From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web11.5674.1621920689393294526
 for <devel@edk2.groups.io>;
 Mon, 24 May 2021 22:31:29 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=MCB9lSqL;
 spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: dovmurik@linux.ibm.com)
Received: from pps.filterd (m0098396.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14P5UViF191103;
	Tue, 25 May 2021 01:31:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject
 : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding; s=pp1;
 bh=wLpeEKwXwDap+z8Bz0pwnE2IhuBLsbPL7P9MasWto60=;
 b=MCB9lSqLLdiRv26USx96XhxDdFlJ+9qGFxOnjFZHAm5GKv/dbvaRr52NEpx7dmqXxAE0
 R2e+OPTJtLTpYmJ4yvQAJYDDD2lzxNdE7iUmXY6D+5EVasyoT9rQOJ+j4+C1mj2I6sEv
 rmWmcRnv7cepfUIg9Q/7BfPjE3NOIXKAhUJOeRfUcq/GEPtPqH1UEPYUkji/satZsXyA
 69TlzZbH8e5mNl/wd/HM4g1W4pzS/aGz9MnwLrWsc0EsYfrrvmvZO7GherPJDllKnYcQ
 Zz4xOVzWzOOKKbdBFOLpQ7Kos2E1BAfehyCiy5iNBczkxwxF7FxhvWXA1DhoqERDxl4y 2Q== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 38ru5d80eg-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 25 May 2021 01:31:27 -0400
Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 14P5VQav193437;
	Tue, 25 May 2021 01:31:26 -0400
Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27])
	by mx0a-001b2d01.pphosted.com with ESMTP id 38ru5d80dw-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 25 May 2021 01:31:26 -0400
Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1])
	by ppma05wdc.us.ibm.com (8.16.0.43/8.16.0.43) with SMTP id 14P5RVkA006022;
	Tue, 25 May 2021 05:31:25 GMT
Received: from b01cxnp22035.gho.pok.ibm.com (b01cxnp22035.gho.pok.ibm.com [9.57.198.25])
	by ppma05wdc.us.ibm.com with ESMTP id 38q65s8y6d-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 25 May 2021 05:31:25 +0000
Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com [9.57.199.106])
	by b01cxnp22035.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 14P5VOjZ32899360
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Tue, 25 May 2021 05:31:24 GMT
Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id A82302805E;
	Tue, 25 May 2021 05:31:24 +0000 (GMT)
Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 6DED12805C;
	Tue, 25 May 2021 05:31:24 +0000 (GMT)
Received: from localhost.localdomain (unknown [9.2.130.16])
	by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTP;
	Tue, 25 May 2021 05:31:24 +0000 (GMT)
From: Dov Murik <dovmurik@linux.ibm.com>
To: devel@edk2.groups.io
Cc: Dov Murik <dovmurik@linux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@ibm.com>, Jim Cadden <jcadden@ibm.com>,
        James Bottomley <jejb@linux.ibm.com>,
        Hubertus Franke <frankeh@us.ibm.com>, Laszlo Ersek <lersek@redhat.com>,
        Ard Biesheuvel <ardb+tianocore@kernel.org>,
        Jordan Justen <jordan.l.justen@intel.com>,
        Ashish Kalra <ashish.kalra@amd.com>,
        Brijesh Singh <brijesh.singh@amd.com>,
        Erdem Aktas <erdemaktas@google.com>, Jiewen Yao <jiewen.yao@intel.com>,
        Min Xu <min.m.xu@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH v1 6/8] OvmfPkg/AmdSev: Add firmware file plugin to verifier
Date: Tue, 25 May 2021 05:31:14 +0000
Message-Id: <20210525053116.1533673-7-dovmurik@linux.ibm.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20210525053116.1533673-1-dovmurik@linux.ibm.com>
References: <20210525053116.1533673-1-dovmurik@linux.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: 9P8qwpdWfHHqXpYf2V4xS4UTUilFI5hT
X-Proofpoint-ORIG-GUID: VCeiyONcbx_9RJ1KdkI_Htj1O9_bLzyC
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.761
 definitions=2021-05-25_02:2021-05-24,2021-05-25 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015
 lowpriorityscore=0 malwarescore=0 suspectscore=0 mlxscore=0 adultscore=0
 mlxlogscore=999 spamscore=0 phishscore=0 impostorscore=0 bulkscore=0
 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2104190000 definitions=main-2105250034
Content-Transfer-Encoding: quoted-printable

From: James Bottomley <jejb@linux.ibm.com>

Provide a library verifier that plugs into the QemuKernelLoaderFs
hooks to verify the hashes against the SEV hash table (stored in
encrypted memory).

The verifier is enabled when SEV memory encryption is active.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
---
 OvmfPkg/AmdSev/AmdSevX64.dsc                                 |  5 +-
 OvmfPkg/AmdSev/Library/SevFwCfgVerifier/SevFwCfgVerifier.inf | 30 ++++++++=
++
 OvmfPkg/AmdSev/Library/SevFwCfgVerifier/SevFwCfgVerifier.c   | 60 ++++++++=
++++++++++++
 3 files changed, 94 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index b4484ca07614..bfb16798b3b7 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -697,7 +697,10 @@ [Components]
       NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf=0D
       NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanc=
eManagerUiLib.inf=0D
   }=0D
-  OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf=0D
+  OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {=0D
+    <LibraryClasses>=0D
+      NULL|OvmfPkg/AmdSev/Library/SevFwCfgVerifier/SevFwCfgVerifier.inf=0D
+  }=0D
   OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf=0D
   OvmfPkg/Virtio10Dxe/Virtio10.inf=0D
   OvmfPkg/VirtioBlkDxe/VirtioBlk.inf=0D
diff --git a/OvmfPkg/AmdSev/Library/SevFwCfgVerifier/SevFwCfgVerifier.inf b=
/OvmfPkg/AmdSev/Library/SevFwCfgVerifier/SevFwCfgVerifier.inf
new file mode 100644
index 000000000000..86d099455d55
--- /dev/null
+++ b/OvmfPkg/AmdSev/Library/SevFwCfgVerifier/SevFwCfgVerifier.inf
@@ -0,0 +1,30 @@
+##  @file=0D
+#  Provides the Secure Verification services for AMD SEV firmware config=0D
+#=0D
+#  Copyright (C) 2021 James Bottomley, IBM Corporation.=0D
+#=0D
+#  SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#=0D
+##=0D
+=0D
+[Defines]=0D
+  INF_VERSION                    =3D 0x00010005=0D
+  BASE_NAME                      =3D SevFwCfgVerifier=0D
+  FILE_GUID                      =3D 33457c78-aae2-4511-9188-ac1fe88d03de=
=0D
+  MODULE_TYPE                    =3D DXE_DRIVER=0D
+  VERSION_STRING                 =3D 1.0=0D
+  LIBRARY_CLASS                  =3D NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DX=
E_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER=0D
+  CONSTRUCTOR                    =3D SevFwCfgVerifierConstructor=0D
+=0D
+[Sources]=0D
+  SevFwCfgVerifier.c=0D
+=0D
+[Packages]=0D
+  MdePkg/MdePkg.dec=0D
+  OvmfPkg/OvmfPkg.dec=0D
+=0D
+[LibraryClasses]=0D
+  BaseLib=0D
+  DebugLib=0D
+  MemEncryptSevLib=0D
+  SevHashFinderLib=0D
diff --git a/OvmfPkg/AmdSev/Library/SevFwCfgVerifier/SevFwCfgVerifier.c b/O=
vmfPkg/AmdSev/Library/SevFwCfgVerifier/SevFwCfgVerifier.c
new file mode 100644
index 000000000000..53b617a72aa9
--- /dev/null
+++ b/OvmfPkg/AmdSev/Library/SevFwCfgVerifier/SevFwCfgVerifier.c
@@ -0,0 +1,60 @@
+/** @file=0D
+  AMD SEV Firmware Config file verifier=0D
+=0D
+  Copyright (C) 2021 James Bottomley, IBM Corporation.=0D
+  SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+**/=0D
+=0D
+#include <Library/BaseLib.h>=0D
+#include <Library/DebugLib.h>=0D
+#include <Library/MemEncryptSevLib.h>=0D
+#include <Library/QemuFwCfgLib.h>=0D
+#include <Library/SevHashFinderLib.h>=0D
+=0D
+STATIC EFI_STATUS=0D
+EFIAPI=0D
+SevFwCfgVerifier (=0D
+  IN  CONST CHAR16    *Name,=0D
+  IN  VOID            *Buffer,=0D
+  IN  UINTN           Size=0D
+  )=0D
+{=0D
+  DEBUG ((DEBUG_INFO, "%a: Validating Hash of %s\n", __FUNCTION__, Name));=
=0D
+=0D
+  if (StrCmp (Name, L"kernel") =3D=3D 0) {=0D
+    return ValidateHashEntry (&SEV_KERNEL_HASH_GUID, Buffer, Size);=0D
+  }=0D
+  if (StrCmp (Name, L"initrd") =3D=3D 0) {=0D
+    return ValidateHashEntry (&SEV_INITRD_HASH_GUID, Buffer, Size);=0D
+  }=0D
+=0D
+  DEBUG ((DEBUG_ERROR, "%a: Failed to find Filename %s", __FUNCTION__, Nam=
e));=0D
+  return EFI_SECURITY_VIOLATION;=0D
+}=0D
+=0D
+/**=0D
+  Register security measurement handler.=0D
+=0D
+  @param  ImageHandle   ImageHandle of the loaded driver.=0D
+  @param  SystemTable   Pointer to the EFI System Table.=0D
+=0D
+  @retval EFI_SUCCESS   The handlers were registered successfully.=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+SevFwCfgVerifierConstructor (=0D
+  IN EFI_HANDLE        ImageHandle,=0D
+  IN EFI_SYSTEM_TABLE  *SystemTable=0D
+  )=0D
+{=0D
+  if (MemEncryptSevIsEnabled ()) {=0D
+    DEBUG ((DEBUG_INFO, "Enabling hash verification of fw_cfg files"));=0D
+    return RegisterFwCfgVerifier (SevFwCfgVerifier);=0D
+  } else {=0D
+    //=0D
+    // Don't install verifier if SEV isn't enabled=0D
+    //=0D
+    DEBUG ((DEBUG_INFO, "NOT Enabling hash verification of fw_cfg files"))=
;=0D
+    return EFI_SUCCESS;=0D
+  }=0D
+}=0D
--=20
2.25.1