From: "Jörg Rödel" <joro@8bytes.org>
To: Ani Sinha <anisinha@redhat.com>
Cc: "Alex Graf" <graf@amazon.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Eduardo Habkost" <eduardo@habkost.net>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Yanan Wang" <wangyanan55@huawei.com>,
"Zhao Liu" <zhao1.liu@intel.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Fabiano Rosas" <farosas@suse.de>,
"Laurent Vivier" <lvivier@redhat.com>,
"Gerd Hoffman" <kraxel@redhat.com>,
"Igor Mammedov" <imammedo@redhat.com>,
"Vitaly Kuznetsov" <vkuznets@redhat.com>,
qemu-devel@nongnu.org
Subject: Re: [PATCH v6] hw/misc/vmfwupdate: Introduce hypervisor fw-cfg interface support
Date: Thu, 13 Mar 2025 16:39:53 +0100 [thread overview]
Message-ID: <Z9L8SYW8ObyoDMLy@8bytes.org> (raw)
In-Reply-To: <CAK3XEhMa3Bvy42ErqAhf9vE+oUH1ZkHhv8JZRv1BpyfdejYMYQ@mail.gmail.com>
On Thu, Mar 13, 2025 at 08:23:44PM +0530, Ani Sinha wrote:
> Note that even with this approach where the hypervisor *thinks* it's
> dealing with a real firmware, you can imagine a small rust based
> firmware image that is loaded by the guest in the firmware region.
> This tiny firmware then jumps to a well known address (chosen by the
> guest) where IGVM is loaded and then starts executing the IGVM
> instructions.
Yes, but this way the predictable launch measurement property of IGVM
is lost, as the measurement only contains hashes for the actions
which happened before the VM was finalized and launched by the VMM. The
SEV policy can also not be changed anymore when the guest is running.
Anyway, I think it doesn't matter much whether the IGVM is parsed in
guest context or by QEMU, as long as the resulting measurement is the
same as if the file was loaded at initial VM launch.
Given that QEMU will hopefully get IGVM backend support soon, there is
some value and saved effort in just passing the IGVM data to the VMM via
the vmfwupdate interface and let QEMU do the rest.
Regards,
Joerg
next prev parent reply other threads:[~2025-03-13 15:40 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-14 15:34 [PATCH v6] hw/misc/vmfwupdate: Introduce hypervisor fw-cfg interface support Ani Sinha
2025-02-24 15:47 ` Gerd Hoffman
2025-02-25 5:21 ` Ani Sinha
2025-02-25 8:39 ` Gerd Hoffman
2025-02-25 9:54 ` Ani Sinha
2025-02-25 10:23 ` Gerd Hoffman
2025-02-25 10:28 ` Igor Mammedov
2025-02-25 11:00 ` Gerd Hoffman
2025-02-25 11:33 ` Igor Mammedov
2025-03-13 9:02 ` Jörg Rödel
2025-03-13 9:37 ` Ani Sinha
2025-03-13 10:10 ` Jörg Rödel
2025-03-13 10:32 ` Ani Sinha
2025-03-13 10:59 ` Jörg Rödel
2025-03-13 11:09 ` Ani Sinha
2025-03-13 11:27 ` Jörg Rödel
2025-03-13 11:28 ` Jörg Rödel
2025-03-13 11:56 ` Ani Sinha
2025-03-13 14:53 ` Ani Sinha
2025-03-13 15:39 ` Jörg Rödel [this message]
2025-03-13 16:30 ` Alexander Graf
2025-03-13 17:38 ` Jörg Rödel
2025-03-13 17:49 ` Daniel P. Berrangé
-- strict thread matches above, loose matches on Subject: below --
2025-03-13 12:05 Gerd Hoffman
2025-03-13 13:31 ` Jörg Rödel
2025-03-13 14:06 ` Ani Sinha
2025-03-14 11:27 ` Gerd Hoffman
2025-03-14 12:47 ` Alexander Graf
2025-03-14 14:08 ` Gerd Hoffman
2025-03-14 14:50 ` Alexander Graf
2025-03-17 9:56 ` Gerd Hoffman
2025-03-17 17:29 ` Alexander Graf
2025-03-18 7:00 ` Gerd Hoffman
2025-03-18 11:11 ` Gerd Hoffman
2025-03-20 8:34 ` Jörg Rödel
2025-03-21 8:22 ` Gerd Hoffman
2025-03-24 16:08 ` Daniel P. Berrangé
2025-03-20 13:53 ` Alexander Graf
2025-03-21 3:36 ` Ani Sinha
2025-03-21 8:09 ` Alexander Graf
2025-03-21 9:14 ` Gerd Hoffman
2025-03-20 8:31 ` Jörg Rödel
2025-03-21 10:08 ` Gerd Hoffman
2025-03-21 12:44 ` Ani Sinha
2025-03-24 7:43 ` Gerd Hoffman
2025-03-24 11:12 ` Ani Sinha
2025-03-24 15:48 ` Gerd Hoffman
2025-03-24 16:31 ` Alexander Graf
2025-03-24 17:53 ` Gerd Hoffman
2025-03-24 18:07 ` Daniel P. Berrangé
2025-03-25 8:04 ` Alexander Graf
2025-03-26 12:27 ` Gerd Hoffman
2025-03-26 15:22 ` Alexander Graf
2025-03-26 21:51 ` Gerd Hoffman
2025-04-07 16:21 ` Dionna Amalie Glaze
2025-04-08 8:33 ` Gerd Hoffman
2025-04-08 21:42 ` Dionna Amalie Glaze
2025-04-09 6:21 ` Gerd Hoffman
2025-04-10 6:31 ` Ani Sinha
2025-04-10 10:44 ` Gerd Hoffmann
2025-04-16 11:40 ` Ani Sinha
2025-04-09 11:59 ` Ani Sinha
2025-03-27 12:12 ` Ani Sinha
2025-04-08 8:11 ` Gerd Hoffman
2025-05-21 7:50 ` Ani Sinha
2025-03-21 12:45 ` Daniel P. Berrangé
2025-03-14 15:16 ` Jörg Rödel
2025-03-15 6:08 ` Ani Sinha
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z9L8SYW8ObyoDMLy@8bytes.org \
--to=joro@8bytes.org \
--cc=anisinha@redhat.com \
--cc=eduardo@habkost.net \
--cc=farosas@suse.de \
--cc=graf@amazon.com \
--cc=imammedo@redhat.com \
--cc=kraxel@redhat.com \
--cc=lvivier@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=vkuznets@redhat.com \
--cc=wangyanan55@huawei.com \
--cc=zhao1.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).