From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+119725+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 018A5941E29
	for <rebecca@openfw.io>; Thu, 27 Jun 2024 22:42:31 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=E/5b+UnlcjozhBGvx5KqBZrhzWI2ElkCTs/8hRDe8p4=;
 c=relaxed/simple; d=groups.io;
 h=Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20240206; t=1719528151; v=1;
 b=AZ8ZJfBUz7ERCFCollKN+81yww7W8uNd0Z1Q10gOPobUQEyzJHS2LRCx3ngK4BP+CWyeVeCD
 XCBDt99OWj0vo6IrKqhK0POi1KtUdYVOPbZJTaLP2yYylXfhX/OaYn4qny6zXRQoLBFzAYOaSWz
 gIQnAnjVCkxSYgdWgAf2ghakpYIFjapTUe88FE3o88RLSIfSLO5Hov1aK5MvjQsmcWAV4NDfnNT
 mNe2Y1tcBNl0A78aPciNRIS1UW1xphTB0kMlfrIUrXumzjwydvdWS7Q7gLKLs3T62V+fY7SteBR
 wlYME5XEUZvDOquuiRNwlbuDHH8CHJi+usJ0D7l0wIbOQ==
X-Received: by 127.0.0.2 with SMTP id HFIIYY7687511x8RGQMfO6d6; Thu, 27 Jun 2024 15:42:30 -0700
X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web11.33280.1719422064640577759
 for <devel@edk2.groups.io>;
 Wed, 26 Jun 2024 10:14:24 -0700
X-Received: from pps.filterd (m0356517.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 45QEwmNM020546;
	Wed, 26 Jun 2024 17:14:22 GMT
X-Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 400n7f0eqm-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 26 Jun 2024 17:14:22 +0000 (GMT)
X-Received: from m0356517.ppops.net (m0356517.ppops.net [127.0.0.1])
	by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 45QHEMsZ009605;
	Wed, 26 Jun 2024 17:14:22 GMT
X-Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220])
	by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 400n7f0eqh-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 26 Jun 2024 17:14:21 +0000 (GMT)
X-Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1])
	by ppma12.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 45QH4ZkM018131;
	Wed, 26 Jun 2024 17:14:21 GMT
X-Received: from smtprelay02.wdc07v.mail.ibm.com ([172.16.1.69])
	by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 3yx8xue13d-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 26 Jun 2024 17:14:21 +0000
X-Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100])
	by smtprelay02.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 45QHEIRa29033108
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Wed, 26 Jun 2024 17:14:20 GMT
X-Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 06F5158059;
	Wed, 26 Jun 2024 17:14:18 +0000 (GMT)
X-Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 85E4258058;
	Wed, 26 Jun 2024 17:14:17 +0000 (GMT)
X-Received: from [9.61.188.3] (unknown [9.61.188.3])
	by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTPS;
	Wed, 26 Jun 2024 17:14:17 +0000 (GMT)
Message-ID: <323c3d5f-a00e-4ab1-896e-673998275116@linux.ibm.com>
Date: Wed, 26 Jun 2024 13:14:16 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [edk2-devel] [PATCH 0/2] AmdSev: Harden SEV Kernel hashes verifier
To: "Aithal, Srikanth" <sraithal@amd.com>, devel@edk2.groups.io
Cc: dov.murik@gmail.com, james.bottomley@hansenpartnership.com,
        thomas.lendacky@amd.com, tobin@ibm.com
References: <cover.1715024059.git.tobin@linux.ibm.com>
 <5618d3f0-827f-49f4-b1a7-6a47fac50550@amd.com>
 <dcbad600-31f6-428e-ad93-1e305452e66f@linux.ibm.com>
 <b8e606d9-fe05-46ff-945e-fcdce148efae@amd.com>
From: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
In-Reply-To: <b8e606d9-fe05-46ff-945e-fcdce148efae@amd.com>
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: gf8Ls4UhA1f5Viy7Gv5NWbQxcgZAcT5A
X-Proofpoint-ORIG-GUID: GgdOen8qAUa6yl_S97Gr9JLte2YYDAMU
X-MIME-Autoconverted: from 8bit to quoted-printable by mx0a-001b2d01.pphosted.com id 45QEwmNM020546
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Thu, 27 Jun 2024 15:42:29 -0700
Resent-From: tobin@linux.ibm.com
Reply-To: devel@edk2.groups.io,tobin@linux.ibm.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: XWQN0bLHVGdpNLGAYGiQce5nx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=AZ8ZJfBU;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=ibm.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io



On 6/26/24 10:33 AM, Aithal, Srikanth wrote:
>=20
> On 6/26/2024 7:28 PM, Tobin Feldman-Fitzthum wrote:
>>
>>
>> On 6/26/24 4:08 AM, Aithal, Srikanth wrote:
>>> Hello, SEV/SEVES guest boot fails with AMDSEV OVMF package built=20
>>> using upstream edk2 master [commit head:=20
>>> 2fbaaa96d11ad61a9133df1728e3fe965d1457a5]. SEV/SEVES guest boot with=20
>>> AMDSEV package gets stuck at below point: Plain Text 2024-06-26 04:=20
>>> =E2=80=8A38: =E2=80=8A02:=E2=80=8A
>>>
>>>
>>> Hello,
>>>
>>> SEV/SEVES guest boot fails with AMDSEV OVMF package built using=20
>>> upstream edk2 master [commit=20
>>> head:=C2=A02fbaaa96d11ad61a9133df1728e3fe965d1457a5].
>>>
>>> SEV/SEVES guest boot with AMDSEV package gets stuck at below point:
>>>
>>> Plain Text
>>>
>>> |2024-06-26 04:38:02: FetchBlob: loading 14332416 bytes for "kernel"=20
>>> 2024-06-26 04:38:02: Select Item: 0x18 2024-06-26 04:38:02: Select=20
>>> Item: 0x11 2024-06-26 04:38:02: VerifyBlob: Found GUID=20
>>> 4DE79437-ABD2-427F-B835-D5B172D2045B in table 2024-06-26 04:38:02:=20
>>> VerifyBlob: Hash comparison succeeded for "kernel" 2024-06-26=20
>>> 04:38:02: Select Item: 0xB 2024-06-26 04:38:02: VerifyBlob: Found=20
>>> GUID 44BAF731-3A2F-4BD7-9AF1-41E29169781D in table 2024-06-26=20
>>> 04:38:02: VerifyBlob: Blob Specified in Hash Table was not Provided=20
>>> --> Hung here |
>>>
>> Can you send qemu command that produces this case?
>> It looks like what is happening is that the initrd is specified in the=
=20
>> hash table, but is not provided to the guest.
>> You might try with and without the -initrd option and compare.
>> It's possible that when -initrd is not provided, QEMU will still put=20
>> something in the table, which this patch might not account for.
>>
>> -Tobin
> my qemu command line to recreate the issue:
>=20
> qemu-system-x86_64 \
> -machine q35,confidential-guest-support=3Dsev0,vmport=3Doff \
> -object sev-guest,id=3Dsev0,cbitpos=3D51,reduced-phys-bits=3D1,kernel-has=
hes=3Don \
> -name guest=3Dvm,debug-threads=3Don \
> -drive=20
> if=3Dpflash,format=3Draw,unit=3D0,file=3D/VT_BUILD/OVMF_AmdSev/OVMF.fd,re=
adonly \
> -cpu host \
> -m 4096 \
> -kernel '/VT_BUILD/usr/local/bzImage' \
> -append 'root=3D/dev/sda rw console=3DttyS0,115200n8=20
> earlyprintk=3DttyS0,115200 net.ifnames=3D0 biosdevname=3D0 movable_node=
=20
> swiotlb=3D65536' \
> -smp 1,cores=3D1,threads=3D1,dies=3D1,sockets=3D1 \
> -drive=20
> file=3D/VT_BUILD/images/22.04-server.qcow2,index=3D0,media=3Ddisk,format=
=3Dqcow2 \
> --enable-kvm \
> --nographic
>=20
>=20
> Yes, if I pass -initrd explicitly the Hash verify step passes properly
>=20
> FetchBlob: loading 14332416 bytes for "kernel"
> Select Item: 0x18
> Select Item: 0x11
> VerifyBlob: Found GUID 4DE79437-ABD2-427F-B835-D5B172D2045B in table
> VerifyBlob: Hash comparison succeeded for "kernel"
> Select Item: 0xB
> FetchBlob: loading 75379943 bytes for "initrd"
> Select Item: 0x12
> VerifyBlob: Found GUID 44BAF731-3A2F-4BD7-9AF1-41E29169781D in table
> VerifyBlob: Hash comparison succeeded for "initrd"
> Select Item: 0x14
> FetchBlob: loading 120 bytes for "cmdline"
> Select Item: 0x15
> VerifyBlob: Found GUID 97D02DD8-BD20-4C94-AA78-E7714D36AB2A in table
> VerifyBlob: Hash comparison succeeded for "cmdline"
>=20
Ok, I'll submit a little tweak this afternoon that should fix your case.

-Tobin
>>> This was working until yesterday [commit head: be38c01], where we can=
=20
>>> see boot was proceeding
>>>
>>> Plain Text
>>>
>>> |2024-06-25 03:13:23: VerifyBlob: Found GUID=20
>>> 4DE79437-ABD2-427F-B835-D5B172D2045B in table 2024-06-25 03:13:23:=20
>>> VerifyBlob: Hash comparison succeeded for "kernel" 2024-06-25=20
>>> 03:13:23: Select Item: 0xB 2024-06-25 03:13:23: VerifyBlob: Found=20
>>> GUID 44BAF731-3A2F-4BD7-9AF1-41E29169781D in table 2024-06-25=20
>>> 03:13:23: VerifyBlob: Hash comparison succeeded for "initrd"=20
>>> 2024-06-25 03:13:23: Select Item: 0x14 2024-06-25 03:13:23:=20
>>> FetchBlob: loading 120 bytes for "cmdline" 2024-06-25 03:13:23:=20
>>> Select Item: 0x15 2024-06-25 03:13:23: VerifyBlob: Found GUID=20
>>> 97D02DD8-BD20-4C94-AA78-E7714D36AB2A in table 2024-06-25 03:13:23:=20
>>> VerifyBlob: Hash comparison succeeded for "cmdline"|
>>>
>>>
>>> After this patch got merged the regression is seen.
>>>
>>> Thanks,
>>>
>>> Srikanth Aithal
>>>
>>>
>>> On 5/7/2024 1:57 AM, Tobin Feldman-Fitzthum via groups.io wrote:
>>>> The AmdSev package has a so-called BlobVerifier, which
>>>> is meant to extend the TCB of a confidential guest
>>>> (SEV or SNP) to include components provided via fw_cfg
>>>> such as initrd, kernel, kernel params.
>>>>
>>>> This series fixes a few implementation errors in the
>>>> blob verifier. One common theme is that the verifier
>>>> currently fails to halt the boot when an invalid blob
>>>> is detected. This can lead to a confidential guest
>>>> having a launch measurement that does not reflect the
>>>> guest TCB.
>>>>
>>>> This series could also help us move towards consolidating
>>>> the AmdSev package back into the OvmfPkg although more
>>>> discussion will be needed on this.
>>>>
>>>> Thank you for Ryan Savino at AMD for pointing out
>>>> some of these issues.
>>>>
>>>> Tobin Feldman-Fitzthum (2):
>>>> =C2=A0=C2=A0 AmdSev: Rework Blob Verifier
>>>> =C2=A0=C2=A0 AmdSev: Halt on failed blob allocation
>>>>
>>>> =C2=A0 .../BlobVerifierSevHashes.c=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 | =
56=20
>>>> ++++++++++++++++---
>>>> =C2=A0 OvmfPkg/Include/Library/BlobVerifierLib.h=C2=A0=C2=A0=C2=A0=C2=
=A0 | 14 +++--
>>>> =C2=A0 .../BlobVerifierLibNull/BlobVerifierNull.c=C2=A0=C2=A0=C2=A0 | =
13 +++--
>>>> =C2=A0 .../QemuKernelLoaderFsDxe.c=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=
=C2=A0 9 ++-
>>>> =C2=A0 4 files changed, 69 insertions(+), 23 deletions(-)
>>>>


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119725): https://edk2.groups.io/g/devel/message/119725
Mute This Topic: https://groups.io/mt/105977013/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-