diff options
| author | Tobin Feldman-Fitzthum <tobin@linux.ibm.com> | 2024-04-19 14:35:54 -0400 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-06-25 15:27:42 +0000 |
| commit | 56059941ec8c2f4d8fb126227b1154f8a869ac2b (patch) | |
| tree | e06cb6ef42ef956c221517f0f8a03200c958edd8 /OvmfPkg/Include | |
| parent | be38c01da2dd949e0a6f8bceeb88d2e19c8c65f7 (diff) | |
| download | edk2-56059941ec8c2f4d8fb126227b1154f8a869ac2b.tar.gz edk2-56059941ec8c2f4d8fb126227b1154f8a869ac2b.tar.bz2 edk2-56059941ec8c2f4d8fb126227b1154f8a869ac2b.zip | |
AmdSev: Rework Blob Verifier
The Blob Verifier checks boot artifacts against a hash table
injected by the hypervisor and measured by hardware.
Update the Blob Verifier to enter a dead loop if the artifacts
do not match.
The verifier still returns ACCESS_DENIED in some cases, but this
is considered non-fatal. These non-fatal cases occur when the
artifact cannot be verified because the hashes table makes no
claims about the artifiact (e.g. if the hashes table is not present
or if there is no entry for the blob in question).
Since the hash table is reflected in the launch measurement,
it is okay to continue the boot in these cases.
If the hash table does contain expected hash values, the boot cannot
continue if the provided blobs do not match.
In these cases we enter a dead loop to make sure no guest can boot
with a TCB that does not reflect the launch measurement.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Diffstat (limited to 'OvmfPkg/Include')
0 files changed, 0 insertions, 0 deletions