From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.74]) by mx.groups.io with SMTP id smtpd.web09.317.1626712691248169400 for ; Mon, 19 Jul 2021 09:38:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=S9bULBtF; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.74, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hd46Pm3wlnbyMRC0DZhfVBDUiXKH3M5b/j2rMeZi5TaLtIanJ982QKj8CWV+szwrhNJbiZmkHyWEblXNdTjsAhzkuf2nsWx1bD7tao11Si+x310Bof7gz6KxIm3Pmsh04HPJdbQSFW6iincZL2X+wFRuS/Rt800MYGBmyFC8qaQrsGwBpf6dcRUL2q9njVleXMXn379Zb+tDsp7c/Lni2mOyLHZNKYuqLD0rzj95gM11lGoA+7SSfGwNPpm5nAQRmfieEBQF+nq/GaDdeeK14ISbmE6tPUlN3GmcjaJVSh3gkY0MMElKkbsfRBOJPgcgAabMQUspNjRAwVknbIxGTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Mvqe9MSzxoA8fWY8igHY8rJYFCeDOCTgvaeeJiETLow=; b=HghFGQMl/HPYatuYNkVw/z/Er7qj9YNsQTsITPDi/aWut3mUMSMxDq/OysPhWo8HuUkQftFeenJULfQiY/5uR933Kplsulj/e/tLJOoyp+z2SeYZIWBkRU6cfN21zoavODamr/JGR4Ca0x0V6zEikPJ/KQJvR3QetxJXRhQaC8yNUFyDDOb0Sd6VMq5KVflzX2500B/70HrEcQq4fA4o+TrXWDRLYvOdlRnVH1XjbMSQWyDez9zSqzyTekPOZT0gNcrB5kV9hisZTJk5qHXnvWrcDRG6YBy/SAOIE+hBRWdwt/PNfJvUvuvI+1hOxJNioLSH7aykOgLU+sNl2SptHg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Mvqe9MSzxoA8fWY8igHY8rJYFCeDOCTgvaeeJiETLow=; b=S9bULBtFEERMRjzS8TBjjAUxN28wPtLR7nDUuz2o3Th5/Js278ofsr+fmy0src81U3K3LUmO8AVMRwDlhA/wv2PNk34duFTm+82D/eiJSsVyoGl7G8GTs6uU4YZsBYW09hMCfSWmFYOz6T8PZ+exoqSTfTAYzz6RAD5unJ6QgrM= Authentication-Results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by DM6PR12MB5565.namprd12.prod.outlook.com (2603:10b6:5:1b6::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.23; Mon, 19 Jul 2021 16:38:09 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::73:2581:970b:3208]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::73:2581:970b:3208%3]) with mapi id 15.20.4331.032; Mon, 19 Jul 2021 16:38:09 +0000 Subject: Re: [PATCH v2 09/11] OvmfPkg/AmdSev: reserve MEMFD space for for firmware config hashes To: Dov Murik , devel@edk2.groups.io Cc: Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , Jim Cadden , James Bottomley , Hubertus Franke , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Ashish Kalra , Brijesh Singh , Erdem Aktas , Jiewen Yao , Min Xu References: <20210706085501.1260662-1-dovmurik@linux.ibm.com> <20210706085501.1260662-10-dovmurik@linux.ibm.com> From: "Lendacky, Thomas" Message-ID: <2ad288ba-1a69-d449-523d-fc7e5ff8d102@amd.com> Date: Mon, 19 Jul 2021 11:38:06 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: <20210706085501.1260662-10-dovmurik@linux.ibm.com> X-ClientProxiedBy: SA0PR11CA0057.namprd11.prod.outlook.com (2603:10b6:806:d0::32) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.30.241] (165.204.77.1) by SA0PR11CA0057.namprd11.prod.outlook.com (2603:10b6:806:d0::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21 via Frontend Transport; Mon, 19 Jul 2021 16:38:08 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cf6d735f-cfb4-4042-049c-08d94ad3978b X-MS-TrafficTypeDiagnostic: DM6PR12MB5565: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4941; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lnEOlOJzTtvE/8Zm4uivYqxSmn+SVOd8AvcbVzME4GCuUCgGfmJiCkt3OlkBhBQHV+wIMtvNQIbnoenTdHdluBWucyoYUpxyEtoiH7z2qk5P378VcGBFP5bf9IT2Rkpx1Ra4yoQJXXoVPBXJZGh1Nm8TKd51YxKNbrcKiNYHXO3JLgx/ltMH7whsUe7jfPW56HEcPB3FI61YRYlshi+6XtgMgdEaHjGWNrE/HEA8ghFMKoip8ButGFOR7ldks/OqjvjdmhLOXIG/k0KsABRtG72Nj8MEDLND1EQyOBZMqKqGBlkfnv+jKYf1jIZ6W4Z9zOe20rFXzudjhYQAUOZkcPxE3kUqFyQdF/LMOCDS2Od6gh7Gkr1EMzpJ8byf7XHmm11pyp3R18nZg1a10lTCUyAXJl4GTlFcigihxcrksm86dlvmK8r+bqwjlOyGUCMZk1HY33PSz7g6rkPRlXmZh90u8lD9EyDZRq+YoPUE1dbApthHnlVzuqcDOVnlXYL/SwskUEMpagqzTqBena62x5sv69XNcVaDuVspvq7dXZpgmzrz+SY9KAVTDL7TKb5GeLTrxRUjAJnoMu7OfJRSFS5U54zH4MplUTGYunAGpam4XN/pMiz6xXwWPYf3F9gAZr+oWuAMfzO90krhvALPXVYD5Rvfp01QlXih4ftR4x9J5EO0FHxBloTPmSKVwTr4Rp+OTJV5XKxRo0rQv0HYNQD0EDXXJN+2DCi93N/1TWoC6ZYWK3AHv7YCOaeNLC8tHWG2rNLKmkAwAJEr7uy0DkEFEx2bksNKBRZe+/9PpWIUjQHgAPfTDfQjIYBZ7Ji7 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(376002)(346002)(366004)(39860400002)(396003)(31686004)(6486002)(26005)(66946007)(31696002)(36756003)(86362001)(66556008)(4326008)(66476007)(316002)(478600001)(38100700002)(186003)(5660300002)(16576012)(7416002)(2616005)(53546011)(8936002)(966005)(8676002)(2906002)(956004)(83380400001)(54906003)(19627235002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?OUFWYzlsU1p1NlBObTJOSElEbk9HT1c0STIybzgwa0RLeHFoMzBnRmwzMzAv?= =?utf-8?B?aitheis1Z01SQjMzY2tTNWFsRUFTdkJSNUFhM2w2Qy9QRjBHRUplQ05OSEov?= =?utf-8?B?TnpTNDdoSkF5S3dOUWM2MVFjdkhXSVQvOVAyRGhNdFE3Sk4vclZpUjNpTExZ?= =?utf-8?B?THp3SjJCbTlJQXowYUtKNWxCell0cHlhUUMweHUzeEp6NUg2QWIxMjRsR1Ni?= =?utf-8?B?S3BTTlFNZEdlaWUyQTdld25PK1ZWQlhCamsxRW9lRmpocmhiSVhyS3dUNUZH?= =?utf-8?B?OEhqMENCakFUOWQ0Y3puZGNEVkZCczZyZ2pNWjY0NGJkK2puaVdiN2MyYytP?= =?utf-8?B?Z01xY0dCQkR0OWVPUldiWEJpTVBRZThINzd3K1RsdWFoQWVoYWpvQmhCTkFP?= =?utf-8?B?cFk0bFgwWEN6NmsvNU5rWHE3VFBkRktnTk5BT3JsMmJlK2VMN283SnNXVTNo?= =?utf-8?B?dmNpejRad21ZQWhhVzY4TVQxSCtXMTlnb0xXaGlTTWo5V1RJNC9VK2ZQM0R5?= =?utf-8?B?c1JrQWxBL2NHUTNYSjJMN1c2SVU3ZXBoQlFIWC9qL3FCRkFQNmtHWDZ2OU5v?= =?utf-8?B?S3VSbnlRYWdPZGp2Qkd6TUJZbE5XNW9YbjNCRmxmcjdLc2JQazRkdVJNR2ly?= =?utf-8?B?cW9NdUk4bXVHaW5UQmliYmUxZjltNVpMR1o4S3dwb25ERlVqaDg5RHlNSjJS?= =?utf-8?B?N3greHZMd285Q1Bxa2FmZldUQXV3RnlJei8xWFNPaStPcWFQWmNISkdJNkN2?= =?utf-8?B?a2kxNUFobFE3eWswL1pQZGNGcDE4YkpPYVcrUHhyWkJ2NllPRTVmRkJYMHVC?= =?utf-8?B?cHY2cWt1Y0wyZzhUNkhsTkZIOERNaWFTbnQ0UDhZVWpvRE1EWDdDMWN2NDJZ?= =?utf-8?B?NFRSbEZRYjVrTFZGSW8zTnpVakx2Q2lZRnNtcWpud29CaDdlUVZYVTlxZ3Vs?= =?utf-8?B?NlNwRjhYRFdweXZkeElXWFVTanExc09ZaDhXa1dBMHMzMkZtYUxBT3hZeWxT?= =?utf-8?B?THpGenc3QVYzZThjb1ZpNVNzSGx0aWxkQU9UbFpaa3duemtMQldDc21UV0k0?= =?utf-8?B?MnhBZ0xqbkRJNnRBZDJrQk1yUVo2bVlPN0JUU0NEeHN3MnpJazJMaEUwZ21l?= =?utf-8?B?cllwekQ2Y0hXQzJVLzlFY0VDR1QrdHB6SXhkbDJtYmRuQms0M0hVbW1jcG1N?= =?utf-8?B?Slh4a1BJNGhtYUtPRGlGeWp6dU9IKzZCeGdJNmNDdDllNmdUNnl5YXd5RlpW?= =?utf-8?B?OURVNnp1WXAvS0FhcGxPalhTTkxueFJKY3dRV2VZdkw1Y1pCRTdxOUgrcFho?= =?utf-8?B?UkpZMWt5SC9qcy91Vm5zNDdFVUlTaFFkSWZwS1JoK0ZQQWw4Vk1TS2VhSTJ6?= =?utf-8?B?cHQwSUVITnByaDhNYm96UitOcWdhK0xZaXhRWDRaR2dFR2VHbEo3eTRZYkhZ?= =?utf-8?B?aUZLcDBOdHlhQmxRY3RHdUhLOXFBZG9jcVRsVW04aU9ORyticDVBNHdJUmdv?= =?utf-8?B?b2IvUStobUlCZmpIbXI0Y0dsVjZML1hmTFF4cVhuM05zVTk0eERoanR4Z0dB?= =?utf-8?B?MktxeEF0bVFJTmQ3ZUYvRnJSS3dRRnlZWHYwVGpSa1p0bXhDOWZyMWFsRmR0?= =?utf-8?B?akx0U280QkhPRHVja1ZtR1dMSVVteENwb3A1YnBvRzhrclc5QmRoMjd5NlFw?= =?utf-8?B?eHJMYlNDUm1WbXhGb255VEJtL1JZekxSRGdDQ0FXYS94ZWZLZ0ZwSUFBQlFN?= =?utf-8?Q?85UVJtH6tihgDm/SLlcYoW55xJCnnmRT9voFv01?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cf6d735f-cfb4-4042-049c-08d94ad3978b X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jul 2021 16:38:09.1577 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: iGP8qp+QnFdJbCsWLwQsuhLp4+CVDVJlwKB2H3RIu4Vb8UO8P5JJur5ehPCwJ7vLeDg0ba14bY9NOUKM+UNc3g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB5565 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 7/6/21 3:54 AM, Dov Murik wrote: > From: James Bottomley > > Split the existing 4KB page reserved for SEV launch secrets into two > parts: first 3KB for SEV launch secrets and last 1KB for firmware > config hashes. > > The area of the firmware config hashes will be attested (measured) by > the PSP and thus the untrusted VMM can't pass in different files from > what the guest owner allows. > > Declare this in the Reset Vector table using GUID > 7255371f-3a3b-4b04-927b-1da6efa8d454 and a uint32_t table of a base > and size value (similar to the structure used to declare the launch > secret block). > > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Cc: Jordan Justen > Cc: Ashish Kalra > Cc: Brijesh Singh > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Min Xu > Cc: Tom Lendacky > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 > Co-developed-by: Dov Murik > Signed-off-by: Dov Murik > Signed-off-by: James Bottomley Reviewed by: Tom Lendacky > --- > OvmfPkg/OvmfPkg.dec | 6 ++++++ > OvmfPkg/AmdSev/AmdSevX64.fdf | 5 ++++- > OvmfPkg/ResetVector/ResetVector.inf | 2 ++ > OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 20 ++++++++++++++++++++ > OvmfPkg/ResetVector/ResetVector.nasmb | 2 ++ > 5 files changed, 34 insertions(+), 1 deletion(-) > > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec > index f82228d69cc2..2ab27f0c73c2 100644 > --- a/OvmfPkg/OvmfPkg.dec > +++ b/OvmfPkg/OvmfPkg.dec > @@ -324,6 +324,12 @@ [PcdsFixedAtBuild] > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42 > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43 > > + ## The base address and size of a hash table confirming allowed > + # parameters to be passed in via the Qemu firmware configuration > + # device > + gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|0x0|UINT32|0x47 > + gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize|0x0|UINT32|0x48 > + > [PcdsDynamic, PcdsDynamicEx] > gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 > diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf > index 9977b0f00a18..0a89749700c3 100644 > --- a/OvmfPkg/AmdSev/AmdSevX64.fdf > +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf > @@ -59,9 +59,12 @@ [FD.MEMFD] > 0x00B000|0x001000 > gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize > > -0x00C000|0x001000 > +0x00C000|0x000C00 > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize > > +0x00CC00|0x000400 > +gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize > + > 0x00D000|0x001000 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize > > diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/ResetVector.inf > index dc38f68919cd..d028c92d8cfa 100644 > --- a/OvmfPkg/ResetVector/ResetVector.inf > +++ b/OvmfPkg/ResetVector/ResetVector.inf > @@ -47,3 +47,5 @@ [Pcd] > [FixedPcd] > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize > + gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase > + gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize > diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > index 9c0b5853a46f..7ec3c6e980c3 100644 > --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > @@ -47,7 +47,27 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart + 15) % 16)) DB 0 > ; > guidedStructureStart: > > +; SEV Hash Table Block > ; > +; This describes the guest ram area where the hypervisor should > +; install a table describing the hashes of certain firmware configuration > +; device files that would otherwise be passed in unchecked. The current > +; use is for the kernel, initrd and command line values, but others may be > +; added. The data format is: > +; > +; base physical address (32 bit word) > +; table length (32 bit word) > +; > +; GUID (SEV FW config hash block): 7255371f-3a3b-4b04-927b-1da6efa8d454 > +; > +sevFwHashBlockStart: > + DD SEV_FW_HASH_BLOCK_BASE > + DD SEV_FW_HASH_BLOCK_SIZE > + DW sevFwHashBlockEnd - sevFwHashBlockStart > + DB 0x1f, 0x37, 0x55, 0x72, 0x3b, 0x3a, 0x04, 0x4b > + DB 0x92, 0x7b, 0x1d, 0xa6, 0xef, 0xa8, 0xd4, 0x54 > +sevFwHashBlockEnd: > + > ; SEV Secret block > ; > ; This describes the guest ram area where the hypervisor should > diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb > index 5fbacaed5f9d..8d0bab02f8cb 100644 > --- a/OvmfPkg/ResetVector/ResetVector.nasmb > +++ b/OvmfPkg/ResetVector/ResetVector.nasmb > @@ -88,5 +88,7 @@ > %define SEV_ES_AP_RESET_IP FixedPcdGet32 (PcdSevEsWorkAreaBase) > %define SEV_LAUNCH_SECRET_BASE FixedPcdGet32 (PcdSevLaunchSecretBase) > %define SEV_LAUNCH_SECRET_SIZE FixedPcdGet32 (PcdSevLaunchSecretSize) > + %define SEV_FW_HASH_BLOCK_BASE FixedPcdGet32 (PcdQemuHashTableBase) > + %define SEV_FW_HASH_BLOCK_SIZE FixedPcdGet32 (PcdQemuHashTableSize) > %include "Ia16/ResetVectorVtf0.asm" > >