github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-14 22:24:14 +00:00
Code Issues Projects Releases Wiki Activity

config: Use standard OVMF with SEV

Browse Source 
The AmdSev firmware package should be used with
measured direct boot. If the expected hashes are not
injected into the firmware binary by the VMM, the
guest will not boot. This is required for security.

Currently the main branch does not have the extended
shim support for SEV, which tells the VMM to inject
the expected hashes.

We ship the standard OVMF package to use with SNP,
so let's switch SEV to that for now. This will need
to be changed back when shim support for SEV(-ES)
is added to main.

Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
This commit is contained in:
Tobin Feldman-Fitzthum 2023-05-16 02:27:20 +00:00 committed by Fabiano Fidêncio
parent 724437efb3
commit cbb9fe8b81
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/runtime/Makefile
View File

@ -130,7 +130,7 @@ FIRMWAREVOLUMEPATH :=
FIRMWARETDVFPATH := $(PREFIXDEPS)/share/tdvf/OVMF.fd
FIRMWARETDVFVOLUMEPATH :=
FIRMWARESEVPATH := $(PREFIXDEPS)/share/ovmf/AMDSEV.fd
FIRMWARESEVPATH := $(PREFIXDEPS)/share/ovmf/OVMF.fd
FIRMWARESNPPATH := $(PREFIXDEPS)/share/ovmf/OVMF.fd
# Name of default configuration file the runtime will use.