Fill up vmpck with 0xFF in stage0

Change-Id: I5e8eae3056b01575ef64566216f8e49fb931caef
project-oak · May 20, 2024 · a342ca2 · a342ca2
1 parent 4db7f08
commit a342ca2
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/stage0/src/sev.rs b/stage0/src/sev.rs
@@ -639,6 +639,9 @@ pub fn init_guest_message_encryptor() -> Result<(), &'static str> {
     // request attestation reports or derived sealing keys for VMPL0. This stops
     // later boot stages from creating counterfeit DICE chains.
     key.zeroize();
+    // The sev-guest driver in the upstream kernel does not initialize with such
+    // an empty vmpck. So we fill it up with 0xFF.
+    key.fill(0xFF);
     Ok(())
 }