From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:59917)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1bjsk9-0000ih-Q0
	for qemu-devel@nongnu.org; Tue, 13 Sep 2016 14:47:42 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1bjsk4-0000IS-K0
	for qemu-devel@nongnu.org; Tue, 13 Sep 2016 14:47:40 -0400
Received: from mx1.redhat.com ([209.132.183.28]:52490)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1bjsk4-0000I9-Ef
	for qemu-devel@nongnu.org; Tue, 13 Sep 2016 14:47:36 -0400
Date: Tue, 13 Sep 2016 21:47:32 +0300
From: "Michael S. Tsirkin" <mst@redhat.com>
Message-ID: <20160913214018-mutt-send-email-mst@kernel.org>
References: <147377800565.11859.4411044563640180545.stgit@brijesh-build-machine>
	<147377822450.11859.5845767550630184079.stgit@brijesh-build-machine>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <147377822450.11859.5845767550630184079.stgit@brijesh-build-machine>
Subject: Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on
 ROM reset in SEV-enabled guest
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Brijesh Singh <brijesh.singh@amd.com>
Cc: ehabkost@redhat.com, crosthwaite.peter@gmail.com, armbru@redhat.com, p.fedin@samsung.com, qemu-devel@nongnu.org, lcapitulino@redhat.com, pbonzini@redhat.com, rth@twiddle.net

On Tue, Sep 13, 2016 at 10:50:24AM -0400, Brijesh Singh wrote:
> In SEV-enabled mode we need to reload the BIOS image on loader reset, this
> will ensure that BIOS image gets encrypted and included as part of launch
> meausrement on guest reset.
> 
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>

Could you pls explain what does measurement mean in this
context, and how is it helpful to reload rom on
every boot as opposed to first boot after migration?


> ---
>  hw/core/loader.c |    7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/core/loader.c b/hw/core/loader.c
> index 53e0e41..9b03bfe 100644
> --- a/hw/core/loader.c
> +++ b/hw/core/loader.c
> @@ -55,6 +55,7 @@
>  #include "exec/address-spaces.h"
>  #include "hw/boards.h"
>  #include "qemu/cutils.h"
> +#include "sysemu/kvm.h"
>  
>  #include <zlib.h>
>  
> @@ -1011,7 +1012,11 @@ static void rom_reset(void *unused)
>              cpu_physical_memory_write_rom(&address_space_memory,
>                                            rom->addr, rom->data, rom->datasize);
>          }
> -        if (rom->isrom) {
> +
> +        /* reload the rom on SEV-enabled guest so that it gets included into
> +         * guest memory measurement on system reset.
> +         */
> +        if (!kvm_sev_enabled() && rom->isrom) {
>              /* rom needs to be written only once */
>              g_free(rom->data);
>              rom->data = NULL;