Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: rhel-9.4
Affects Version/s: rhel-9.3.0
Component/s: libvirt / General
Labels:

Fixed in Build:
libvirt-10.0.0-1.el9
Severity:
Normal

Pool Team:

sst_virtualization
Sub-System Group:

ssg_virtualization

Dev Target Milestone:
20
Internal Target Milestone:
27
Story Points:
None
ACKs Check:

QE ack, Dev ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
Pass
Test Link:
https://polarion.engineering.redhat.com/polarion/#/project/RHELVIRT/workitem?id=VIRT-296940
Errata Link:
https://errata.devel.redhat.com/advisory/125049
Test Coverage:

Manual

Release Note Type:
If docs needed, set a value

Experience:
Architecture:

x86_64
Target Upstream Version:
10.0.0
Bugzilla Bug:
RHBZ: 2234361

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Description of problem:
virt-qemu-sev-validate validate AMD SEV guest measurements failed on Genoa, no such issue on Milan

Version-Release number of selected component (if applicable):
libvirt-9.5.0-5.el9.x86_64
qemu-kvm-8.0.0-11.el9.x86_64
kernel-5.14.0-360.el9.x86_64

How reproducible:
100%

Steps to Reproduce:
1.# sevctl export --full test.chain
2. # sevctl session --name sev_es_dhcert test.chain 7
3.# virt-qemu-sev-validate --tik sev_es_dhcert_tik.bin --tek sev_es_dhcert_tek.bin --domain rhel9_sev_vfio --insecure --debug
[DEBUG]: TIK(hex): c0811b6a28fbc955945a2cb037f053f4
[DEBUG]: TEK(hex): f52e8149d75d89235835815c4858bd17
[DEBUG]: VM: id=21 name=rhel9_sev_vfio uuid=a6841a0b-411b-4b61-8588-2a9f999a64c7
[DEBUG]: Firmware(sha256): 36e920e3eedd7f58f5275bb9219e9b300c62ff9792b3fc28eeda03dbe2f6e870
[DEBUG]: VMSA CPU 0(sha256): 0cfc22045b0a55507ab938baa9cf89cd0f4c3fcb63f3b04a8a04d2e40a15b1a3
[DEBUG]: VMSA CPU 1(sha256): c887f0c03de7f8c3e47c29bc4b0b557c36b1d8ec709a7a5b328d665e8dbb2647
[DEBUG]: VMSA(sha256): 934e19c90dd5d383316fe8d279a9ef0f727cf91311c0692148a283ce232fab8a
[DEBUG]: Measured-data(sha256): d23e324689e38da4eb85c962d018654d599023368f3210d24b0cf903b4c9af03
[DEBUG]: Measured-msg(hex): 0401370507000000d23e324689e38da4eb85c962d018654d599023368f3210d24b0cf903b4c9af03308441732b9c8173e89938bca5892584
[DEBUG]: Measurement reported(hex): 220bff2169b02b74f1b4bcc6c4225dcc37a88fbcc79fbb9d0b2841a907d8a2ee
[DEBUG]: Measurement computed(hex): cb7e1d3dacbb9e99c7817554a32b4b6b7f1ed9b9819af82078f7e8d379d3496f
File "/usr/bin/virt-qemu-sev-validate", line 1301, in main
attest(args)
File "/usr/bin/virt-qemu-sev-validate", line 1272, in attest
cvm.attest()
File "/usr/bin/virt-qemu-sev-validate", line 801, in attest
raise AttestationFailedException(
ERROR: Measurement does not match, VM is not trustworthy