From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web09.1509.1630386793710354387 for ; Mon, 30 Aug 2021 22:13:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SysnVQYE; spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: kraxel@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1630386792; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Zfu2dG2gHS2H3x8OVBS5GuH3MCWW5y7kQFpsd5yemHI=; b=SysnVQYEt+cSwJ6NiiuWFiCANMEp5g9Je0mNoFPi9ycOdwHx1mUlmk27WsL4YOkEYPY3Gx umYFjp9vLnzdE0OotbUK9rygPALhuCdSXKayuMKQatERsFNQuHxIslh9UvM8HGAsDwWf+h a85+32EFne0vnqIo0VxHAyI/1h+Qdis= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-367-2BkbCfnFNcqBG_qPJ7FaHA-1; Tue, 31 Aug 2021 01:13:08 -0400 X-MC-Unique: 2BkbCfnFNcqBG_qPJ7FaHA-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 38D07100806D; Tue, 31 Aug 2021 05:13:07 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.91]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CE18C27C5F; Tue, 31 Aug 2021 05:13:06 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 31F681800936; Tue, 31 Aug 2021 07:13:05 +0200 (CEST) Date: Tue, 31 Aug 2021 07:13:05 +0200 From: "Gerd Hoffmann" To: devel@edk2.groups.io, min.m.xu@intel.com Cc: Ard Biesheuvel , "Justen, Jordan L" , Brijesh Singh , Erdem Aktas , James Bottomley , "Yao, Jiewen" , Tom Lendacky Subject: Re: [edk2-devel] [PATCH V5 1/2] OvmfPkg: Introduce Tdx BFV/CFV PCDs and PcdOvmfImageSizeInKb Message-ID: <20210831051305.dhqvsh4jzqekmjly@sirius.home.kraxel.org> References: <77440edd1e175207dffcaaa052ce26ae71e6c66c.1630289827.git.min.m.xu@intel.com> <20210830070339.u47qq3g7hb4rq3xc@sirius.home.kraxel.org> MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, > > From a security point of view I don't think it is a good idea to hard code any > > assumptions about the layout of the vars volume. > Do you mean I cannot assume the layout of VarStore? > At least in Ovmf the VarStore.fdf.inc defines the layout of VarStore like below. What prevents an attacker from creating a varstore with a different layout? Place the variables at the end of the file, which isn't measured (because you assume it is the spare part), then being able to change variables without the guest noticing? take care, Gerd