From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5])
 by mx.groups.io with SMTP id smtpd.web11.4830.1626768399838275379
 for <devel@edk2.groups.io>;
 Tue, 20 Jul 2021 01:06:40 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=q7M/P6BB;
 spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: dovmurik@linux.ibm.com)
Received: from pps.filterd (m0127361.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16K86TSE190642;
	Tue, 20 Jul 2021 04:06:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject
 : date : message-id : in-reply-to : references : content-transfer-encoding
 : mime-version; s=pp1; bh=y2rzNTIUv4bgVVLuy3Ayq9NNUjWey+TJBvpeoHrL8xY=;
 b=q7M/P6BBCJvtM9+na+L+SSXuQe0xTsaYSMG9RFg44GEq/Oj0szeB29WNwzFOOp/gLQEi
 kA8clUgTX0Qv+7x5DkB5ULrpUhVWAFYzbmgbXCt1P/cT5lwGMJ97HOqGq1QbHW1xNLM9
 D44aLjw4oZJ4ctGS1Ymups9me99M77K77h8fw8lbhXxh47V0X8lsv8ygZq17G55ZyHAB
 HwDEw9hM6QmzkacAnh0ME3zIYGvWA/1T/pL/506g7hYmZdLoL4MbX0CHXfNwhbXlvafY
 qEeDwDQw1XOUCEFstBWJnFg5KJlvfILf4fFS9bDVWdXfq/8canl++B9Y4MhOE0WH1qXK 8A== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 39wr5tv2ye-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 20 Jul 2021 04:06:37 -0400
Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 16K86Z6L191027;
	Tue, 20 Jul 2021 04:06:36 -0400
Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10])
	by mx0a-001b2d01.pphosted.com with ESMTP id 39wr5tv2jy-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 20 Jul 2021 04:06:36 -0400
Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1])
	by ppma02dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 16K83HLe021963;
	Tue, 20 Jul 2021 08:04:36 GMT
Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20])
	by ppma02dal.us.ibm.com with ESMTP id 39vuk4tvt7-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 20 Jul 2021 08:04:36 +0000
Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233])
	by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 16K84YW911862452
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Tue, 20 Jul 2021 08:04:34 GMT
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 02A9E136059;
	Tue, 20 Jul 2021 08:04:34 +0000 (GMT)
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id C28A4136065;
	Tue, 20 Jul 2021 08:04:32 +0000 (GMT)
Received: from localhost.localdomain (unknown [9.2.130.16])
	by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP;
	Tue, 20 Jul 2021 08:04:32 +0000 (GMT)
From: "Dov Murik" <dovmurik@linux.ibm.com>
To: devel@edk2.groups.io
Cc: Dov Murik <dovmurik@linux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@ibm.com>, Jim Cadden <jcadden@ibm.com>,
        James Bottomley <jejb@linux.ibm.com>,
        Hubertus Franke <frankeh@us.ibm.com>,
        Ard Biesheuvel <ardb+tianocore@kernel.org>,
        Jordan Justen <jordan.l.justen@intel.com>,
        Ashish Kalra <ashish.kalra@amd.com>,
        Brijesh Singh <brijesh.singh@amd.com>,
        Erdem Aktas <erdemaktas@google.com>, Jiewen Yao <jiewen.yao@intel.com>,
        Min Xu <min.m.xu@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH v3 07/11] OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg
Date: Tue, 20 Jul 2021 08:03:57 +0000
Message-Id: <20210720080401.3662854-8-dovmurik@linux.ibm.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20210720080401.3662854-1-dovmurik@linux.ibm.com>
References: <20210720080401.3662854-1-dovmurik@linux.ibm.com>
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: 7ub1n0KSebJIVPkOBOTiZm79wFj_2w8v
X-Proofpoint-GUID: SeALYliiKaqOk1O7EZE0lLGYSKAKXy8H
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.790
 definitions=2021-07-20_04:2021-07-19,2021-07-20 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 impostorscore=0
 mlxlogscore=999 priorityscore=1501 malwarescore=0 spamscore=0
 clxscore=1015 phishscore=0 lowpriorityscore=0 suspectscore=0 mlxscore=0
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2104190000 definitions=main-2107200047
Content-Transfer-Encoding: quoted-printable

In QemuKernelLoaderFsDxeEntrypoint we use FetchBlob to read the content
of the kernel/initrd/cmdline from the QEMU fw_cfg interface.  Insert a
call to VerifyBlob after fetching to allow BlobVerifierLib
implementations to add a verification step for these blobs.

This will allow confidential computing OVMF builds to add verification
mechanisms for these blobs that originate from an untrusted source
(QEMU).

The null implementation of BlobVerifierLib does nothing in VerifyBlob,
and therefore no functional change is expected.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457
Co-developed-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPk=
g/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
index c7ddd86f5c75..6832d563bcb0 100644
--- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
+++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
@@ -17,6 +17,7 @@
 #include <Guid/QemuKernelLoaderFsMedia.h>=0D
 #include <Library/BaseLib.h>=0D
 #include <Library/BaseMemoryLib.h>=0D
+#include <Library/BlobVerifierLib.h>=0D
 #include <Library/DebugLib.h>=0D
 #include <Library/DevicePathLib.h>=0D
 #include <Library/MemoryAllocationLib.h>=0D
@@ -1039,6 +1040,14 @@ QemuKernelLoaderFsDxeEntrypoint (
     if (EFI_ERROR (Status)) {=0D
       goto FreeBlobs;=0D
     }=0D
+    Status =3D VerifyBlob (=0D
+               CurrentBlob->Name,=0D
+               CurrentBlob->Data,=0D
+               CurrentBlob->Size=0D
+               );=0D
+    if (EFI_ERROR (Status)) {=0D
+      goto FreeBlobs;=0D
+    }=0D
     mTotalBlobBytes +=3D CurrentBlob->Size;=0D
   }=0D
   KernelBlob      =3D &mKernelBlob[KernelBlobTypeKernel];=0D
--=20
2.25.1