* James Bottomley ([email protected]) wrote: > On Mon, 2020-10-12 at 16:57 +0100, Dr. David Alan Gilbert wrote: > > * Tobin Feldman-Fitzthum ([email protected]) wrote: > > > On 2020-09-21 15:16, Dr. David Alan Gilbert wrote: > > > > * Tobin Feldman-Fitzthum ([email protected]) wrote: > > > > > AMD SEV allows a guest owner to inject a secret blob > > > > > into the memory of a virtual machine. The secret is > > > > > encrypted with the SEV Transport Encryption Key and > > > > > integrity is guaranteed with the Transport Integrity > > > > > Key. Although QEMU faciliates the injection of the > > > > > launch secret, it cannot access the secret. > > > > > > > > > > Signed-off-by: Tobin Feldman-Fitzthum <[email protected] > > > > > > > > > > > > > > Hi Tobin, > > > > Did the ovmf stuff for agreeing the GUID for automating this > > > > ever happen? > > > > > > > OVMF patches have not been upstreamed yet. I think we are planning > > > to do that relatively soon. > > > > So as we're getting to the end of another qemu dev cycle; do we aim > > to get this one in by itself, or to wait for the GUID? > > Since they're independent of each other, I'd say get this one in now if > it's acceptable. The GUID will come as a discoverable way of setting > the GPA, but this patch at least gives people a way to play with SEV > secret injection. I'm also reworking the OVMF GUID patch to tack on to > the reset vector GUID that just went upstream, so it will be a few more > weeks yet before we have it all integrated with the -ES patch set.
OK, so I've just replied with a minor error leak that needs fixing, but other than that it looks OK to me. I've not quite figured out who would pull it, Paolo? Dave > James > > -- Dr. David Alan Gilbert / [email protected] / Manchester, UK
