Dov Murik 385b9d80a0 OvmfPkg/AmdSev: add BlobVerifierLibSevHashes ... Add an implementation for BlobVerifierLib that locates the SEV hashes table and verifies that the calculated hashes of the kernel, initrd, and cmdline blobs indeed match the expected hashes stated in the hashes table. If there's a missing hash or a hash mismatch then EFI_ACCESS_DENIED is returned which will cause a failure to load a kernel image. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Ashish Kalra <ashish.kalra@amd.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 Co-developed-by: James Bottomley <jejb@linux.ibm.com> Signed-off-by: James Bottomley <jejb@linux.ibm.com> Signed-off-by: Dov Murik <dovmurik@linux.ibm.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> [ardb: add CryptoPkg to accepted dependencies list for CI]		2021-07-29 09:49:50 +00:00
..
BlobVerifierLibSevHashes.inf	OvmfPkg/AmdSev: add BlobVerifierLibSevHashes	2021-07-29 09:49:50 +00:00
BlobVerifierSevHashes.c	OvmfPkg/AmdSev: add BlobVerifierLibSevHashes	2021-07-29 09:49:50 +00:00