How to insert SNP_KERNEL_HASH into OVMF #6
Comments
|
You would use the AmdSevX64.dsc package located in the OvmfPkg/AmdSev/ directory. It requires adding kernel-hashes=on to the Qemu sev-snp-guest object command line option. |
mdroth
pushed a commit
that referenced
this issue
Mar 29, 2024
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4539 Bug Details: PixieFail Bug #6 CVE-2023-45234 CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message Change Overview: Introduces a function to cache the Dns Server and perform sanitizing on the incoming DnsServerLen to ensure that the length is valid > + EFI_STATUS > + PxeBcCacheDnsServerAddresses ( > + IN PXEBC_PRIVATE_DATA *Private, > + IN PXEBC_DHCP6_PACKET_CACHE *Cache6 > + ) Additional code cleanup Cc: Saloni Kasbekar <[email protected]> Cc: Zachary Clark-williams <[email protected]> Signed-off-by: Doug Flick [MSFT] <[email protected]> Reviewed-by: Saloni Kasbekar <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hello, I'm considering using this OVMF with the SNP VM. According to talks, I learned that the hash of kernel/initrd/cmdline should be inserted into the OVMF, and the OVMF needs to verify this hash when it loads the kernel and initrd into the memory. I searched online, but didn't find a tutorial telling me how to do this. Is there any docs showing the steps for this purpose?
The text was updated successfully, but these errors were encountered: