From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web11.5675.1621920689489328976
 for <devel@edk2.groups.io>;
 Mon, 24 May 2021 22:31:29 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=AR4dGjiL;
 spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: dovmurik@linux.ibm.com)
Received: from pps.filterd (m0098399.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14P54bMA158032;
	Tue, 25 May 2021 01:31:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject
 : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding; s=pp1;
 bh=kq1Ubvh60Ocz+2LxFkl4LZHedz2+BjqC3zjIMP4Nbbg=;
 b=AR4dGjiLFcu+cspJBje2UFW5nXYbmcYtQfUZpPf8KgoCKssOIlT8F6epCBuNW/s3MHos
 d/k6NdUs4bUCIoZbdtLf1hmeJkXXj3p8S0sBIlv3kDVwkf6JoTMS6n3PUwmkbXKJcp+/
 ivpURdLngyAz63MjogYO4UdMJE5AaUqZM0xOud+gW7vEwe6L66DjnHCIfyCLZRMjqPsx
 zjQMzIPzi0TZXlSkPkFpKVh8w8HfheS+sz4lND01LiH3xkD1/xCpdu6WUDhvxpTf4AvL
 fR4cN9sjevKrymEHd+Y59SgChdiZAvqLjuY7Oc3S5+5Iagr0qHMvcgb1ODv3t9IW3vZU Hw== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 38rryak590-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 25 May 2021 01:31:27 -0400
Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 14P562Oh165502;
	Tue, 25 May 2021 01:31:26 -0400
Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170])
	by mx0a-001b2d01.pphosted.com with ESMTP id 38rryak57w-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 25 May 2021 01:31:25 -0400
Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1])
	by ppma02wdc.us.ibm.com (8.16.0.43/8.16.0.43) with SMTP id 14P5RoWi027752;
	Tue, 25 May 2021 05:31:24 GMT
Received: from b01cxnp22034.gho.pok.ibm.com (b01cxnp22034.gho.pok.ibm.com [9.57.198.24])
	by ppma02wdc.us.ibm.com with ESMTP id 38psk9cdpu-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 25 May 2021 05:31:24 +0000
Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com [9.57.199.106])
	by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 14P5VNl526673534
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Tue, 25 May 2021 05:31:23 GMT
Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id B9CAB28064;
	Tue, 25 May 2021 05:31:23 +0000 (GMT)
Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 74F3228059;
	Tue, 25 May 2021 05:31:23 +0000 (GMT)
Received: from localhost.localdomain (unknown [9.2.130.16])
	by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTP;
	Tue, 25 May 2021 05:31:23 +0000 (GMT)
From: Dov Murik <dovmurik@linux.ibm.com>
To: devel@edk2.groups.io
Cc: Dov Murik <dovmurik@linux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@ibm.com>, Jim Cadden <jcadden@ibm.com>,
        James Bottomley <jejb@linux.ibm.com>,
        Hubertus Franke <frankeh@us.ibm.com>, Laszlo Ersek <lersek@redhat.com>,
        Ard Biesheuvel <ardb+tianocore@kernel.org>,
        Jordan Justen <jordan.l.justen@intel.com>,
        Ashish Kalra <ashish.kalra@amd.com>,
        Brijesh Singh <brijesh.singh@amd.com>,
        Erdem Aktas <erdemaktas@google.com>, Jiewen Yao <jiewen.yao@intel.com>,
        Min Xu <min.m.xu@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH v1 3/8] OvmfPkg/AmdSev: add a page to the MEMFD for firmware config hashes
Date: Tue, 25 May 2021 05:31:11 +0000
Message-Id: <20210525053116.1533673-4-dovmurik@linux.ibm.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20210525053116.1533673-1-dovmurik@linux.ibm.com>
References: <20210525053116.1533673-1-dovmurik@linux.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: 3aS0X-WNWUqUGWlwN3hzHTD8MO5Zpzsr
X-Proofpoint-ORIG-GUID: Y_gwjytyj6PDk3uQvsGdGwWwaCYhCicA
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.761
 definitions=2021-05-25_02:2021-05-24,2021-05-25 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 bulkscore=0
 lowpriorityscore=0 clxscore=1015 impostorscore=0 mlxlogscore=999
 priorityscore=1501 mlxscore=0 spamscore=0 phishscore=0 adultscore=0
 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2104190000 definitions=main-2105250034
Content-Transfer-Encoding: quoted-printable

From: James Bottomley <jejb@linux.ibm.com>

Reserve a page inside the MEMFD for the VMM to place an encrypted page
containing GUID described hashes of firmware configurations.  We do
this so the page gets attested by the PSP and thus the untrusted VMM
can't pass in different files from what the guest owner thinks.

Declare this in the Reset Vector table using GUID
7255371f-3a3b-4b04-927b-1da6efa8d454 and a uint32_t table of a base
and size value, identically to the secret block.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
---
 OvmfPkg/OvmfPkg.dec                          |  6 ++++++
 OvmfPkg/AmdSev/AmdSevX64.fdf                 |  3 +++
 OvmfPkg/ResetVector/ResetVector.inf          |  2 ++
 OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 20 ++++++++++++++++++++
 OvmfPkg/ResetVector/ResetVector.nasmb        |  2 ++
 5 files changed, 33 insertions(+)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 6ae733f6e39f..7cd29a60a436 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -321,6 +321,12 @@ [PcdsFixedAtBuild]
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42=0D
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43=0D
 =0D
+  ## The base address and size of a hash table confirming allowed=0D
+  #  parameters to be passed in via the Qemu firmware configuration=0D
+  #  device=0D
+  gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|0x0|UINT32|0x47=0D
+  gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize|0x0|UINT32|0x48=0D
+=0D
 [PcdsDynamic, PcdsDynamicEx]=0D
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2=0D
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x1=
0=0D
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index dd0030dbf189..6e1bb7723bd1 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -65,6 +65,9 @@ [FD.MEMFD]
 0x00D000|0x001000=0D
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace=
Guid.PcdOvmfSecGhcbBackupSize=0D
 =0D
+0x00E000|0x001000=0D
+gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid=
.PcdQemuHashTableSize=0D
+=0D
 0x010000|0x010000=0D
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace=
Guid.PcdOvmfSecPeiTempRamSize=0D
 =0D
diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese=
tVector.inf
index dc38f68919cd..d028c92d8cfa 100644
--- a/OvmfPkg/ResetVector/ResetVector.inf
+++ b/OvmfPkg/ResetVector/ResetVector.inf
@@ -47,3 +47,5 @@ [Pcd]
 [FixedPcd]=0D
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase=0D
   gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize=0D
+  gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase=0D
+  gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize=0D
diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVe=
ctor/Ia16/ResetVectorVtf0.asm
index 9c0b5853a46f..7ec3c6e980c3 100644
--- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
+++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
@@ -47,7 +47,27 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart =
+ 15) % 16)) DB 0
 ;=0D
 guidedStructureStart:=0D
 =0D
+; SEV Hash Table Block=0D
 ;=0D
+; This describes the guest ram area where the hypervisor should=0D
+; install a table describing the hashes of certain firmware configuration=
=0D
+; device files that would otherwise be passed in unchecked.  The current=0D
+; use is for the kernel, initrd and command line values, but others may be=
=0D
+; added.  The data format is:=0D
+;=0D
+; base physical address (32 bit word)=0D
+; table length (32 bit word)=0D
+;=0D
+; GUID (SEV FW config hash block): 7255371f-3a3b-4b04-927b-1da6efa8d454=0D
+;=0D
+sevFwHashBlockStart:=0D
+    DD      SEV_FW_HASH_BLOCK_BASE=0D
+    DD      SEV_FW_HASH_BLOCK_SIZE=0D
+    DW      sevFwHashBlockEnd - sevFwHashBlockStart=0D
+    DB      0x1f, 0x37, 0x55, 0x72, 0x3b, 0x3a, 0x04, 0x4b=0D
+    DB      0x92, 0x7b, 0x1d, 0xa6, 0xef, 0xa8, 0xd4, 0x54=0D
+sevFwHashBlockEnd:=0D
+=0D
 ; SEV Secret block=0D
 ;=0D
 ; This describes the guest ram area where the hypervisor should=0D
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re=
setVector.nasmb
index 5fbacaed5f9d..8d0bab02f8cb 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -88,5 +88,7 @@
   %define SEV_ES_AP_RESET_IP  FixedPcdGet32 (PcdSevEsWorkAreaBase)=0D
   %define SEV_LAUNCH_SECRET_BASE  FixedPcdGet32 (PcdSevLaunchSecretBase)=0D
   %define SEV_LAUNCH_SECRET_SIZE  FixedPcdGet32 (PcdSevLaunchSecretSize)=0D
+  %define SEV_FW_HASH_BLOCK_BASE  FixedPcdGet32 (PcdQemuHashTableBase)=0D
+  %define SEV_FW_HASH_BLOCK_SIZE  FixedPcdGet32 (PcdQemuHashTableSize)=0D
 %include "Ia16/ResetVectorVtf0.asm"=0D
 =0D
--=20
2.25.1