From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.120]) by mx.groups.io with SMTP id smtpd.web09.2298.1573121932493059548 for ; Thu, 07 Nov 2019 02:18:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=eK5gS6Dz; spf=pass (domain: redhat.com, ip: 205.139.110.120, mailfrom: dgilbert@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1573121931; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HdIlwKJ69Zm1SPluhXRNdHJgWpBRL21+6VS5JEbmEgo=; b=eK5gS6DzzLxuGkH4IYjD8By4mHsre6wHR2mF3p68bntfhDc2Oi5xoEgXjZTyV3WahFnj4A V/oY7g796ReWC6+eHSnaJceq+35aoV4tPo6oVxjal7y50Z1oCnWk97AiR2VdTP57Z/+ydf eps8p6MZ8lCmYvjrN2xRfozAB6SA0G0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-190-WFJMf6aENoCoX-z6HZetcQ-1; Thu, 07 Nov 2019 05:18:41 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B73801005500; Thu, 7 Nov 2019 10:18:39 +0000 (UTC) Received: from work-vm (unknown [10.36.118.14]) by smtp.corp.redhat.com (Postfix) with ESMTPS id AB94A5D6D8; Thu, 7 Nov 2019 10:18:34 +0000 (UTC) Date: Thu, 7 Nov 2019 10:18:32 +0000 From: "Dr. David Alan Gilbert" To: Laszlo Ersek Cc: qemu devel list , "Daniel P. Berrange" , Ard Biesheuvel , Jian J Wang , edk2-devel-groups-io , Bret Barkelew , Erik Bjorge , Sean Brogan , Paolo Bonzini , Philippe =?iso-8859-1?Q?Mathieu-Daud=E9?= Subject: Re: privileged entropy sources in QEMU/KVM guests Message-ID: <20191107101832.GA2817@work-vm> References: <03e769cf-a5ad-99ce-cd28-690e0a72a310@redhat.com> MIME-Version: 1.0 In-Reply-To: <03e769cf-a5ad-99ce-cd28-690e0a72a310@redhat.com> User-Agent: Mutt/1.12.1 (2019-06-15) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-MC-Unique: WFJMf6aENoCoX-z6HZetcQ-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline * Laszlo Ersek (lersek@redhat.com) wrote: > Hi, >=20 > related TianoCore BZ: >=20 > https://bugzilla.tianocore.org/show_bug.cgi?id=3D1871 >=20 > (I'm starting this thread separately because at least some of the topics > are specific to QEMU, and I didn't want to litter the BZ with a > discussion that may not be interesting to all participants CC'd on the > BZ. I am keeping people CC'd on this initial posting; please speak up if > you'd like to be dropped from the email thread.) >=20 > QEMU provides guests with the virtio-rng device, and the OVMF and > ArmVirtQemu* edk2 platforms build EFI_RNG_PROTOCOL on top of that > device. But, that doesn't seem enough for all edk2 use cases. >=20 > Also, virtio-rng (hence EFI_RNG_PROTOCOL too) is optional, and its > absence may affect some other use cases. >=20 >=20 > (1) For UEFI HTTPS boot, TLS would likely benefit from good quality > entropy. If the VM config includes virtio-rng (hence the guest firmware > has EFI_RNG_PROTOCOL), then it should be used as a part of HTTPS boot. >=20 > However, what if virtio-rng (hence EFI_RNG_PROTOCOL) are absent? Should > UEFI HTTPS boot be disabled completely (or prevented / rejected > somehow), blaming lack of good entropy? Or should TLS silently fall back > to "mixing some counters [such as TSC] together and applying a > deterministic cryptographic transformation"? >=20 > IOW, knowing that the TLS setup may not be based on good quality > entropy, should we allow related firmware services to "degrade silently" > (not functionally, but potentially in security), or should we deny the > services altogether? I don't see a downside to insisting that if you want to use https then you must provide an entropy source; they're easy enough to add using virtio-rng if the CPU doesn't provide it. >=20 > (2) It looks like the SMM driver implementing the privileged part of the > UEFI variable runtime service could need access to good quality entropy, > while running in SMM; in the future. >=20 > This looks problematic on QEMU. Entropy is a valuable resource, and > whatever resource SMM drivers depend on, should not be possible for e.g. > a 3rd party UEFI driver (or even for the runtime OS) to exhaust. > Therefore, it's not *only* the case that SMM drivers must not consume > EFI_RNG_PROTOCOL (which exists at a less critical privilege level, i.e. > outside of SMM/SMRAM), but also that SMM drivers must not depend on the > same piece of *hardware* that feeds EFI_RNG_PROTOCOL. >=20 > Furthermore, assuming we dedicate a hardware entropy device specifically > to SMM drivers, such a device cannot be PCI(e). It would have to be a > platform device at a fixed location (IO port or MMIO) that is only > accessible to such guest code that executes in SMM. IOW, device access > would have to be restricted similarly to pflash. (In fact the variable > SMM driver will need, AIUI, the entropy for encrypting various variable > contents, which are then written into pflash.) Ewww. I guess a virtio-rng instance wired to virtio-mmio could do that. It's a bit grim though. Dave > Alternatively, CPU instructions could exist that return entropy, and are > executable only inside SMM. It seems that e.g. RDRAND can be trapped in > guests ("A VMEXIT due to RDRAND will have exit reason 57 (decimal)"). > Then KVM / QEMU could provide any particular implementation we wanted -- > for example an exception could be injected unless RDRAND had been > executed from within SMM. Unfortunately, such an arbitrary restriction > (of RDRAND to SMM) would diverge from the Intel SDM, and would likely > break other (non-SMM) guest code. >=20 > Does a platform device that is dynamically detectable and usable in SMM > only seem like an acceptable design for QEMU? >=20 > Thanks, > Laszlo >=20 >=20 -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK