From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web12.12924.1637681882430248555 for ; Tue, 23 Nov 2021 07:38:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=sjd5euX6; spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: jejb@linux.ibm.com) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1ANDX0Rb020070; Tue, 23 Nov 2021 15:38:00 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : reply-to : to : cc : date : in-reply-to : references : content-type : mime-version : content-transfer-encoding; s=pp1; bh=0iadDbA/ynyabWcEW0LX5K52OWX5w9r2TWJgeqxFqo0=; b=sjd5euX6vfxYozlvye+iG0a8KNn0QGkc6HZHiXgcFQnOg1o3FExnpGmji+2rUD5lDk8I He6oDYlGMiKnqSanq5wFPD7nCaDC79Y12fau7Cx8w9bAEsGJfKTXd+7MnoTJbVC792Wt NEiBTIvnW9ERORgoZ6JGbUnHUEiib9EBwvB1J73iMQLOAL/xJTdOhPcj8FsqjNDReEXb M6C+tG8+7FmZtorz0BpITNGH5yZPI8ad56OWEHv6rk5TFWjpJfVs8rTmFonN3Wg7dege 2sMEEhU14N05MpH5q9OqnfWW0z/HIO5gcZnnJNjd7zumc5w20GlEKtHKbZdKqp1QUWBO 6g== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3ch0pe3vg6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 23 Nov 2021 15:38:00 +0000 Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 1ANFZcsa032355; Tue, 23 Nov 2021 15:38:00 GMT Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com with ESMTP id 3ch0pe3vfk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 23 Nov 2021 15:38:00 +0000 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 1ANFCoDW013734; Tue, 23 Nov 2021 15:37:59 GMT Received: from b03cxnp07027.gho.boulder.ibm.com (b03cxnp07027.gho.boulder.ibm.com [9.17.130.14]) by ppma03dal.us.ibm.com with ESMTP id 3ch1nbap74-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 23 Nov 2021 15:37:58 +0000 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 1ANFbvWQ55443912 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 23 Nov 2021 15:37:57 GMT Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B8EBD78066; Tue, 23 Nov 2021 15:37:57 +0000 (GMT) Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EAE2A78063; Tue, 23 Nov 2021 15:37:55 +0000 (GMT) Received: from jarvis.int.hansenpartnership.com (unknown [9.163.26.160]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP; Tue, 23 Nov 2021 15:37:55 +0000 (GMT) Message-ID: <5ec6897681e46fe181193651164f0f17d5d1205d.camel@linux.ibm.com> Subject: Re: [edk2-devel] [PATCH V3 15/29] OvmfPkg: Update SecEntry.nasm to support Tdx From: "James Bottomley" Reply-To: jejb@linux.ibm.com To: devel@edk2.groups.io, jiewen.yao@intel.com Cc: Gerd Hoffmann , "Xu, Min M" , Ard Biesheuvel , "Justen, Jordan L" , Brijesh Singh , Erdem Aktas , Tom Lendacky Date: Tue, 23 Nov 2021 10:37:54 -0500 In-Reply-To: <1DF0C062-BF78-44E2-BE96-2C8727C36845@intel.com> References: <867e8a2aaf28c308b20a659057217453c6e38e00.1635769996.git.min.m.xu@intel.com> <20211103063045.kmttoxyluifwo2bq@sirius.home.kraxel.org> <20211117151942.iqow75zq2lrn5xlc@sirius.home.kraxel.org> <20211119151130.g2wcnuhivt3lxvzi@sirius.home.kraxel.org> <20211123123821.q4fanslttg72n2r3@sirius.home.kraxel.org> <1D6AF5B4-87BD-4773-A5C7-4779016A0673@intel.com> <1DF0C062-BF78-44E2-BE96-2C8727C36845@intel.com> User-Agent: Evolution 3.34.4 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 99pi1jZLSKB2iltFbj-ICR39jx35td1e X-Proofpoint-GUID: GxqUfZPiVGGrn6POBHFIzHrAF_jsgSD3 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-11-23_05,2021-11-23_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 impostorscore=0 suspectscore=0 bulkscore=0 clxscore=1015 malwarescore=0 mlxscore=0 spamscore=0 adultscore=0 priorityscore=1501 mlxlogscore=883 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2111230080 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit On Tue, 2021-11-23 at 15:10 +0000, Yao, Jiewen wrote: > I would say the PEI owns the system and all memory (including the > DXE). > > A bug in PEI may override the loaded DXE memory or the whole system. That's not the correct way to analyse the security properties. From the security point of view this is a trapdoor system: once you go through the door, you can't go back (the trapdoor being the jump from PEI to DXE). The trapdoor isolates the domains and allows you to analyse the security properties of each separately. It also allows separation of exposure ... which is what we use in this case: the PEI domain has very limited exposure, it's the DXE domain that has full exposure but, because of the trapdoor, bugs in PEI code can't be used to exploit the system when it has transitioned to the DXE domain. > In history I did see PEI security issues. > Some security issue in PEI caused system compromised completely. You > even have no chance to run DXE. The security domain analysis above doesn't mean no bug in PEI is ever exploitable but it does mean that there are fewer exploitability classes in PEI than DXE because the security domain is much less exposed. James