From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.57]) by mx.groups.io with SMTP id smtpd.web10.1095.1626805495514205066 for ; Tue, 20 Jul 2021 11:24:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=C9wBCljM; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.93.57, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DHEPtIB87yuKReyjo1U87+QlL0nohpAirCQXadd3kqlke+EmGkdWPj1WcGGDWiKi56YIpp4QUWSPhFzpgaN4OErWXKNMEiD4G06MVXjep04WZOkD6FbgP/ySjpqENpedjhlSlHDFcEMBmpj7A8ZbZ/aTPusbaAKtZ+JxJli1uN6GIzguraEQmXcJmfv3vrDNdQo0Xa7/kx0IDTt9+5wAp2Jf/x5jczGM5W+6A3GHzweiM8xhlQbFGa/iSrzIXk8SJzcb97qUfilZg4QYMIWJnutDxzY4wxk/oCpSnJbGYw1EUi0OYxTTVx+soS1g8OviQqS3hT3RKQAlBJbMwSrDAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/GBCwebSPszuCTMxEhknUquUs+g1Hs1JADktOkh3dmY=; b=D1ixrK76mSftlU67qkQMCqhO0Q1wBALkPqkPFww/mbwG7mRlGC1g0QFlAR8iOGjnybw9U3zvF4FHIpwD8sExnRjSnUbju31WyXUvOoJ3iCV1qrhUtnV7ySuTXUKGBeIUrBp7izB5Clt4JdbtwV/NyW39kKJM+aWT7S3PS55NRUCGxR3ch1riQheBWS/PGu5YEDmww5KOUF55Y5qaRzRD8dx27NKPgQeiz6X5ViITb8jmsXRSDNK0N2W6+5nQ+nLCMjYMmt52mtyxB2B6d285r4BJGQliHWdQBkjAzJtZOhLYcyre9bB0mA6oSZ4VfO37D8xjFY3pEAcEU4xGNR6/xg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/GBCwebSPszuCTMxEhknUquUs+g1Hs1JADktOkh3dmY=; b=C9wBCljMVv1yv4HQ638zs6iGiUDTb3zmyLciq/hwnI3PzYWvH/PME+lHWf1jXi3FnCux4gmmEBbQBKK4v9if8FU2SbhPiSarqwXABkRX23e0AlFC4Ho9q23zxs3/2u+8pISQUdh3bh7WDzNOcQCVH6FdJQsBcY/P0PVdapWdNtg= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2768.namprd12.prod.outlook.com (2603:10b6:805:72::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21; Tue, 20 Jul 2021 18:24:53 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4331.034; Tue, 20 Jul 2021 18:24:53 +0000 Cc: brijesh.singh@amd.com, Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , Jim Cadden , James Bottomley , Hubertus Franke , Ard Biesheuvel , Jordan Justen , Ashish Kalra , Erdem Aktas , Jiewen Yao , Min Xu , Tom Lendacky Subject: Re: [PATCH v3 10/11] OvmfPkg: add BlobVerifierLibSevHashes To: Dov Murik , devel@edk2.groups.io References: <20210720080401.3662854-1-dovmurik@linux.ibm.com> <20210720080401.3662854-11-dovmurik@linux.ibm.com> From: "Brijesh Singh" Message-ID: <55c4a256-e55b-02ed-c45b-6dd8476ddf1f@amd.com> Date: Tue, 20 Jul 2021 13:24:51 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: <20210720080401.3662854-11-dovmurik@linux.ibm.com> X-ClientProxiedBy: SA0PR11CA0078.namprd11.prod.outlook.com (2603:10b6:806:d2::23) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.31.95] (165.204.77.1) by SA0PR11CA0078.namprd11.prod.outlook.com (2603:10b6:806:d2::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.23 via Frontend Transport; Tue, 20 Jul 2021 18:24:53 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 37cfc40c-2a3d-4ed5-6586-08d94babab4b X-MS-TrafficTypeDiagnostic: SN6PR12MB2768: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1751; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ZMWHKowwpyeGDeEmmGNHssacjo/fndbMJBC46mBJK7Q8lhhj3R0zBTrQmDy8oWLqj96o3GBzRujOv8GB6RTfe/opW/wTOez2jvungFJRPihqP9H8bd/zBcxOzR7fLRF5lL27W8WKhjDen/rGaZbJV2q07hYmqhc9qb3QiAGiYkWXAWWFhzu8520lgUH+gUuRVvpuEBKKSrDs2qbZNKUKYrQ4BmGi8mQ23wXu0Ass/os/PL2MDe6NYUPqcVXkzg+VVsh0rhyQpS1EQsVmXG21wuAOjam8xdJDi7IttZuzPgQQcIxw2CXMcckbg9njbBRg3+uFjL29vRhiohjN+WufoCFNDHTOzKSh2yLbg8G0qNnEeCVOyQaGTfHmrc29F0daIRn/LCsq38fHYIqlCmslqA1FXqKfhYV7yjtHBh6dxMJZTtmwqd15p7WJZBmGRxSV2YWT3Op/cQn8B/BeXoMCOl7vy7hwSNpSdNXylGy1ykriavfe2OtzBv/86wKkQCB3XP5mfZ+QKd+OM2tmapa+R4xSpMecTX91guFLnj46EvtGHJ+BmH1RwdPT7LS8nlkiqs7nQXK+fF2FAW2XQl8NXS2iODvym5d1IlZu9PIPO+RRvq6H97qSt7OgKywdPzOJwtcqFq8Ju22yT7Zws7y8sH3q+aqIakAO1Od3xOx5z5iq/wpAZyDJ2f60f9Hocn/YoKtq8Uk9FyoDgQAm1+6wSLvQLYBC9OP4Zhm5JrVgctn7mSdPxSFYkh9xUYjhlx04PfZV82SiLFVI429TL8UMDIpnVMs7Tqzy7W0JSVSmHzKOL6dkt8Auu997xpwMX/xi6JFeUxEYJqHl7Rs5+mJJY5NXtvV1OOyc0GxeVMI0afmAYSfAHBtV8u3JlxG94b9y X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(376002)(39860400002)(366004)(396003)(966005)(2616005)(8936002)(66946007)(83380400001)(53546011)(956004)(5660300002)(26005)(31696002)(4326008)(66556008)(86362001)(2906002)(36756003)(66476007)(52116002)(44832011)(16576012)(38350700002)(38100700002)(54906003)(8676002)(316002)(31686004)(6486002)(478600001)(7416002)(186003)(213903007)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Z0tLTDhYa1NKZHZaQVFDM3ltLzRaVENrbVdOL09SazAxeW1pU09iT3E2UzMy?= =?utf-8?B?dU5ISjlWWGpTQ09MNUd1OTBwVmJkT0RwVm1WcEVLMUVsWXFlNEtwME5kcDJK?= =?utf-8?B?NEpVaDlpdmVqZFBub2NHK1RITEt0Tk53OXlJZUI2NzZCK2ZWVmZ2TkpXNWdI?= =?utf-8?B?VWNiTUR3KzAva1RwdDJUNHVwMzF6UmZBVjVVcGJiNEZyU3VpYVlJNEczLzVx?= =?utf-8?B?V1QxaGRQZHZDcndQM0tnS2R4NXZ5eHRZVnh6SUs5VkEvOEYySXVzR056N0FP?= =?utf-8?B?Ky9PMmxyanRPNC9QdUZ2VWt6aGNGZ2liajM0MmRxeTBmR2wrT1RURkllUi8y?= =?utf-8?B?ZHBaMS9nVzRHa2ozTXBBQXJDSXFaeXVHZFY3YlYrY0Z3d2Q3Q1RPeHBpaS9r?= =?utf-8?B?QTV1N3F3YU1QY21CYVJRREhuaTloRmxWQnpES0RkVzUzWStXaWhHZnZaVlB6?= =?utf-8?B?OXVLV0hJYldZSW9KR281LzVRN1JPTllHS0t2QnpybW1lcEFwRGVlQ09Gcms2?= =?utf-8?B?bmEyZWdVYkhHaDJDTklNQnhTeS9uL0xxSnVLUzQzN3ZwNFRhVExwSGg4dG1H?= =?utf-8?B?eW5MTVFRTVZVYm1DTFFoR1BYMU1SY3NLUncxT296MnNBTEs0UmtOOEY1em5q?= =?utf-8?B?RlB1dStyT3hZVVVHQVU5aERHVEYwUk9zY3lsdTdoSmZib2taenBGS0J1Uml1?= =?utf-8?B?eFhSN0ozM3NaZnluekFRdmtZcFlZNzJoRGdjZEVhWFpwNUNTNXNsbnRBUjQ1?= =?utf-8?B?TFhWMnpobmlRT0cwdVB4MzFETW1RS05zNzk3OFRIWlhtTHZDM0w4YVV3MzRu?= =?utf-8?B?aTFiOUlPMEtpczRZenQwMmN1THMwdUVabFduZ1NzNkt2enRKZVBLL3hsamVJ?= =?utf-8?B?cXhuN0pLbFp5Zm9iUXBTdHpCQVpvaHFzU3lPcmliMDBXWTRnQ1d0WTlrazNC?= =?utf-8?B?WVRaVGcvcHI5RktDVFdYWEphTndobzhCRC81SUJMVGhaU2R1SHpybklzVHZq?= =?utf-8?B?cHBJWm5ic3BTSlkvOE1KTEQ4MHNqbG9iUWJ0N3NWdjBGUlpyekFCSmtHc2FS?= =?utf-8?B?WS9iSWZTbEVkcWhkZm41a2JDUmZSMzkzQklNRlBxODU1c3JQeHN4bnUzYkRp?= =?utf-8?B?TFdBci9WYnJ6a2E3WXFjRUlEdlN3ZUhPeFVTWFVSMTEzcWNsTXgvSUh0ZkpN?= =?utf-8?B?azNCc0NCY204UFVrN1picU4vRTdlWXRtTjRkb01MVzRqaGgzaCtvNlNveDE3?= =?utf-8?B?b1VJbE9xR1ZHSEJ3cjM4NEtIUlFHTDhVV20rSnRmbldkMUtTRmxMZExybDFx?= =?utf-8?B?eEtjVU1WOUpyMVZldDJ0YU1rVXBnRlhqZFNET1hWZ3hNOUZhL2ZORFp2Wi8z?= =?utf-8?B?M1N1Z1JKNmM5cVV6NTZMMWs4bEtYT2l5azRYQURwZ05oYjVPQ3lQcnNYZ2NV?= =?utf-8?B?bTcxaW10L1p1SkhoRmxvaEVMOTFDSURPTXRPZ3g2NkJuYktDUnYvRFExUHpy?= =?utf-8?B?WFJKbS83WmdIMTVBeDZYRTR6VmhMMUlPTkpheXhwekxrcXovY2JUVTJ3ZWlV?= =?utf-8?B?WlhKZWdVdHVwellTZU9MT20zck9EL1lJN1ZPNEc3WjQ3eXFEQnBBbzJNcTBk?= =?utf-8?B?dUNSYmNYQ2pNOFU3MUcrMjcwUGdENk9HRW1Ca1lKOWMxNjFSbk5WUDh6aEFt?= =?utf-8?B?clFVZnZiWlBKZFBZMEVXeDBZa2hSdlNwZTlHdG9MS2NoY2s0eWkrVnUySXNV?= =?utf-8?Q?e8zg6os+ozh/g48yDTnFvzgQF1PzUrQX79RzZa1?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 37cfc40c-2a3d-4ed5-6586-08d94babab4b X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jul 2021 18:24:53.6450 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: fNath9X2n8O4Ey1ZlRTvDsSRZxVN5+GDK6JLWSzQ9PVLVvOe+VJCuBxP9z6EbpEvuqBgebKUs2K0cydNW6XdOg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2768 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 7/20/21 3:04 AM, Dov Murik wrote: > Add an implementation for BlobVerifierLib that locates the SEV hashes > table and verifies that the calculated hashes of the kernel, initrd, and > cmdline blobs indeed match the expected hashes stated in the hashes > table. > > If there's a missing hash or a hash mismatch then EFI_ACCESS_DENIED is > returned which will cause a failure to load a kernel image. > > Cc: Ard Biesheuvel > Cc: Jordan Justen > Cc: Ashish Kalra > Cc: Brijesh Singh > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Min Xu > Cc: Tom Lendacky > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 > Co-developed-by: James Bottomley > Signed-off-by: James Bottomley > Signed-off-by: Dov Murik > --- Reviewed-by: Brijesh Singh thanks