From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:43133)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1bjwgz-0007DM-Sz
	for qemu-devel@nongnu.org; Tue, 13 Sep 2016 19:00:42 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1bjwgu-00048W-Qk
	for qemu-devel@nongnu.org; Tue, 13 Sep 2016 19:00:40 -0400
Received: from mail-wm0-f47.google.com ([74.125.82.47]:36709)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1bjwgu-00048D-Gs
	for qemu-devel@nongnu.org; Tue, 13 Sep 2016 19:00:36 -0400
Received: by mail-wm0-f47.google.com with SMTP id b187so19174505wme.1
	for <qemu-devel@nongnu.org>; Tue, 13 Sep 2016 16:00:36 -0700 (PDT)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
References: <147377800565.11859.4411044563640180545.stgit@brijesh-build-machine>
	<147377822450.11859.5845767550630184079.stgit@brijesh-build-machine>
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <45717d25-176b-dd80-98cc-d91ee0e354fc@redhat.com>
Date: Wed, 14 Sep 2016 00:59:32 +0200
MIME-Version: 1.0
In-Reply-To: <147377822450.11859.5845767550630184079.stgit@brijesh-build-machine>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Subject: Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on
 ROM reset in SEV-enabled guest
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Brijesh Singh <brijesh.singh@amd.com>, ehabkost@redhat.com, crosthwaite.peter@gmail.com, armbru@redhat.com, mst@redhat.com, p.fedin@samsung.com, qemu-devel@nongnu.org, lcapitulino@redhat.com, rth@twiddle.net



On 13/09/2016 16:50, Brijesh Singh wrote:
> In SEV-enabled mode we need to reload the BIOS image on loader reset, this
> will ensure that BIOS image gets encrypted and included as part of launch
> meausrement on guest reset.

Just to check if I understand correctly, the secure processor cannot
split the encryption and measuring, which is why you need to redo the
copy on every reset.

Does the guest have to check the measured data (e.g. with a hash) too,
to check that it hasn't been tampered with outside the secure
processor's control?  Of course this would result in garbage written to
the modified page, but that might be a valid attack vector.

Paolo