* [edk2-devel] Assistance Needed: ArmVirtPkg
@ 2024-05-06 22:22 Doug Flick via groups.io
2024-05-07 10:48 ` Gerd Hoffmann
2024-05-07 15:17 ` Ard Biesheuvel
0 siblings, 2 replies; 6+ messages in thread
From: Doug Flick via groups.io @ 2024-05-06 22:22 UTC (permalink / raw)
To: devel@edk2.groups.io, ardb+tianocore@kernel.org,
quic_llindhol@quicinc.com, sami.mujawar@arm.com,
kraxel@redhat.com
[-- Attachment #1: Type: text/plain, Size: 4409 bytes --]
All,
In order to patch Tianocore Bugzilla issues and CVEs:
4541 – Bug 08 - edk2/NetworkPkg: Predictable TCP ISNs (tianocore.org)<https://bugzilla.tianocore.org/show_bug.cgi?id=4541>
and
4542 – Bug 09 - edk2/NetworkPkg: Use of a Weak PseudoRandom Number Generator (tianocore.org)<https://bugzilla.tianocore.org/show_bug.cgi?id=4542>
I've added as a dependency Hash2CryptoDxe and RngDxe lib to NetworkPkg. I've been able to add the relevant libraries to the DSCs of OvmfPkg and EmulatorPkg however I'm seeing odd behavior with ArmVirtPkg.
Would someone more knowledgeable with ArmVirtPkg take a look this PR.
PixieFail #8 and #9 TCBZ4541 and TCBZ4542 by Flickdm · Pull Request #5582 · tianocore/edk2 (github.com)<https://github.com/tianocore/edk2/pull/5582>
The issue was introduced in the commit "ArmVirtPkg: : Add RngDxe to ArmVirtPkg<https://github.com/tianocore/edk2/pull/5582/commits/03148ed3fe87ceb1c5ce9f53e08d5d0c93c169cf>"
Right now PlatformCI_ArmVirtPkg_Ubuntu_GCC5_PR is crashing with
INFO - Synchronous Exception at 0x000000007FBE35BC
INFO - PC 0x00007FBE35BC (0x00007FBE0000+0x000035BC) [ 0] RngDxe.dll
INFO - PC 0x00007FBE2430 (0x00007FBE0000+0x00002430) [ 0] RngDxe.dll
INFO - PC 0x00007FBE2E14 (0x00007FBE0000+0x00002E14) [ 0] RngDxe.dll
INFO - PC 0x00004748CCFC (0x000047485000+0x00007CFC) [ 1] DxeCore.dll
INFO - PC 0x00004749A6C4 (0x000047485000+0x000156C4) [ 1] DxeCore.dll
INFO - PC 0x0000474904F0 (0x000047485000+0x0000B4F0) [ 1] DxeCore.dll
INFO -
INFO - [ 0] /__w/1/s/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe/DEBUG/RngDxe.dll
INFO - [ 1] /__w/1/s/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
INFO -
INFO - X0 0x0000000080000000 X1 0x0000000000000000 X2 0x0000000000000000 X3 0x0000000000000000
INFO - X4 0x0000000000000000 X5 0x0000000000000000 X6 0x0000000000000000 X7 0x0000000000000000
INFO - X8 0x000000007FFFF008 X9 0x0000000700000000 X10 0x000000007EA47000 X11 0x000000007EA54FFF
INFO - X12 0x0000000000000000 X13 0x0000000000000008 X14 0x0000000000000000 X15 0x0000000000000000
INFO - X16 0x0000000047484D70 X17 0x00000000474CC000 X18 0x0000000000000000 X19 0x000000007FFD0018
INFO - X20 0x0000000000000001 X21 0x000000007EA55D98 X22 0x000000007FBE5000 X23 0x0000000000000030
INFO - X24 0x0000000000000000 X25 0x000000007FBE5000 X26 0x0000000000000000 X27 0x00000000474B0000
INFO - X28 0x0000000000000001 FP 0x0000000047484C50 LR 0x000000007FBE2430
INFO -
INFO - V0 0x0000000000000000 0000000000000000 V1 0x0000000000000000 0000000000000000
INFO - V2 0x0000000000000000 0000000000000000 V3 0x0000000000000000 0000000000000000
INFO - V4 0x0000000000000000 0000000000000000 V5 0x0000000000000000 0000000000000000
INFO - V6 0x0000000000000000 0000000000000000 V7 0x0000000000000000 0000000000000000
INFO - V8 0x0000000000000000 0000000000000000 V9 0x0000000000000000 0000000000000000
INFO - V10 0x0000000000000000 0000000000000000 V11 0x0000000000000000 0000000000000000
INFO - V12 0x0000000000000000 0000000000000000 V13 0x0000000000000000 0000000000000000
INFO - V14 0x0000000000000000 0000000000000000 V15 0x0000000000000000 0000000000000000
INFO - V16 0x0000000000000000 0000000000000000 V17 0x0000000000000000 0000000000000000
INFO - V18 0x0000000000000000 0000000000000000 V19 0x0000000000000000 0000000000000000
INFO - V20 0x0000000000000000 0000000000000000 V21 0x0000000000000000 0000000000000000
INFO - V22 0x0000000000000000 0000000000000000 V23 0x0000000000000000 0000000000000000
INFO - V24 0x0000000000000000 0000000000000000 V25 0x0000000000000000 0000000000000000
INFO - V26 0x0000000000000000 0000000000000000 V27 0x0000000000000000 0000000000000000
INFO - V28 0x0000000000000000 0000000000000000 V29 0x0000000000000000 0000000000000000
INFO - V30 0x0000000000000000 0000000000000000 V31 0x0000000000000000 0000000000000000
Thanks!
*
Doug
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118615): https://edk2.groups.io/g/devel/message/118615
Mute This Topic: https://groups.io/mt/105949609/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 19378 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] Assistance Needed: ArmVirtPkg
2024-05-06 22:22 [edk2-devel] Assistance Needed: ArmVirtPkg Doug Flick via groups.io
@ 2024-05-07 10:48 ` Gerd Hoffmann
2024-05-07 15:17 ` Ard Biesheuvel
1 sibling, 0 replies; 6+ messages in thread
From: Gerd Hoffmann @ 2024-05-07 10:48 UTC (permalink / raw)
To: Doug Flick
Cc: devel@edk2.groups.io, ardb+tianocore@kernel.org,
quic_llindhol@quicinc.com, sami.mujawar@arm.com
On Mon, May 06, 2024 at 10:22:07PM GMT, Doug Flick wrote:
> All,
>
> In order to patch Tianocore Bugzilla issues and CVEs:
> 4541 – Bug 08 - edk2/NetworkPkg: Predictable TCP ISNs (tianocore.org)<https://bugzilla.tianocore.org/show_bug.cgi?id=4541>
> and
> 4542 – Bug 09 - edk2/NetworkPkg: Use of a Weak PseudoRandom Number Generator (tianocore.org)<https://bugzilla.tianocore.org/show_bug.cgi?id=4542>
>
> I've added as a dependency Hash2CryptoDxe and RngDxe lib to NetworkPkg. I've been able to add the relevant libraries to the DSCs of OvmfPkg and EmulatorPkg however I'm seeing odd behavior with ArmVirtPkg.
>
> Would someone more knowledgeable with ArmVirtPkg take a look this PR.
Both OVMF and ArmVirt use the virtio random number device as
source for random numbers.
Driver: OvmfPkg/VirtioRngDxe
Some Background: https://wiki.qemu.org/Features/VirtIORNG
Typically the virtio rng device is present in virtual machine
configurations. It might be missing though.
I'd recommend:
(1) Do *not* add RngDxe to OvmfPkg and ArmVirtPkg dsc files, instead
continue to depend on VirtioRngDxe.
(2) Keep the time-based not-really-random RNG generator as fallback in
case EFI_RNG_PROTOCOL is not present (possibly requiring a PCD
being set so the fallback option can be disabled at build time).
HTH & take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118642): https://edk2.groups.io/g/devel/message/118642
Mute This Topic: https://groups.io/mt/105949609/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [edk2-devel] Assistance Needed: ArmVirtPkg
2024-05-06 22:22 [edk2-devel] Assistance Needed: ArmVirtPkg Doug Flick via groups.io
2024-05-07 10:48 ` Gerd Hoffmann
@ 2024-05-07 15:17 ` Ard Biesheuvel
2024-05-07 22:28 ` Doug Flick via groups.io
1 sibling, 1 reply; 6+ messages in thread
From: Ard Biesheuvel @ 2024-05-07 15:17 UTC (permalink / raw)
To: Doug Flick
Cc: devel@edk2.groups.io, ardb+tianocore@kernel.org,
quic_llindhol@quicinc.com, sami.mujawar@arm.com,
kraxel@redhat.com
On Tue, 7 May 2024 at 00:22, Doug Flick <dougflick@microsoft.com> wrote:
>
> All,
>
> In order to patch Tianocore Bugzilla issues and CVEs:
> 4541 – Bug 08 - edk2/NetworkPkg: Predictable TCP ISNs (tianocore.org)
> and
> 4542 – Bug 09 - edk2/NetworkPkg: Use of a Weak PseudoRandom Number Generator (tianocore.org)
>
> I've added as a dependency Hash2CryptoDxe and RngDxe lib to NetworkPkg. I've been able to add the relevant libraries to the DSCs of OvmfPkg and EmulatorPkg however I'm seeing odd behavior with ArmVirtPkg.
>
> Would someone more knowledgeable with ArmVirtPkg take a look this PR.
>
> PixieFail #8 and #9 TCBZ4541 and TCBZ4542 by Flickdm · Pull Request #5582 · tianocore/edk2 (github.com)
>
> The issue was introduced in the commit "ArmVirtPkg: : Add RngDxe to ArmVirtPkg"
>
> Right now PlatformCI_ArmVirtPkg_Ubuntu_GCC5_PR is crashing
You need to configure the TrngLib to use either secure monitor calls
or hypervisor calls, and this might be different depending on the
context:
- ordinary VMs running under proper virtualization will execute at EL1
under a hypervisor that implements the TRNG service, so it can only
use HVC (and SMC will trap, as you've experienced)
- QEMU itself does not implement the TRNG service (to my knowledge) so
running a VM under TCG emulation of EL1 will not have access to the
TRNG
- other emulation modes of QEMU may run the firmware in a different
way, where SMC is actually appropriate, and this could be either EL1
or EL2.
This makes it slightly awkward to decide whether or not to dispatch
RngDxe, and this is why nobody has gotten around to it (and I forgot
about this tbh)
TL;DR
building with --pcd PcdMonitorConduitHvc=TRUE will avoid the crash but
may not result in a usable RngDxe
It also seems to me that those network drivers will now need to DEPEX
on the RNG protocol, as they may get dispatched too early otherwise:
Failed to generate random data using secure algorithm 0: Unsupported
Failed to generate random data using secure algorithm 1: Unsupported
Failed to generate random data using secure algorithm 2: Unsupported
ASSERT_EFI_ERROR (Status = Unsupported)
ASSERT [Udp4Dxe] DxeNetLib.c(973): !(((INTN)(RETURN_STATUS)(Status)) < 0)
QEMU: Terminated
This is with -device virtio-rng-pci and the VirtioRngDxe driver (which
is already included in OVMF and ArmVirtQemu) but the driver dispatches
before the driver model can instantiate the protocol.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118646): https://edk2.groups.io/g/devel/message/118646
Mute This Topic: https://groups.io/mt/105949609/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] Assistance Needed: ArmVirtPkg
2024-05-07 15:17 ` Ard Biesheuvel
@ 2024-05-07 22:28 ` Doug Flick via groups.io
2024-05-07 23:19 ` Ard Biesheuvel
0 siblings, 1 reply; 6+ messages in thread
From: Doug Flick via groups.io @ 2024-05-07 22:28 UTC (permalink / raw)
To: Ard Biesheuvel, devel
[-- Attachment #1: Type: text/plain, Size: 771 bytes --]
Thanks Ard for the explanation!
Would you be able to tell me the exact changes you made to get to this point and if that would be an acceptable change to make to get these CVE patches on the mailing list? I'm happy adding the depex but fundamentally I think the goal is get these patches into this release. My attempts to rollback some of my changes and use VirtioRngDxe have been unsuccessful so far.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118647): https://edk2.groups.io/g/devel/message/118647
Mute This Topic: https://groups.io/mt/105949609/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 1189 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] Assistance Needed: ArmVirtPkg
2024-05-07 22:28 ` Doug Flick via groups.io
@ 2024-05-07 23:19 ` Ard Biesheuvel
2024-05-07 23:40 ` Doug Flick via groups.io
0 siblings, 1 reply; 6+ messages in thread
From: Ard Biesheuvel @ 2024-05-07 23:19 UTC (permalink / raw)
To: Doug Flick; +Cc: devel
There are no code changes, the only difference is adding the --pcd
PcdMonitorConduitHvc=TRUE option to the build.sh command line, and
running QEMU with -device virtio-rng-pci (which we should be doing in
any case, IMO)
The DEPEX might fix this, and this is actually the appropriate thing
to do if the driver cannot even be dispatched without the RNG protocol
available. However, I'm not convinced this is the right approach - I
think dispatching the driver but failing in the Supported() call on a
missing RNG protocol would be less disruptive, and give more
opportunity for a meaningful warning/error message to the actual user.
But I must admit I have only taken a very cursory look at the
underlying CVE and your proposed mitigation.
On Wed, 8 May 2024 at 00:28, Doug Flick via groups.io
<dougflick=microsoft.com@groups.io> wrote:
>
> Thanks Ard for the explanation! Would you be able to tell me the exact changes you made to get to this point and if that would be an acceptable change to make to get these CVE patches on the mailing list? I'm happy adding the depex but fundamentally I think the goal is get these patches into this release. My attempts to rollback some of my changes and use VirtioRngDxe have been unsuccessful so far.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118649): https://edk2.groups.io/g/devel/message/118649
Mute This Topic: https://groups.io/mt/105949609/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-05-07 23:40 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-05-06 22:22 [edk2-devel] Assistance Needed: ArmVirtPkg Doug Flick via groups.io
2024-05-07 10:48 ` Gerd Hoffmann
2024-05-07 15:17 ` Ard Biesheuvel
2024-05-07 22:28 ` Doug Flick via groups.io
2024-05-07 23:19 ` Ard Biesheuvel
2024-05-07 23:40 ` Doug Flick via groups.io
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox