From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.84]) by mx.groups.io with SMTP id smtpd.web12.29464.1626707977299074510 for ; Mon, 19 Jul 2021 08:19:37 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=2kee9Q/H; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.84, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z9AQDebnZQdEpKeNqbGIqtFS2CtqhF23htN6pVou2piT3lkM4LJKqAMZu6Ae22fOdZR70mApk8vHDJzFG9nWSrr/E6iVu1Y+HhQEiyL02IpTWQY4AvQRR+Bj7mt4XcBWiPbv+/57JfTRevy0h6nc3VmhPA+K4QeMHBK6HekwWLcKTWxFeTyxeRz69Vq+TQds2iLEmrTV3ly+EdZtokyuoTeTaQLhy+2okPj1MhGDjrUZ9r+4d6RKn0dQMijlD4hgxj7hDeJSAhA90/gJbrbsaBdCLiDEl6kWyJjOra98j7D9ZUP8w46doQ+Q2iQ/2yiesG1o7ywyZMafXM8KcM4XwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H/QGttWRy4RTKrAD6pE7f+PJAknAJvpNVgSEdLgJ+ts=; b=f3W28a+HsIXyxWDA65Th5qGVSo+XkUW2vpLiLki46O5mmWbirnzKQ5Zy5gwL01Tz+pgSApQp8OA5imlySmQlddrVmzeSNvDzP38Ga21wRJaFb+nSGISCZSOP+YZrxtqpFP7lg8EvTuAqy+kg7luF0w4iiSukLjY48Qag2lNvGgyS34CG7J2unH/087aWSvHg63qzrUNJYX7xng3TOrEkxfy/wevMo1FKkyZn3OKQQPKwIwcDuD/ailjEKr90ROpbmEz6XsMcwjvQqNQ7PPMxpfrFA/qiKl6EX4za0AnY0tpo5s5W6JIfLcqyVB8jBUWDTXRvySnUBQRC/Zda+PzVaA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H/QGttWRy4RTKrAD6pE7f+PJAknAJvpNVgSEdLgJ+ts=; b=2kee9Q/HjTRq498n1IVzfUEtys7MGlP8M7C+qOwLKe2v/kotfVsho/j0b1YlsYmGBG2iEgnxyKfl9whWRcG+lIUB2PVcgbeou2vi1joOFeML4GVKR4LT6qEOcOWlbM33y2zsWcn1IjfbLOGtXCImiSz3ftQr/c4ciWZ+jQPuB10= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21; Mon, 19 Jul 2021 15:19:35 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4331.033; Mon, 19 Jul 2021 15:19:35 +0000 Cc: brijesh.singh@amd.com, Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , Jim Cadden , James Bottomley , Hubertus Franke , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Ashish Kalra , Erdem Aktas , Jiewen Yao , Min Xu , Tom Lendacky Subject: Re: [PATCH v2 07/11] OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg To: Dov Murik , devel@edk2.groups.io References: <20210706085501.1260662-1-dovmurik@linux.ibm.com> <20210706085501.1260662-8-dovmurik@linux.ibm.com> <02974eb3-d919-f147-10f8-605ca7c152cb@amd.com> From: "Brijesh Singh" Message-ID: <440f919c-7360-936c-ecbf-ead7b06e9ea4@amd.com> Date: Mon, 19 Jul 2021 10:19:33 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: X-ClientProxiedBy: SA0PR11CA0065.namprd11.prod.outlook.com (2603:10b6:806:d2::10) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.31.95] (165.204.77.1) by SA0PR11CA0065.namprd11.prod.outlook.com (2603:10b6:806:d2::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.24 via Frontend Transport; Mon, 19 Jul 2021 15:19:35 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 35996094-5042-4bfa-682a-08d94ac89e0c X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: KJ0ZgERUuQRYZOKxddELz8fV0W0XLQfZvjXuE+C201EkYMPzMVDkplrOHOFVgrmJpCkaHF5mZmd7A29FrS7Wjf9Ubkw0wcMCPvbKQ1UdiGeGfRW0ItMueeyKnScyhRqPBXbr7/lLtgBJdbEhckj3mDUmmevPxuUQ5cCovJwMvn7+onm67ALy3CXvTzH6Zq0SD2fJrPCJ95VIn+NTgi4FRBBwmRBFkVmG10pqUC+jo87oVRd9Gg1j1B4XdMm2xXAW/cmqG4j+m+CU2TKXAwMvl6Jw1vzfeTsq14+uP1oSnPSbmXue7n7uuarNDALdwnmHPJZ2bePDfMtz1G874YqzYya2S+H7dsgvFOW5wlOwhzjCqlYFr1Y7esdceuPgOh9FKQjmCSCuoUcUC0659Dg3XnwyFdkH46YdI3qSfKqJYYXNx68O9edGS5GSIOV6uBrZEsHTv9hFycWa3Ije/45Cgeih7ahBFy7XXTwffbaUyTfZLe0s9hR4boBvUT4ngNH7qvwbcDylZG5X1at1VdZjggxseR6aVjCmMBkzTgohX4F+1kBOykfQ/Wph9sODEP7wHtg5NxRSo+ckVVeRWu/jMNexDCY9xH3gVTguDupbKMPkLrIV5nO/u4enMUjngohGU5Yw5iRJEzl4nCXWGq/G1sYumJKRGLbGO723PJhQne+Km/DTFqDukdqKbEQqgL0ZxFy6kiTU36PgibJGwuDLOW2nNK2Zy7njYgvG/rSRueLi7tcDax7dZDVA6aNGsLE+te1H8kIkvmtJFjWgJj5dig== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(39860400002)(396003)(346002)(366004)(376002)(136003)(66476007)(31686004)(66556008)(16576012)(8936002)(7416002)(6486002)(66946007)(36756003)(4326008)(52116002)(38350700002)(38100700002)(316002)(53546011)(478600001)(31696002)(5660300002)(15650500001)(2906002)(186003)(83380400001)(26005)(44832011)(54906003)(2616005)(86362001)(956004)(8676002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?NDAzT2VudEJUdWpJMXpnY1RBSXBMOG1yK3JnRWxLWXR5cjZUaDM0bC90TE9K?= =?utf-8?B?V0RyZDJrcmR3MFY0Ull5SStVelhkaURTM29nQ29sRGZSa2FobE5mdDQ5ME9s?= =?utf-8?B?aDJMNFF1M3V4OXV5djFuZ1IzeXJUTDBFR1FWbDVRVXl1YU1QYnM2RnlUUWl2?= =?utf-8?B?STg3dGZYNzVTa0hDR2hMSTFjTkpocWFhQUtJZ05SZEF2ellZcXN1dUErS09m?= =?utf-8?B?bXh1Ym11TkVDckJlQ1krMVFNZURHMmtPVFlKeVZwRzhvVlJnT2ZNSEpPL3Zw?= =?utf-8?B?T2N4RUNVRnBQS0lOT1F0eU1laVdoVEU5WjdUVklJdHh5TWtwT1JlVUpCc0hY?= =?utf-8?B?bWxCVDlCL3pzTW90RnJSQTM5UmwyazZNbENOSzhPSDJqYUhZR2VkT3FIUGJa?= =?utf-8?B?dlpCUFQ1OEV4NHR4OVgxUG1ISWZReXJsT0xjbVhxZmZNZlJncUdYR1YvN2pK?= =?utf-8?B?Z1VMRCttTG1iN093SURsQ1Q1Q05tNUxnWWtLSzRJNEQyZXplV1cwYjVYT0J0?= =?utf-8?B?d0x5NU1nK0Q0cklEY2hKRkdQb0Qxb1hsQldGUm11blhpcXFXYUplK25vNndH?= =?utf-8?B?K3pjNVRhUlF6M2J5bURqUXhsM0xHd0p5eG95WExtc1NLWGJuUUhSSVlMNUph?= =?utf-8?B?b21OMlFSZ0x5MXJHcStCbTNjN3d5MFZEWUJVUFIxbXRPTGRrRHlkeGkwZHEz?= =?utf-8?B?dktBdmVWemo5QklNTkJCc2hDdWRWdWRqS1c5RGVHdXZVOEdMSyttUno3b2tV?= =?utf-8?B?NXdqQVNuY1dGR0NvVnZIQ3BnY0pqbHpLZE96b21RcVpheGVvTWxSYm5PSU80?= =?utf-8?B?dTZGdGlnMTJnaG8vMTRESlRIbUFjM3ZQNG80ckZMU2RCRjZrTS8yYjFhMnl1?= =?utf-8?B?TFBNZXRWQnFhL01mYUQ1YjFBazluVytIUmx5cUtUK1dCNHZ3ak9mdm1MdDJR?= =?utf-8?B?RzFXSjdjVzdoNVRzWGZ4aFZ0U0RpWmJoZ0RIVSs4U3VlU3djY3JUSnNsWFdp?= =?utf-8?B?Mmw3VDM3cmliUWZ2eTFsbFp2bEFYYUJaZXJnSVFRclRZWEwveVBIdGd3S3k4?= =?utf-8?B?eGdNaHVFbXYwRFVCYkQ3QzNTeUF3WURHQWpRdFZzL25sNEVHbDNJQzdvY0hn?= =?utf-8?B?UGZWUDBrckFMQSsrd3NaK0UybENhWGJ6WWgrOTBqdVVkbUJLN29hMzBndEU0?= =?utf-8?B?VGVLeUFvNXlUd3BnUE5IeElNRGN6dHQ5MENnM1FkRmNhMGljYWNkVkZaTkdB?= =?utf-8?B?OGEwdkIyZ2tINTE5c05WSVFiNHo1NVJwQlZRemFkc3N2elM1OXJkbFBVSHJ6?= =?utf-8?B?V2xpTTV1ZDdTU1loaGRXS2NXMHVld0xoSGxtQkxHaVFOd2J2MVg1ckJpVmYw?= =?utf-8?B?Ui90VW14bVNlanZ2SGhKVXMyZXE3SjdtSGw3Tk1iN2xNajhuY0R3Z1YyQjdO?= =?utf-8?B?K3g0M2JTQytPVGlGODdqbDhqa2toNlJYaVJCYi8vemdTbk5jb2R1Q3VRejRM?= =?utf-8?B?Rno0N1ZYMnlBdnlGQm4xQ2w3T3ovYTRFOHQxTFRHa2Y4YTBuK2Rxb1NhWk9q?= =?utf-8?B?ZlZxYkt4bGM5ekNlb0JsTjFqSnFqamxKTmJmYzJpc0o5U0tEajNBWUx6aHRq?= =?utf-8?B?dmdzeUt1OUVnU0l1dW9vbzJ5NnljVGpkOWxWTE5kWDI4Rk5RS0FWMzkvMVJ4?= =?utf-8?B?cEpqZ2o4L25RcTZCM3oxdFhQV3VjQ29nT1pMazE4S0xlcHZ2UWxyTytTRVVK?= =?utf-8?Q?DOll4UtkBUrgLja+5OpW7r3PZcUWOKafWxNyMG2?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 35996094-5042-4bfa-682a-08d94ac89e0c X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jul 2021 15:19:35.6093 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 9GP/P3pYBRVdLSyAQtOq38oPvdysHt4/vWiNMJjFN6dwSlRVmwMQ5TYTxLlBlfNrcIo0xvc7NeX7Asxz1eS5xA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 7/19/21 7:22 AM, Dov Murik wrote: >> The patch itself is okay. Just curious, do we also need to add a >> verification for the QEMU FW cfg file ? >> > > I don't really understand. This patch adds the VerifyBlob() call on > blobs that were read by FetchBlob(), which in turn reads the contents of > kernel/initrd/cmdline from QEMU FW cfg (using QemuFwCfgReadBytes for > example). > > We currently *don't* add verification for all other FW cfg settings, > like number of CPUs, E820 memory entries, ... similar to what we (don't) > do in SEV boot with encrypted root image (in which only OVMF is measured). > > What else do you think we should verify? > As I understand that your series is attempting to add more security checks in the SEV boot sequence; i.e. after this series is merged, we can verify the kernel,cmdline and initrd passed through qemu. But there are several other configuration parameters (such as e820, acpi) that gets passed by the qemu and consumed by the ovmf. Are you considering to add the checks to cover those blobs in the future series? To me it seems that the framework built here can be extended to cover those as well. Reviewed-by: Brijesh Singh thanks!