Loading...

Type: Bug
Resolution: Not a Bug
Priority: Normal
Fix Version/s: None
Affects Version/s: rhel-9.5
Component/s: qemu-kvm
Labels:
- AMD
- polarion
- sev

Regression:
No
Severity:
Moderate

Pool Team:

rhel-sst-virtualization-hwe
Sub-System Group:

ssg_virtualization

Story Points:
None
ACKs Check:

QE ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Products:

Red Hat Enterprise Linux
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Experience:
Architecture:

x86_64
OS:
Linux

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

/usr/libexec/qemu-kvm -object sev-snp-guest,?
sev-snp-guest options:
author-key-enabled=<bool>
guest-visible-workarounds=<string>
host-data=<string>
id-auth=<string>
id-block=<string>
kernel-hashes=<bool> - add kernel hashes to guest firmware for measured Linux boot
policy=<uint64>
sev-device=<string> - SEV device to use
vcek-required=<bool>

-object sev-snp-guest,id=sev0,reduced-phys-bits=1,cbitpos=51,policy=0x30000,author-key-enabled=on,id-auth=8Q0QgStBmb......(generated by $ openssl rand -base64 4096 ),id-block=319RrN8ACBy....(generated by $ openssl rand -base64 96)
qemu-kvm: SNP_LAUNCH_FINISH ret=-5 fw_error=11 'Bad measurement'

Please provide the package NVR for which bug is seen:
qemu-kvm-9.0.0-6.el9.7337546923.x86_64

edk2-ovmf-20240524-1.el9.noarch

kernel: 5.14.0-479.el9.x86_64

How reproducible:
100%

Steps to reproduce
1. Check available -object sev-snp-guest options:

/usr/libexec/qemu-kvm -object sev-snp-guest,?
sev-snp-guest options:
author-key-enabled=<bool>
guest-visible-workarounds=<string>
host-data=<string>
id-auth=<string>
id-block=<string>
kernel-hashes=<bool> - add kernel hashes to guest firmware for measured Linux boot
policy=<uint64>
sev-device=<string> - SEV device to use
vcek-required=<bool>

2. Generate blobs to id-auth id-block
id-auth: $ openssl rand -base64 4096
id-block: $ openssl rand -base64 96
3. Boot a SNP guest with id-block and id-auth set
...
-object sev-snp-guest,id=sev0,reduced-phys-bits=1,cbitpos=51,policy=0x30000,author-key-enabled=on,id-auth=8Q0QgStBmb/GQ1F8SW1tJp/YDlBlN3qZ1/WqZl0Zaxn2bmgy5rx7pEnVWCGosn1amAs+4ckvCL0f869zfdpx/bcFJnR1pEjRJrR3m/xvWJ0mb+ICYHGF7ogvvTIYZsnJq+JLKBSevgL6thVl9LyveNLDXG3IY6Cy32whQtPv3oqlAfbSHE9Vw28bpgunLGfk0H3PubPilX8Hq6AZxLBIsPqO8rPdsyHX0RUYVuSWgRr/4oogqP9FZ691dfRGn2Q7ux0KkDpaEscmqXTNAz+UsU8zqY3KDVxuBX55F1pTc23u5s+X+BG43MFlbc1GuUdnVtLtuCZB5W88+CIsq+9vhBmSNEHuSfOZu0y5VUEuQpm6BWZdTAd+yIEbWI3SSRPm/15OVufqvvG5qUR5mgrW/XZLTQNp7I3OL/xR5jWX1oCqOMg+K0YeUlMRbsRgQeZEL96v4LoE2+Rl/iOigjI8EDNBZEVEUQs2AaxfsjQqpA1dw2AghCRy9FVDvzlz+6VYbb8ZVjAwB/Szr3BjymiV8Pz917ggwqgOdnQsOpSBXLsx3Jrr4TFHXZMULjtLW1Dl9x1RjXUh4WMsSbUHdaSgWpy0yFmVgrJpSJ1Ip8swZmBxwXJNUVg8xU8W+mustY9cmTDdU1u90gHXjXpEsKA0gPuLuvZQPypkSn5PwqDd0LEhXFzRJXsThx5U3sfxZcNfNnN0HP3zfwDdjWkhM8is4tBTaRitPQ1G32zJB4kXih/NyUdnJ/9pZiRkYLUb1LjHHsclPE0AuAEyilytO9kKNjFko1yj6ojzLOVfXzRbnwOeMnJz8tk/XdHu9nCg4GMEWj5UYsijGo/x8KB6YJeU9kiDDpAg+RQdE8KS4/4NlbdmgScN7XWbc0qUntf2KouXPGwSaSjv4FUCvMnP8i6HA/5AEEEgq5I3ZWHLecA10O1jbRf0WsnAZC62Qp2Xld1tBCDGhnz3HNZUPtDrGYEM6UypABNxFtRm8pIFiF2jdZQsvDSMMZYmDZtvHOipsoJTmj3TJjpLom0IMGgvb8nV+PYkdxC+mXw6ZjNKr80vmsdvVpovhUbeOGvE7QuGdL+sSvVShlQPmorUjbtH/ZQ3AS2+YElnDOvuab8g16PUJIq91EzX4L0XvfDpivwcBxM6LDtBtvJWO1W0B542Xicv/1G+WqlxEYXNdzMuvDR0ay0eb/8XXCND5uNf7hi7pqlJ9Y8S3NDKEhT0z+PCei+poQypEfHFUF677ZAoPN8f6qv3d4RP2dpcwtEzw3cDnWr3jUlMWH4VuL51c8CKHEl8WkVV3vCa4A48+Hl0H3/9V533QrTyuASJnpMm740kCcArlGseeNuc1SYzkzA4cHEf1vOz4dkN/xAlMnJqOpnfYzwy5p4pVvo75Nz7J7UXYvLIK8uS4q+iZq6Y7ocrVKe41llHVTWPUS54+WzvjdInzQqF2UO3ErBxaYICWUAkjeU2oMMRCavQkHvvmCAxYXOJRgwJYYnAyFaBrB+M42Hq7UI0NW/uKCEtfbzI8+uzAvr6VtmwmVbzaeO56zqojK4S+yRlzlrs9Cg9vlJBz2Tlx7r+wOs1GCIjmreBHj5iZqZYdg3567Jn8HK+TCtw9Ws73Hyyqc/ZfcwtLPib3pWdBiWm/mldBaoRGDKyUh2vpMl5t25PBD8VPrp5zqZDJAFCE1TeOGwwv0vAeHFq9bUHhb08Nx+s+9InwW0XDHWmjb7d7v1TfmPpMqN6BulngK93uhICJziy911ni/uBgJ9olNXuIi+6u75Nf2wqB6XaoRkcG9QgDckeZmJ91Lsd6IqUXb6kgY5I/Y2YOAmyXkHlhb5+Wx7p5YmYEw4GjDV5Vsc6PFobeFBFXOjaZsNLAZIvZFJmzgCKuDVcffBEOK1lzywqokJT/Cy0Uw/eyKfhmNfWRYm9N9YPcL/4b4WzBV2k+IxF958fdU/2knQoCLTDwd/5JWi7YGjALBMx4LAw0VDNwF75FTNAbgLxbI51H/gswDflPNqLKpOld2wqgonh9QFaM6JgU40zGngE//wdRoV3zGExuP5BKMZHQkSxUoRPTaYXomCWS3rBDixyCu9t7jG/DzQqyJn56bIiG1U8pXLNjpcYhWFNad+jGNAJZnuq7yCR7SBQV/snkoEn8Ncfl3jNIp/SqEwXZEjUh3fqiWA2oAfpvSvVmUvrGBfFWaB1SERjFkvqRPZlPqRskOMLUtuaucDTMmvEy6vW9M2ch48SU3bvYu8G1f6AaSe7fOqaMOopIkwqSHNHDiywcZ/itRgxhS3Bew4TKzE9XQfQ4kFb6zWhX5Subv+BgKwowfeCNHCe9wjOhTDidFYfq3O19rMWE9MS1ddguKeUpTbK6L/g5yPlh5u74c4Px0rKOKuiclJoDq2151o3uX9t69MJrfTffE03FCbzLH1lQkO7U/McejvcZlCeujJvJzPGTGWUWHN7A4N7BySlUHYiGym51A6F4bQ4eooZ1otnPOwXb27X8svfs6G04bxcGJXhWYqs6xM41B4uUU3+H6v+rKlqauwSzY5b8RSAGBjDT0RhZVeoJ0bCpNx8OSg9yItRRoWvKDerEJRwxIXtz/InRC2DT35w+km3N7jDwWEHCHS1geyiZtQlZ5b0aaJ7nLq3fR+9odnQEFR/vYy0TXPl5PFH+vspZKLUKzUocOg/qc8xjWBLMxPqgGcho09bVEDcrCXY8KW5DSnEpn/z5ZnLLkhyI9aDvNbha1AlMTeI78VIoWOLRWZHMc7Zmu4LIZi3diYm2KzjM64G/O5LB1WpCD4fakWqV4ssyEhIIYcUCRhrMlszY/jEdE+VzgyOHfMnDN1N8nU3ohUMU3LC900PNy6XRCqdBKA0iZvEt32j0+bC7gJnkhI8Cm8MKx4NVie1mq16FcqQ9u4G+4MXIMpZOkVGTccYEMmS6CJdhht9MRlEihpplof1lPZ1FgK+RPca9kvHGl2e/LjNi32CeOhox7ubvMk7epPgWev9ZLtcjTmcDZUl4dffuGz5gURf1HiZkfwsVfJR7tep1uGvuHcV3Tr9e3PidUXfDRZ5ARAP2OkW1GlAY9qgvSsxpRBk5AkBy7DYp9pg1IiEsHuFZ5uTNILcjS+HWNiR0ciltH+NnIeU086VqhQE6XKtRcppLrG/1Gs8IRLoSB9/Q2C3HvBzDR9rf0L356i9AhYhX5xJgcP/z2jEN+TozyROfAj0ofwhbOv7s0EIQolKZ1mfF83kvO+gNpPHK1/tTKbDQ8QDQqRjQJiZ+R+jOARe/7NdVPSNuGqpcpxsc/RChflLNNbMUUdvJbX4/DfUBGjZ5zUGPOtiZBGfYq5RuW6+vCkl7lcr1PJi6wbZiKSwmlVFkes3IksccaJFdhALE5RlY35FnOhkhZCSbuzyGXE/l9fz+wDeIl29tqVBw3TDDT8wRv1FWg2Ij7bErWbNpGzcggxLmEmTU7ywwJ3juEM27rT3QtPzIU6H8tpLUYCWbZglZyRc4rXcpR72bn36BolVDcuVNajs6puAHz/ww/4HMlHm8fT+8ZsGIwfwMDbQS1BJbXIW583bhFNa1agE9MD3tH0rTY2hVLudDrEHlBaqOfgJ5OUITIacbs35l+QiEOjE3VOEffuxJSA19bcHGcq8rwzU0tfYnV89NpQaCb2ONerTOWjDvITdfBzmesDIiX4pKxqBluQfrZTA516jq0AcdKq6qVm5CYjQPKys9IMeWIz4e2csNJt39IIP8+OWI8+r+9lA9gMEg0iEmkBQrMaY61rQKCkI6WmQZ22tqrO5WGKHZ4ar14S2HvsqYgxAZ/fVk2rnHfsIXL5Q7XsJ5VOn3KuQgJ19ijO3zZRUKXUo7+XGxlA9Li3DDKgFERVApleAv6Kv825tbrZJnK4wTNdaaulP43pdIe84WtrOT361AmgWyVrlemEuo6OWsL9OeBz8glp4zgrqYdv6Wi9y2j3uubs8ZJk4HWnqL29O3mDlin+4I//88g5EI2/afjYnyZ8JLAvGtIEACrr8f1uuTbchAXCg4I3kUIcF+XRyg4rVLbwLqjSwafojTJii+VcgBUdjabdNFRkYwKCmZiOQbjGNBn76zCOtoCUN/3/PYtrOw8UWNgRr6pPGdVk8E9rm3fnAtNtuj3JcN0xnzP7eeDhB5lPvVDQRKuPABUeCITDBN3ZD/kiBIJdcDz1NUkFe+McB0VIXcXMc3PGF8F52g2nOXaSd3EHy2VbJI5xZqL0AaqU0FmE/c4f/eIDaangwE5Bd9kGR0BiMH0xPc8Y+HhtKrV1kd5bDgc0acWl3NlLDHMr2HrPaDd3XWoRnNBH2NHYnPiuUciLAT8iOnu6rGO67vkgaAzlhUxFeHNrIz3TK3wVpxSoH99aHOz3SK9nJUwfhWLU5w7sthcO6SP8gt/rOv+fPhx02UOZpAxeMo5tYTb8xREm12/CZDfmva2J53e+Nreuo99tyhm800DGZTPxozAedZrhjdRsoeLymvsmtdHumAWX6sRhc6sZtflmevR8B4Zkcl1rbrp09iE7BjT0n6T1ChwMV2QogEI0c0SxKBLgwKIp4qpbLnpCQNmBWrhwF8OgPANspHoe47iOI4/ToLjDTW41znUPfUS+Vmxaiz/g/WCfNMGxhbLoVeRsqtditOpxZpPIuUpSc0RjR4OgalEQd7TzIVzP/hSEQRdcq1/lZg6DfkiaU2WjwaAHnqe6E0wJZA1/iC/TrhfZ53epUw9Gt21wnXPghezOIoacMCQ4AXK9PSop1rqFR7NyNzDb9Vwxmt6QhvzsRmJjqL8Yxj3RMiR+AX3XumOw3aVgA8Spc5hmHF7ZvN6ghnLHKzjXvXnIEl4Z7jCVxPzHKQOZyiOeFg2rwV6nfT6HWwvaa+C/f3pT76VrMVufGYtvKCw6jku3JDpywTSN8elBr2G35ozC1QoMBQJ8HlL/am+IRbLYJSmSvetgQbT/qA04F/rE665ougcAMJ2JUg96chqK7gqlK4W65Fnt1areqr2GrWEbLgrqZVhpzbUN2/R3pTJCs4pItSEQWs32cRx2tds9rgkWEhQ5ROtchbt/2HYh6RSqurnVaL3CbsSAHgGotUpNolWwBz2NH6JdIj81PYR5xjJjIfd3aS1OhmrGkwcoi7GqmijG6qVHkI2EIZVytO4kosUlZQliGtadl9JdqqpBwFBTzV/jAaXu8mZggfD26FSEm9zCrG3PrfpHIRLjdFCF3Yetupkicbfm0p2tWgI+MNZntatLzVXhg2AREsJlzh77dUqYA1sTt6eCQRaONoxPalnpPL+HgdBlddlGyP5ps/0HIqTGOW8XfoIAVBwXX37EmDYO/SuCxKvGSJhnfzvP1pIIvhkTaWil1qveowPcKcSLZeG1b63NGn9BxzxHPoikGcO3iPkyDg8JEuUWvmvWccmoLBddfCsi/0NB6/wx1LNSXX6tA+ZbfkjYK2h8yfGH3oYJayA==,id-block=319RrN8ACByq6NUKadS00H45mS+BDQ8shTHTzreN9V9N2gxmJbgtjPSyb/TIuwuLKSIyh5RCx5mPw6AdDPEKumS0OKiHmv6os6zZVgZgttMXKLd1CVa0Dya3paOUXwC1
"qemu-kvm: SNP_LAUNCH_FINISH ret=-5 fw_error=11 'Bad measurement' "

Expected results
SNP guest can boot with id-auth and id-block

Actual results
"qemu-kvm: SNP_LAUNCH_FINISH ret=-5 fw_error=11 'Bad measurement' "

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates