled ovmf HOT 1
- Why is guest VM's private memory showing zero? HOT 2
- SEV: failed to INIT error 0xe HOT 21
- unchecked MSR access error: WRMSR to 0xc0010010
- SEV-SNP: RMPUPDATE failed (SEV: too many firmware commands are in progress) HOT 3
- Blocking a guest's ability to generate (legitimate) attestation reports? HOT 1
- How to use the RMP instruction (Use VMPL) HOT 2
- XML and OVMF file for Windows VM on SEV? HOT 4
- Build error with ./build.sh kernel host HOT 2
- SEV-SNP Live Migration
- SEV-SNP: Attestation workflow unclear HOT 5
- Error on Debian 12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from amdsev.