From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Gerd Hoffman <kraxel@redhat.com>
Cc: "Jörg Rödel" <joro@8bytes.org>,
"Alexander Graf" <graf@amazon.com>,
"Ani Sinha" <anisinha@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Eduardo Habkost" <eduardo@habkost.net>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Yanan Wang" <wangyanan55@huawei.com>,
"Zhao Liu" <zhao1.liu@intel.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Fabiano Rosas" <farosas@suse.de>,
"Laurent Vivier" <lvivier@redhat.com>,
"Igor Mammedov" <imammedo@redhat.com>,
"Vitaly Kuznetsov" <vkuznets@redhat.com>,
qemu-devel@nongnu.org
Subject: Re: [PATCH v6] hw/misc/vmfwupdate: Introduce hypervisor fw-cfg interface support
Date: Fri, 21 Mar 2025 12:45:49 +0000 [thread overview]
Message-ID: <Z91ffa53yRxXkJop@redhat.com> (raw)
In-Reply-To: <4p7orqixni5m3444l53isxe5awdwasrb5e5bu6wu4phhycqpir@z22wgnaxowsg>
On Fri, Mar 21, 2025 at 11:08:11AM +0100, Gerd Hoffman wrote:
> Hi,
>
> > > While digging around in the igvm spec I've seen there is the
> > > concept of 'parameters'. Can this be used to pass on the memory
> > > location of kernel + initrd + cmdline? Maybe the kernel hashes too?
> >
> > The find the locations of the kernel, initrd, cmdline, ... I think IGVM
> > parameters, either directly or (preferably indirectly) are a good
> > solution. By "indirectly" I mean to put these regions on a separate and
> > measured page which also contains the region hashes.
>
> regions and hashes should be separate I think. The regions are not
> necessarily fixed, the physical memory location where things have been
> loaded to can change.
>
> But also see my other reply. I'm not convinced any more carrying
> forward the hashes logic makes much sense.
>
> > > (2) Will the igvm be generated on the fly from FUKI data? Or should
> > > the distros ship igvm images with firmware + kernel + initrd?
> >
> > My preference would be that distros ship the tooling and components to
> > build IGVM files and build them during kernel update. If a distro comes
> > up with a generic initrd+cmdline it can also ship pre-built IGVM files.
>
> Working with the (F)UKI instead has the advantage that we can make use
> of the secure boot signature, with a workflow along these lines:
>
> (distro) build:
> * Embed the firmware as igvm inside the UKI.
> * Sign the UKI.
>
> first vm launch:
> * Load the complete UKI.
> * Pass on (a) the igvm section and (b) the UKI (including signature)
> to the vmfwupdate device.
>
> vmwupdate device:
> * loads the igvm image.
> * passes on the UKI location (as igvm parameter?).
>
> second vm launch:
> * firmware checks UKI signature.
> * firmware (optionally) measures UKI into vTPM.
> * firmware launches UKI.
>
> Going ship the distro kernel as igvm image would work too. Will
> simplify the measurement pre-calculation. Also there is no need to pass
> around any parameters, everything (how the firmware finds the UKI etc)
> can be arranged at igvm build time then. Disadvantage: This introduces
> a completely new boot workflow. Will probably need a new set of cloud
> images exclusively for the BYOF case.
Having a completely different boot workflow & images for CVM BYOF that
does not involve/consume existing UKIs & addons feels pretty undesirable
to me.
If the baseline is that the distro/user is using UKIs for everything,
and then they want to do BYOF, that change should involve as little
difference as possible to pull firmware into the mix. Your first
workflow example with FUKI looks like it would satisfy that, but
switching to bundle the kernel/initrd/cmdline directly in the IGVM
would not.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2025-03-21 12:46 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-13 12:05 [PATCH v6] hw/misc/vmfwupdate: Introduce hypervisor fw-cfg interface support Gerd Hoffman
2025-03-13 13:31 ` Jörg Rödel
2025-03-13 14:06 ` Ani Sinha
2025-03-14 11:27 ` Gerd Hoffman
2025-03-14 12:47 ` Alexander Graf
2025-03-14 14:08 ` Gerd Hoffman
2025-03-14 14:50 ` Alexander Graf
2025-03-17 9:56 ` Gerd Hoffman
2025-03-17 17:29 ` Alexander Graf
2025-03-18 7:00 ` Gerd Hoffman
2025-03-18 11:11 ` Gerd Hoffman
2025-03-20 8:34 ` Jörg Rödel
2025-03-21 8:22 ` Gerd Hoffman
2025-03-24 16:08 ` Daniel P. Berrangé
2025-03-20 13:53 ` Alexander Graf
2025-03-21 3:36 ` Ani Sinha
2025-03-21 8:09 ` Alexander Graf
2025-03-21 9:14 ` Gerd Hoffman
2025-03-20 8:31 ` Jörg Rödel
2025-03-21 10:08 ` Gerd Hoffman
2025-03-21 12:44 ` Ani Sinha
2025-03-24 7:43 ` Gerd Hoffman
2025-03-24 11:12 ` Ani Sinha
2025-03-24 15:48 ` Gerd Hoffman
2025-03-24 16:31 ` Alexander Graf
2025-03-24 17:53 ` Gerd Hoffman
2025-03-24 18:07 ` Daniel P. Berrangé
2025-03-25 8:04 ` Alexander Graf
2025-03-26 12:27 ` Gerd Hoffman
2025-03-26 15:22 ` Alexander Graf
2025-03-26 21:51 ` Gerd Hoffman
2025-04-07 16:21 ` Dionna Amalie Glaze
2025-04-08 8:33 ` Gerd Hoffman
2025-04-08 21:42 ` Dionna Amalie Glaze
2025-04-09 6:21 ` Gerd Hoffman
2025-04-10 6:31 ` Ani Sinha
2025-04-10 10:44 ` Gerd Hoffmann
2025-04-16 11:40 ` Ani Sinha
2025-04-09 11:59 ` Ani Sinha
2025-03-27 12:12 ` Ani Sinha
2025-04-08 8:11 ` Gerd Hoffman
2025-05-21 7:50 ` Ani Sinha
2025-03-21 12:45 ` Daniel P. Berrangé [this message]
2025-03-14 15:16 ` Jörg Rödel
2025-03-15 6:08 ` Ani Sinha
-- strict thread matches above, loose matches on Subject: below --
2025-02-14 15:34 Ani Sinha
2025-02-24 15:47 ` Gerd Hoffman
2025-02-25 5:21 ` Ani Sinha
2025-02-25 8:39 ` Gerd Hoffman
2025-02-25 9:54 ` Ani Sinha
2025-02-25 10:23 ` Gerd Hoffman
2025-02-25 10:28 ` Igor Mammedov
2025-02-25 11:00 ` Gerd Hoffman
2025-02-25 11:33 ` Igor Mammedov
2025-03-13 9:02 ` Jörg Rödel
2025-03-13 9:37 ` Ani Sinha
2025-03-13 10:10 ` Jörg Rödel
2025-03-13 10:32 ` Ani Sinha
2025-03-13 10:59 ` Jörg Rödel
2025-03-13 11:09 ` Ani Sinha
2025-03-13 11:27 ` Jörg Rödel
2025-03-13 11:28 ` Jörg Rödel
2025-03-13 11:56 ` Ani Sinha
2025-03-13 14:53 ` Ani Sinha
2025-03-13 15:39 ` Jörg Rödel
2025-03-13 16:30 ` Alexander Graf
2025-03-13 17:38 ` Jörg Rödel
2025-03-13 17:49 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z91ffa53yRxXkJop@redhat.com \
--to=berrange@redhat.com \
--cc=anisinha@redhat.com \
--cc=eduardo@habkost.net \
--cc=farosas@suse.de \
--cc=graf@amazon.com \
--cc=imammedo@redhat.com \
--cc=joro@8bytes.org \
--cc=kraxel@redhat.com \
--cc=lvivier@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=vkuznets@redhat.com \
--cc=wangyanan55@huawei.com \
--cc=zhao1.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).