Review comments

Author: stunes-ms

openhcl/underhill_attestation/src/lib.rs

@@ -1006,9 +1006,11 @@ async fn get_derived_keys(
                     gsp_response_by_id.seed.buffer[..gsp_response_by_id.seed.length as usize]
                         .to_vec(),
                 );
+                key_protector_settings.decrypt_gsp_type = GspType::GspById;
             } else {
                 derived_keys.ingress = ingress_key;
             }
+        } else {
             key_protector_settings.decrypt_gsp_type = GspType::GspById;
         }
 

openvmm/hvlite_core/src/worker/dispatch.rs

@@ -2529,6 +2529,7 @@ impl LoadedVmInner {
                 enable_vpci_boot,
                 uefi_console_mode,
                 default_boot_always_attempt,
+                bios_guid,
             } => {
                 let madt = acpi_builder.build_madt();
                 let srat = acpi_builder.build_srat();
@@ -2545,6 +2546,7 @@ impl LoadedVmInner {
                     serial: enable_serial,
                     uefi_console_mode,
                     default_boot_always_attempt,
+                    bios_guid,
                 };
                 let regs = super::vm_loaders::uefi::load_uefi(
                     firmware,

openvmm/hvlite_core/src/worker/vm_loaders/uefi.rs

@@ -38,6 +38,7 @@ pub struct UefiLoadSettings {
     pub serial: bool,
     pub uefi_console_mode: Option<UefiConsoleMode>,
     pub default_boot_always_attempt: bool,
+    pub bios_guid: Guid,
 }
 
 /// Loads the UEFI firmware.
@@ -126,7 +127,7 @@ pub fn load_uefi(
     .add_raw(config::BlobStructureType::Madt, madt)
     .add_raw(config::BlobStructureType::Srat, srat)
     .add_raw(config::BlobStructureType::MemoryMap, memory_map.as_bytes())
-    .add(&config::BiosGuid(Guid::new_random()))
+    .add(&config::BiosGuid(load_settings.bios_guid))
     .add(&config::Entropy(entropy))
     .add(&config::MmioRanges([
         config::Mmio {

openvmm/hvlite_defs/src/config.rs

@@ -119,6 +119,7 @@ pub enum LoadMode {
         enable_vpci_boot: bool,
         uefi_console_mode: Option<UefiConsoleMode>,
         default_boot_always_attempt: bool,
+        bios_guid: Guid,
     },
     Pcat {
         firmware: RomFileLocation,

openvmm/openvmm_entry/src/lib.rs

@@ -795,6 +795,9 @@ fn vm_config_from_command_line(
         );
     }
 
+    // TODO: load from VMGS file if it exists
+    let bios_guid = Guid::new_random();
+
     let VmChipsetResult {
         chipset,
         mut chipset_devices,
@@ -863,6 +866,7 @@ fn vm_config_from_command_line(
                 UefiConsoleModeCli::None => UefiConsoleMode::None,
             }),
             default_boot_always_attempt: opt.default_boot_always_attempt,
+            bios_guid,
         };
     } else {
         // Linux Direct
@@ -1049,8 +1053,7 @@ fn vm_config_from_command_line(
                 guest_secret_key: None,
                 logger: None,
                 is_confidential_vm: false,
-                // TODO: generate an actual BIOS guid and put it here
-                bios_guid: guid::guid!("00000000-0000-0000-0000-000000000000"),
+                bios_guid,
             }
             .into_resource(),
         });

petri/src/vm/openvmm/construct.rs

@@ -673,6 +673,7 @@ impl PetriVmConfigSetupCore<'_> {
                     enable_vpci_boot: matches!(self.boot_device_type, BootDeviceType::Nvme),
                     uefi_console_mode: Some(hvlite_defs::config::UefiConsoleMode::Com1),
                     default_boot_always_attempt: false,
+                    bios_guid: Guid::new_random(),
                 }
             }
             (