From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 4A4E121E70D3F for ; Tue, 29 Aug 2017 13:44:23 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A3D2B8535D; Tue, 29 Aug 2017 20:47:03 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com A3D2B8535D Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=lersek@redhat.com Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-166.phx2.redhat.com [10.3.116.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id A5DDE692A9; Tue, 29 Aug 2017 20:47:02 +0000 (UTC) To: Brijesh Singh , edk2-devel-01 Cc: Jordan Justen , Tom Lendacky References: <20170828123928.14627-1-lersek@redhat.com> <20170828123928.14627-2-lersek@redhat.com> <0d02d683-d124-0e55-ea29-073708dc2ca9@amd.com> From: Laszlo Ersek Message-ID: <23215854-3274-bb55-b80b-2d557577813b@redhat.com> Date: Tue, 29 Aug 2017 22:47:01 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <0d02d683-d124-0e55-ea29-073708dc2ca9@amd.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 29 Aug 2017 20:47:03 +0000 (UTC) Subject: Re: [PATCH 1/1] OvmfPkg/QemuFwCfgDxeLib: SEV: zero FW_CFG_DMA_ACCESS before decrypting it X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Aug 2017 20:44:23 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit On 08/29/17 16:02, Brijesh Singh wrote: > > > On 08/28/2017 07:39 AM, Laszlo Ersek wrote: >> There's a small window between >> >> - AllocFwCfgDmaAccessBuffer() mapping the new FW_CFG_DMA_ACCESS object >> for >>    common buffer operation (i.e., decrypting it), and >> >> - InternalQemuFwCfgDmaBytes() setting the fields of the object. >> >> In this window, earlier garbage in the object is "leaked" to the >> hypervisor. So zero the object before we decrypt it. >> >> (This commit message references AMD SEV directly, because QemuFwCfgDxeLib >> is not *generally* enabled for IOMMU operation just yet, unlike our goal >> for the virtio infrastructure. Instead, QemuFwCfgDxeLib uses >> MemEncryptSevLib explicitly to detect SEV, and then relies on IOMMU >> protocol behavior that is specific to SEV. At this point, this is by >> design.) >> >> Cc: Brijesh Singh >> Cc: Jordan Justen >> Cc: Tom Lendacky >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Laszlo Ersek > > > Reviewed-by: Brijesh Singh Thank you guys for the reviews, pushed as commit d431d8339e8b. Laszlo