From: "James Bottomley" <jejb@linux.ibm.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>,
"Xu, Min M" <min.m.xu@intel.com>,
Ard Biesheuvel <ardb@kernel.org>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"kraxel@redhat.com" <kraxel@redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
"Justen, Jordan L" <jordan.l.justen@intel.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Erdem Aktas <erdemaktas@google.com>,
Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [edk2-devel] [PATCH V5 1/2] OvmfPkg: Introduce Tdx BFV/CFV PCDs and PcdOvmfImageSizeInKb
Date: Wed, 01 Sep 2021 09:53:24 -0700 [thread overview]
Message-ID: <08185e00b379d70f3420e8c099c26ae5d62c18bc.camel@linux.ibm.com> (raw)
In-Reply-To: <PH0PR11MB488568A815D0751D3B003E7B8CCD9@PH0PR11MB4885.namprd11.prod.outlook.com>
On Wed, 2021-09-01 at 08:59 +0000, Yao, Jiewen wrote:
> Hi Min
> I agree with Gerd and Ard in this case.
>
> It is NOT so obvious that the FTW is produced then consumed in the
> code. What if the attacker prepares some special configuration to
> trigger the FTW process at the first boot, the code will do *read*
> before *write*? That is a potential attack surface.
It's not just that: even if you can ensure nothing in the host changed
the variables, how do you know *your* code inside the guest is updating
them? In ordinary OVMF we try to ensure that by having the variables
SMM protected so the only update path available to the kernel is via
the setVariable interface, but we can't do that in the confidential
computing case because SMM isn't supported. That means a random kernel
attacker in the guest can potentially write to the var store too.
At least for the first SEV prototype I had to make the var store part
of the first firmware volume firstly so it got measured but secondly so
it couldn't be used as a source of configuration attacks.
I have a nasty feeling that configuration attacks are going to be the
bane of all confidential computing solutions because they give the
untrusted VMM a wide attack surface.
James
next prev parent reply other threads:[~2021-09-01 16:53 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-30 2:35 [PATCH V5 0/2] Add Intel TDX support in OvmfPkg/ResetVector Min Xu
2021-08-30 2:35 ` [PATCH V5 1/2] OvmfPkg: Introduce Tdx BFV/CFV PCDs and PcdOvmfImageSizeInKb Min Xu
2021-08-30 7:03 ` Gerd Hoffmann
2021-08-31 3:29 ` [edk2-devel] " Min Xu
2021-08-31 5:13 ` Gerd Hoffmann
2021-08-31 6:17 ` Min Xu
2021-08-31 10:21 ` Gerd Hoffmann
2021-09-01 5:18 ` Min Xu
2021-09-01 6:10 ` Gerd Hoffmann
2021-09-01 6:57 ` Ard Biesheuvel
2021-09-01 7:19 ` Min Xu
2021-09-01 7:44 ` Gerd Hoffmann
2021-09-01 8:59 ` Yao, Jiewen
2021-09-01 16:53 ` James Bottomley [this message]
2021-09-01 19:19 ` Andrew Fish
2021-09-10 17:03 ` Erdem Aktas
2021-08-30 2:35 ` [PATCH V5 2/2] OvmfPkg/ResetVector: Enable Intel TDX in ResetVector of Ovmf Min Xu
2021-08-30 7:40 ` Gerd Hoffmann
2021-08-31 3:09 ` [edk2-devel] " Min Xu
2021-08-31 5:35 ` Gerd Hoffmann
2021-09-02 0:05 ` Min Xu
2021-09-02 7:18 ` Gerd Hoffmann
2021-09-02 7:49 ` Min Xu
2021-09-03 3:03 ` Yao, Jiewen
2021-09-03 5:39 ` Gerd Hoffmann
2021-09-09 13:54 ` Min Xu
2021-09-10 8:19 ` Gerd Hoffmann
2021-09-14 3:54 ` Yao, Jiewen
2021-09-11 1:17 ` Erdem Aktas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=08185e00b379d70f3420e8c099c26ae5d62c18bc.camel@linux.ibm.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox