From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web09.6058.1627412855271363756 for ; Tue, 27 Jul 2021 12:07:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=SSUUJTEo; spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: dovmurik@linux.ibm.com) Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16RJ43O5111382; Tue, 27 Jul 2021 15:07:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-transfer-encoding : mime-version; s=pp1; bh=t8mFKsEbqyQ7yRwziCl3+S2edSWnS6N3aNVt8QuZ0ac=; b=SSUUJTEov4ulyhcOx4btL7Q/NPV1B4TnUJi51syL68Cu+0kJxaYYLCrlXfLrCYW5gbZP pq3hmJRUHA6XBmKe9VUip30t43vdLFYbTKrtVRqj+GI9dKrb4umQMsGbaEp7kdbvvOJx 27FZPzvRTi7kkXxc5AnUDDcsf8CEvidJlpl+v1pHky98YE7lvuXIwY5W0Z5DplvsC8cX rvFYlar6XEyko7I9fmM5TiT03bPeim3BJQxt0xuRjbd22vDZ33YCPmZQH1juk5UPVMLI 8RGbSHMS/aCDv8BrV5a2C3yrSNgQP2265lklvYBJRqzsax/WD0dwv30SuR0OhYULSrQV 4w== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 3a2qqw0mq2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 27 Jul 2021 15:07:33 -0400 Received: from m0098414.ppops.net (m0098414.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 16RJ45Oe111683; Tue, 27 Jul 2021 15:07:33 -0400 Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0b-001b2d01.pphosted.com with ESMTP id 3a2qqw0mp7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 27 Jul 2021 15:07:33 -0400 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 16RIuOn9029888; Tue, 27 Jul 2021 19:07:32 GMT Received: from b01cxnp22034.gho.pok.ibm.com (b01cxnp22034.gho.pok.ibm.com [9.57.198.24]) by ppma03dal.us.ibm.com with ESMTP id 3a235ph9g3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 27 Jul 2021 19:07:32 +0000 Received: from b01ledav003.gho.pok.ibm.com (b01ledav003.gho.pok.ibm.com [9.57.199.108]) by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 16RJ7UJ838273348 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 27 Jul 2021 19:07:30 GMT Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 404E7B2066; Tue, 27 Jul 2021 19:07:30 +0000 (GMT) Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 043EBB206B; Tue, 27 Jul 2021 19:07:30 +0000 (GMT) Received: from localhost.localdomain (unknown [9.2.130.16]) by b01ledav003.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 27 Jul 2021 19:07:29 +0000 (GMT) From: "Dov Murik" To: devel@edk2.groups.io Cc: Dov Murik , Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , Jim Cadden , James Bottomley , Hubertus Franke , Ard Biesheuvel , Jordan Justen , Ashish Kalra , Brijesh Singh , Erdem Aktas , Jiewen Yao , Min Xu , Tom Lendacky Subject: [PATCH v5 07/11] OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg Date: Tue, 27 Jul 2021 19:07:20 +0000 Message-Id: <20210727190724.3586867-8-dovmurik@linux.ibm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210727190724.3586867-1-dovmurik@linux.ibm.com> References: <20210727190724.3586867-1-dovmurik@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 9Qw7L_6KKKn3MEI71VKT6g6O7tf56J_J X-Proofpoint-ORIG-GUID: _-ZuUogxTBu4Q7waHz0KXp-3SMmHRNog X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.790 definitions=2021-07-27_13:2021-07-27,2021-07-27 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 priorityscore=1501 mlxscore=0 phishscore=0 spamscore=0 impostorscore=0 malwarescore=0 clxscore=1015 adultscore=0 bulkscore=0 lowpriorityscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2107270113 Content-Transfer-Encoding: quoted-printable In QemuKernelLoaderFsDxeEntrypoint we use FetchBlob to read the content of the kernel/initrd/cmdline from the QEMU fw_cfg interface. Insert a call to VerifyBlob after fetching to allow BlobVerifierLib implementations to add a verification step for these blobs. This will allow confidential computing OVMF builds to add verification mechanisms for these blobs that originate from an untrusted source (QEMU). The null implementation of BlobVerifierLib does nothing in VerifyBlob, and therefore no functional change is expected. Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457 Co-developed-by: James Bottomley Signed-off-by: James Bottomley Signed-off-by: Dov Murik Reviewed-by: Brijesh Singh Reviewed-by: Tom Lendacky --- OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPk= g/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c index c7ddd86f5c75..6832d563bcb0 100644 --- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c +++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c @@ -17,6 +17,7 @@ #include =0D #include =0D #include =0D +#include =0D #include =0D #include =0D #include =0D @@ -1039,6 +1040,14 @@ QemuKernelLoaderFsDxeEntrypoint ( if (EFI_ERROR (Status)) {=0D goto FreeBlobs;=0D }=0D + Status =3D VerifyBlob (=0D + CurrentBlob->Name,=0D + CurrentBlob->Data,=0D + CurrentBlob->Size=0D + );=0D + if (EFI_ERROR (Status)) {=0D + goto FreeBlobs;=0D + }=0D mTotalBlobBytes +=3D CurrentBlob->Size;=0D }=0D KernelBlob =3D &mKernelBlob[KernelBlobTypeKernel];=0D --=20 2.25.1