From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (NAM04-DM6-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web09.26.1616599956611292901 for ; Wed, 24 Mar 2021 08:32:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=a/LzmoRE; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: , mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d+G2G/pH7uWx/nD95/jxB+50FGmcjq5R7mSQ0Wd+rCofM85ob4AX/3RgJQs7m5sStzluegvhWhxNW4jzcDv1w2EMs7ioQ/QGaWsvSnnWe4hdsEKlcNrzxf4H2lCbOf74TcLQJTPdpxIWrKrNdYBZZcrkIlEoct3kM829Qn0LPjoX2d9odz/RodUiMK6CV8Do4XIYiGzfsv44DQ0t+9PxKG9OORd8GfPqNBK6z+A+c+nVutZ/1xrmzzAQDPHnjP/Q59tFfKvLLOJiN7q/cZ1NNg2fTp8Aka9Z1MpW4ATjA1YbAYcjRIsnPb9zOBTHmub/4FYSctXLpDXoEZaqfRHBSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9w+quKcbyaJYyx14nk1caj7O6QJgAIicTP7slw5V1sg=; b=IS3EnlxBfrIT35BxiunGLI04Zp91qBmyfVCIsTLWjbP70AP42DfSRZIttIS9I3OBX26Lc+WlIxZ5TcSr3/JOoSAaMK4jatKl/xCSjW5QA+q7sKmGLxvdqwKAuTf1pXDn4oUzo/IvRin4C6dj+a6HZZFktPGKNNupUe8kiGUEeRjftVBxxLUftT4ipa+xaPIt/G5d33JEWZ8WQ7GWZbmqdhZxE4etCrzAwIXi9pLprjcZYBx9hKYgRAgCHPydFaRmZMzCYOJIwF7OSNDJ1TdP9+sj0K/nFxmOpD1Vwp5jOI7pYjM9qiDRHGOmorRfYKMtzsie9MAbcrBzNE8e1ZpASA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9w+quKcbyaJYyx14nk1caj7O6QJgAIicTP7slw5V1sg=; b=a/LzmoREvH8ZE7rbGezk3Q6Pla5c51fqYgF7wuZuiEFssLaeaDbTLoLeZ4PgrAXcaTW1buwgeob86kMfRkM+60n5dXvitV3HWAnjm2J6LrBpevOFLbdXeh5/3tmihRYpXUwLIwIIqWtFs3vF6kys6DxWWW0kIXuC4Feae6zyZwg= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4430.namprd12.prod.outlook.com (2603:10b6:806:70::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18; Wed, 24 Mar 2021 15:32:36 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::30fb:2d6c:a0bf:2f1d]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::30fb:2d6c:a0bf:2f1d%3]) with mapi id 15.20.3955.027; Wed, 24 Mar 2021 15:32:36 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek Subject: [RFC PATCH 13/19] OvmfPkg/SecMain: Validate the data/code pages used for the PEI phase Date: Wed, 24 Mar 2021 10:32:09 -0500 Message-Id: <20210324153215.17971-14-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210324153215.17971-1-brijesh.singh@amd.com> References: <20210324153215.17971-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR11CA0006.namprd11.prod.outlook.com (2603:10b6:806:6e::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR11CA0006.namprd11.prod.outlook.com (2603:10b6:806:6e::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18 via Frontend Transport; Wed, 24 Mar 2021 15:32:36 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: a19296f0-1a7f-44c1-632a-08d8eeda0d13 X-MS-TrafficTypeDiagnostic: SA0PR12MB4430: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 1MRUNB0N2lr3Dz52zmCG4Y7V0dSKiHKAsypeOnXXMWYMSvd79DBck1YlkY9AO4zjU0ZaU0zXsC+9GXeC3qkVVwhDWClvjKxFZdxoBiqB25eqqlcK+kn8d0D6Z42ZFiOfYwbedbKK+DFRBBAu2ZHtJb+HQ5cMmZFfXWyLkO3LqTlSdUGohuTZU6a1hUQL1HcuuoFA5P2aHrWFqhOPL8MUrmn2ZWn4NDpyNVQ92xbDja6Nl7PewXTuFbmG/9oGuiJBGN1irEQMacoKg1pyST4W25qDsavXLqsftz5XNASn5pwgAmk1TLRayRGvTCYlk6Edg5jA/GVUWsWzN7AVwbV1B+5L/eq/FWds600+A9c0HYyFZKa5HeFXsGKN2rOuKn7f8VoYFYLyqBph1+nc5q3X88EY/jMfwxowlTrUhMu8RvyTVOZEKgMyD4bsyB+XB5xgPYKWuXLnumR1M+gmwKFIUvEA4/FMgVuKFlhINAYM0fJGdH/FlbLTtYRm0uo9rQGXGI2285ufd+Cj4nl8Gh2LK9roNZ1GHwabIdL5LdgaRM+/jqPkC6JkMa0maXYgHfg1EyKMLlKLITtxUVAA/ijyNYe56eptkORWhi0A2UaJETo8vXEc8Ryp4zIdO+AMNd52UFBVW5p665qErbZ+E12PXK6uhfHpnobsFwHh1Gi0oESmlV9eKFH5lPTkq+O8GaJbPAcW4efRERO1Kn2DJGq4VJRh8sETAUv2S4R20jDBft0AqUWTPdCYPQPjCei4YmXRJetZE+IEk+MHem8hqcF4VA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(39860400002)(136003)(376002)(346002)(396003)(2616005)(83380400001)(66476007)(15650500001)(4326008)(44832011)(1076003)(6486002)(2906002)(86362001)(66946007)(478600001)(316002)(66556008)(966005)(16526019)(6666004)(26005)(54906003)(6916009)(186003)(5660300002)(8676002)(7696005)(956004)(8936002)(38100700001)(36756003)(52116002)(71600200004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?T+9e/uWgU+HQYJZ/JwNU0U+q0RN5H+MU7Rvy6D5of4+giJQVsxe+AICH3Sa2?= =?us-ascii?Q?qrFjGtkYel1l9sj14dR3DZcKvwD0E1DYb4DZFskn+pFz5Fd6eN6XiZ8/wwjV?= =?us-ascii?Q?MCyylq6mv7JrPf72Kcx903k4RmA3JX826pkcK+7knrefue1QZEPJehv/wpL7?= =?us-ascii?Q?5VjH4necLqwRNnzWPvLwTZumhtp7SVcXlv0da2+cE91VTffRyktSagSdtmyB?= =?us-ascii?Q?vQLRxoIhb1CSRfmEtnCHnuChP1iqoP6zhOwCPdCyOUwQq/VUnZkAnUNaF15T?= =?us-ascii?Q?yKIW284eHPPFLGOaSVZTMYC48H2OJ90jrxKcNS08E3G7Wa02EmviewhK9PeB?= =?us-ascii?Q?VtwCxMiWcKsqJ5ZYhbuAtFNDHRzRGL6LW4zrwuNXGJrJHX+t6okglWjwQYKj?= =?us-ascii?Q?67qH3QzStF8OmQBEPtHDB+bpf3YKFQqyvDDphFTTWfhDA4LXRFHVGsVhb66k?= =?us-ascii?Q?w5sNijKw21qKIT+uHZa00ki0yyMAyy3uQul0gt9++LdjZP4Wxs49bOhGhF+T?= =?us-ascii?Q?eY5i/xWEEZe7u4G2eRmt+fuyvVqs/AlcHzQaK39z5sMaBFQTkCloQmyyNkm2?= =?us-ascii?Q?5MPi5P486ELvoWBRTo5UiPwAUjQF2hxoOQBeX+ecM08yEsx+aCNKoIydD/4h?= =?us-ascii?Q?Uj62YsNPXRd10FOyo74MPUwuf9tK4gAwE4vKbkI1rIgq//oQ40CK9PxPkARG?= =?us-ascii?Q?KI3RyGgMExypt4A5bn7ZfBCBlXh457znvTQNA2snvcL/SlmRcrT47ogm1WCr?= =?us-ascii?Q?qoaGSGIkBFWYfDVYWPVzI8JLuhHTjcUG1AttrPju75C/RzReazbaT5xfFlZU?= =?us-ascii?Q?4wwUyl+nCBjAIG4P44s6yJtgSZBojoGkYaxQt+6gO2oKVwPQ8PxhOFg82U+K?= =?us-ascii?Q?zYdBhtkaJaZ61f55d/rVNU5PK3IDTA/ZA0f5y08fS15N38EcSWK9Sobx+XoY?= =?us-ascii?Q?J04eiH+26yVVGEcZaVdiGNjr/0F+aJbh96Q6ZXMYhQh5M+KHm4tz1FMpJ4vB?= =?us-ascii?Q?NI/H52I0j7torDmXRkPJRXFhZro13tlQ/fmqPE66YZzD5v3IPQNhDNFmTkJ/?= =?us-ascii?Q?v8Aid6CEtIrD92xGs2zqZgSgb8B45c4IBpLktmwPFg5Ifrxp84xb871dDnLD?= =?us-ascii?Q?dfYWmcQihw3Ko3cIRmtWZNKlrADd3+LnFk0PyMG87LuZIAN7RpybhRgf7UHf?= =?us-ascii?Q?sGEgVO4658S1tGOfwyC16Sl1QdWfrUgqdx7iXTHc5T+Js11Dimp11qG8kkcD?= =?us-ascii?Q?XHEvo8G172hZTpOZjaBDNVkkFj1ctXTiucDutdQ/NWl+Lzht2DM7roGzbCP/?= =?us-ascii?Q?icTkXugpnygl5WDBAW1vjPah?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a19296f0-1a7f-44c1-632a-08d8eeda0d13 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Mar 2021 15:32:36.4339 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: KixgzCuud57B3t7nAugswArKWJrt9/y/nnH6dH3c6yxtLJH4Y2D8+l2ayp2xrkz9aCFyrCJ81N85B1cPrA2B1g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4430 Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The VMM launch sequence should have validated all the data pages used in the SEC phase. Before decompressing the firmware volume, validate the data/code pages used during the decompression steps, and any other pages used during the PEI phase entry. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Signed-off-by: Brijesh Singh --- OvmfPkg/Sec/SecMain.c | 26 ++++++++++++++++++++ OvmfPkg/Sec/SecMain.inf | 2 ++ 2 files changed, 28 insertions(+) diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index df6722b546..b491810376 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -351,6 +351,32 @@ DecompressMemFvs ( return Status; } + if (MemEncryptSevSnpIsEnabled ()) { + EFI_PHYSICAL_ADDRESS LaunchValidatedBase, LaunchValidatedEnd; + UINTN Size; + + // + // The VMM launch sequence should have validated the memory range from + // MEMFD_BASE_ADDRESS to PcdOvmfPeiMemFvBase. The PCD values are also + // accessible through PcdOvmfSnpLaunchValidatedStart, and PcdOvmfSnpLaunchValidatedEnd. + // The pre-validation was sufficent to access the data pages used in the SEC + // phase. + // + // Now that we are getting ready to decompress firmware volumes, and enter + // to PEI phase. Lets validate the code/data pages used for entering to the + // PEI phase. + // + // See FvmainCompactScratchEnd.fdf.inc for more detail. + // + LaunchValidatedBase = + (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfSnpLaunchValidatedStart); + LaunchValidatedEnd = LaunchValidatedBase + + (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfSnpLaunchValidatedEnd); + Size = PcdGet32 (PcdOvmfDecompressionScratchEnd) - LaunchValidatedEnd; + + MemEncryptSevSnpValidateSystemRam (LaunchValidatedEnd, EFI_SIZE_TO_PAGES (Size)); + } + Status = ExtractGuidedSectionGetInfo ( Section, &OutputBufferSize, diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf index 7f78dcee27..207accb53c 100644 --- a/OvmfPkg/Sec/SecMain.inf +++ b/OvmfPkg/Sec/SecMain.inf @@ -70,6 +70,8 @@ gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpLaunchValidatedStart + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpLaunchValidatedEnd [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire -- 2.17.1