From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.49]) by mx.groups.io with SMTP id smtpd.web10.45217.1670857249211446383 for ; Mon, 12 Dec 2022 07:00:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=y+JrbC5N; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.49, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lK7ii4ym5D8/g9xnc5XVlu35BXN0JTO7WIjeUJ8EkHB88WyfJZO6IjFkTTD/0kxWD8cCLjOF7G3MAo63jQMSPQ8Usxa0v/3m49DJkFKABykt2PztvjboclkDBV48SQbyfUUuEHixMQYjQs3QIvrqCwJRp7UM1AFZodKvoNV0hTyKYao9hsKMo86MdsbehKryVVKBlvl6sjKt650RdqbfP85bMojoCO76wxaQ2Jr/JfAFAqdSGN5usIPEAC6o5UdoSFDJ2wGsB1AS95TdHEhdJ6YkvothqR5LNyEYX7v04XIICfmxV5gJfBWE9yM8h4yq2kD3YhDY+JglnbumwlFDAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=R18GEUenAuGtXzKDGm7LbiIsv/7gMEIiIWiR6FuHCeU=; b=L3w9ddxec8+ufu3CTpI3G0Tset4XpkexGvW6ApBFdKmBA0K8iPPBeihuLUYB8nH8nRNEC7I3QPImEw+O0GvpiD7hR4ReYXTchUdbRNl/wq8m1tw0cS9VLxTwuNGh7qCoFHn+j/BGgl7QUh32rmAVpghCShU4DoK71ECK+eOhSLj3Bc6UZBpFTROlWzfQxjKA294aWOtF9Aghr5zbD6iDOFRF2mGv5dDr/jU7fpFsIi5oxSRSu67tHJGEVyVp+HaQo47hAjI6mYTaGTnPHeJZhhAt/D/0MKWKq9LuRIUGWG6p7yxXogBfqwISLuhxH088KOFzJCIo/OiwFC9/P78uJQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=R18GEUenAuGtXzKDGm7LbiIsv/7gMEIiIWiR6FuHCeU=; b=y+JrbC5NAmSxm6moP/zJVhBz33Ae92QjdGRyAVOLt+llZW473+a0U5cY2gvZyN40JRhbMFfNbBuF5bOXlwr/opSqwfIZ+Y8kkCpYZW/uA05/1/3YdKkGQb75alZy2Xg8Z+MOmMM71AhKaV/p6Xdd8cZx6oEwyJnllzoTI4bG0X8= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by DS0PR12MB8197.namprd12.prod.outlook.com (2603:10b6:8:f1::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.19; Mon, 12 Dec 2022 15:00:47 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::8200:4042:8db4:63d7]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::8200:4042:8db4:63d7%4]) with mapi id 15.20.5880.019; Mon, 12 Dec 2022 15:00:47 +0000 Message-ID: <6e26dd9a-b3f1-5815-a743-0b8889ab6fe6@amd.com> Date: Mon, 12 Dec 2022 09:00:43 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 Subject: Re: [PATCH v2 1/1] OvmfPkg/AmdSev/SecretDxe: Allocate CC secret location as EfiACPIReclaimMemory To: Dov Murik , devel@edk2.groups.io Cc: Tobin Feldman-Fitzthum , Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , James Bottomley , Jiewen Yao , Jordan Justen , Michael Roth , Min Xu , Tobin Feldman-Fitzthum References: <20221212080808.2253768-1-dovmurik@linux.ibm.com> From: "Lendacky, Thomas" In-Reply-To: <20221212080808.2253768-1-dovmurik@linux.ibm.com> X-ClientProxiedBy: BL1PR13CA0417.namprd13.prod.outlook.com (2603:10b6:208:2c2::32) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|DS0PR12MB8197:EE_ X-MS-Office365-Filtering-Correlation-Id: 02e8f4ee-401a-4dae-ea3c-08dadc51a5c3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: q/RwFInClh/VZjvxiDR/IWRzV1wSyIaj4Qs85GuOEQH6RoJE+e9agVAc2UWRKfm0GRqbhH8iUsRgu6k2JiVAiKUx5UWb+ZtHMEBv1AyiDdqD3H7Kg4aVO7fv1z7S0aBjHbx3qz5xbRVFf8amS+Kb/P/wZloPs6qMhYWB7mC0Rp9OkvC7udvkGzR7yHOf6nHyd/rzufU0VhZwWRyc0+SflZvGGnNgTdZ8Hi7YyC1ZaX8hJDaE22RXel28Sh3kvocGG1Cy8+p12EuNAecl0QMM9OBDPlZFz0fgxskQ1HkKxhpKYj9zVLXmU4MSmzUFEBUPzSSVA8mXmHTJ1CwsclpLJbWo/Y+ZkfFzQrJGIDyHi1/5OqDhtEEANY3b0TZgVIr0CKw2RYgu+nr+5MsgVmtRcYzJ2QH0Cv+ltE0NTk/gCYOaVozT9qP2+aXv+NgvvpypWv5nyYdKAApiycusx1l+XlspHYBNLaLgcgCRPjJA9iTj16lm84/+joSgvYZGVy7hwDNg0ep0CaDtOsD/IOz1Qc46TwfeZiukO03RzVFFSGfD3VpC1AM8jx3aAnXljxBDaeGertApPck8uSKRHorrl3pl5kW3SWZXmvBAraHHZ0BEkqK2T6bJIDhUijvUrUwBpX4qO7Tte1CuUwdw6JjrC6Abf10SJM1HIOjcLeIszRoIL80YKSqohjemiPse85Aiz93UqED39aJf/gcTUTSBZjb/yZoAe6zs2JfNgofdrkA+xKsYVpS6ra5BuihdS/RnE6PxW4GUyv5yyO17OaT67AGQ6O/n0UbOv8nOgW1hJpHFNp6mp7DhWdyt9C/XQw2C X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(346002)(39860400002)(376002)(396003)(366004)(136003)(451199015)(38100700002)(5660300002)(7416002)(31696002)(86362001)(478600001)(2906002)(6486002)(966005)(41300700001)(6666004)(66946007)(54906003)(4326008)(66556008)(316002)(8676002)(6512007)(6506007)(26005)(186003)(8936002)(83380400001)(53546011)(2616005)(66476007)(31686004)(36756003)(145603002)(219293001)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?WXNkQmVveXNHT0IzVjIwSzhEck1pSEFSRFZZS2h5NjBuS2huZld0YU9DWkRK?= =?utf-8?B?V3JUR3NvVEdmOFp5KzJUNnVXUkZFWnpyaGs5ZHFpREJkUnFxR29UWHQ3K25I?= =?utf-8?B?R1V1YUE3a1RWTnp6aGdtUjBGK3NzUFRNcXpUK1FsR04vVTU0bi8zb1M3dG93?= =?utf-8?B?RERBN1hEdlV4RU1DUWUyOHRmZHlxZzRoWGg3UXlqbnk3US84ZjIrM1ZZZHRF?= =?utf-8?B?ZDV5N2RSUDZ4L0dWRTBjVTRvaHVMOWZIY0xCVzgrSzRibVJYaGx0ODVVS0hh?= =?utf-8?B?TmVOWVh5UDUxVmJIcTAycHdodVN6L2pwaUlMdWQwNGQ3SWRQTmo1akFPbUp6?= =?utf-8?B?cExJT0hnWGhiOWNsdCtUNXdxb2dqM1czNGlHQWUxMjk3ZzJ3dGtFakFsLzB2?= =?utf-8?B?WFJWS2M4YVo4QjJEWHp0RURGVUg0ZDVBdXVhNWIwR21DNzJtbDNpQWFaeVJI?= =?utf-8?B?S1JSVStDdllIbE91QXlsb3V6cituRTR3d3NzdHN3SFVGb09WNjZLZGU5cEEr?= =?utf-8?B?OFIzTEduMVFKamgwRm1Vb2VBeWVFVzROd3owOXp1RTZVN2JFclU2enJiQldq?= =?utf-8?B?dnJ3cGFIWDVrbVpPeDRUejM5cFl4Z2RQZTB4Wk03SDBaY3hVSU1SaHMyM3Ns?= =?utf-8?B?d1paWTNuNy84QUZiS3lpRVYyeXc5YmVFU3Zmbk1uT2R1UHE4T1JCRkR6ek4r?= =?utf-8?B?a2EwMFluaVNCM1QwRjFmTGRnMGxaRG5aRWFhZ1NtZVgvdGJqSUdNRjFoTHJP?= =?utf-8?B?NHhyTEU4b3JwTkNIdEpZQlNyZEFvQWxnVG43MWpoamEvMjhsejdUVHdGR05u?= =?utf-8?B?VC9nWE1SNWlRWU1KQ3ZFMnVXTjFnVngxK3liOWU2UElQSGpZaHp6VHBYbnFX?= =?utf-8?B?QTQxWm1Jck9pQ1lBNnlkb0Uwa3IvODB1UkpYbGVvYXIvVmVCNGJQR0ZrSXJL?= =?utf-8?B?RkZxZHp5aEJsYk94Y0ZvS2RnT2EwL3k4M0JWNGFHcGRGdVZxU0VkTnJDL1ZS?= =?utf-8?B?emJkdVV5ZU1sYmtydnhJamF1RHJFanZoVHcweGF3aHpFYVhSWjNSM25YYlNS?= =?utf-8?B?N21UQm8rcnpocW9GaEZWdjQrK2FPcUZnSDAvUVFURkJtMFRHYmJzZmF0WUpx?= =?utf-8?B?clQ0cS9RWTVhdlpEcFl3dWJEcVhkcVR4Z0FJTU5KNzFPdkpMRlJGRkNDK0Uw?= =?utf-8?B?WXVoa1FBV1BXSDMxNDBUUEtGSVBrNTFTZnNCNUFvV0gwbnQ3ckZDRkVVVEdp?= =?utf-8?B?aVFPZkhFWUVFZHkxK21RSk1EQ084Q0o3ZUY0Z0pualpOOWs5bmQ5U0IzYmhP?= =?utf-8?B?ODdpaHlyZUFFY3phaUVlV0dtVDNUakFiOTd2R1BxNUgvaDQrUTRmY2t1MEJW?= =?utf-8?B?UzZPQlB5VHZFVVlMZ1NBUmpiS29icnAwK2hHN1lVNnlzZ2dyZCsrbkMveDlh?= =?utf-8?B?UnRKWXdyelAzL0luUElUUXBkb3NpZVRKdXdudWNVZ0tXVE9ualBGTVM1akl5?= =?utf-8?B?N1RHa2EzTDlRcUMvTTlBZmMvODJBMjMrQjBvV2RiWFJ3aWlDZmtXRDgxSWZE?= =?utf-8?B?TzFSN2ZkMzhockZnTlkrd1F2RHZOWElBK1hDRmxmeVJid3duZDhFQm9wd08y?= =?utf-8?B?dEdqeXBRT0xURk9RMVFnSmp4WXhjMFhwNXBTWHJLbmhIWjRVeE9GR3M5U2Z2?= =?utf-8?B?ckFGeHhqR052RFg4NFlsSkxCcjdCcjROT1U0Qnh3V0lrQWpRU0FLb0hNM2lh?= =?utf-8?B?RTg0QTFoQlVGdnk2b3JUbGt2OHQyKzVnaEtsd3hubEg0SWR4VmdBU2lFdnha?= =?utf-8?B?dzUxL1Y5SWx6N3dqR0xmSWRGSFVaZjhBY1hFL3FVOXZlenJSbldtaUJsZDRB?= =?utf-8?B?UHVlaGFVdmhOTTlhcVJmcFA2MlNpZjVNTUZVV1M2Vk9nTWwrWFhpRis3REtW?= =?utf-8?B?eFM3RzhiSll3Z0k1MjQyVU9NSjlsOExLbTB1TjE5YlpSYlVmS0xuUGdUT0VD?= =?utf-8?B?QWMrWlpLOU93QmxJeUVZV3R2UE1BTU02K0djZ1VIZGNBcmZBbklCeC82SmUx?= =?utf-8?B?cHhoWFY0TXdpeFZTZi9nT28zWEttNlBtNE5BWHFvOWdsZkhKdXpRL0J5WXNJ?= =?utf-8?Q?H4MH9pF0bmzNmaVY5Ze7iIPvP?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 02e8f4ee-401a-4dae-ea3c-08dadc51a5c3 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2022 15:00:47.1181 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: BLDNYzwuF3DDiAdPVEXOYASfSj/Iq8bXYcgcCJq1rLAcqU5audtqyhAePe4ZEWjGtryJO2Dwr96M2QMDmdScHQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8197 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 12/12/22 02:08, Dov Murik wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4186 > > Commit 079a58276b98 ("OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret > area as reserved") marked the launch secret area itself (1 page) as > reserved so the guest OS can use it during the lifetime of the OS. > However, the address and size of the secret area held in the > CONFIDENTIAL_COMPUTING_SECRET_LOCATION struct are declared as STATIC in > OVMF (in AmdSev/SecretDxe); therefore there's no guarantee that it will > not be written over by OS data. > > Fix this by allocating the memory for the > CONFIDENTIAL_COMPUTING_SECRET_LOCATION struct with the > EfiACPIReclaimMemory memory type to ensure the guest OS will not reuse > this memory. > > Fixes: 079a58276b98 ("OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved") > Cc: Ard Biesheuvel > Cc: Erdem Aktas > Cc: Gerd Hoffmann > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Jordan Justen > Cc: Michael Roth > Cc: Min Xu > Cc: Tobin Feldman-Fitzthum > Cc: Tom Lendacky > Signed-off-by: Dov Murik Reviewed-by: Tom Lendacky > > --- > > v2 changes: > * Allocate with EfiACPIReclaimMemory memory type (thanks Ard) > --- > OvmfPkg/AmdSev/SecretDxe/SecretDxe.c | 22 ++++++++++++++------ > 1 file changed, 16 insertions(+), 6 deletions(-) > > diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c > index 3d84b2545052..4f65b1ce5ba5 100644 > --- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c > +++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c > @@ -8,11 +8,6 @@ > #include > #include > > -STATIC CONFIDENTIAL_COMPUTING_SECRET_LOCATION mSecretDxeTable = { > - FixedPcdGet32 (PcdSevLaunchSecretBase), > - FixedPcdGet32 (PcdSevLaunchSecretSize), > -}; > - > EFI_STATUS > EFIAPI > InitializeSecretDxe ( > @@ -20,8 +15,23 @@ InitializeSecretDxe ( > IN EFI_SYSTEM_TABLE *SystemTable > ) > { > + EFI_STATUS Status; > + CONFIDENTIAL_COMPUTING_SECRET_LOCATION *SecretDxeTable; > + > + Status = gBS->AllocatePool ( > + EfiACPIReclaimMemory, > + sizeof (CONFIDENTIAL_COMPUTING_SECRET_LOCATION), > + (VOID **)&SecretDxeTable > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + SecretDxeTable->Base = FixedPcdGet32 (PcdSevLaunchSecretBase); > + SecretDxeTable->Size = FixedPcdGet32 (PcdSevLaunchSecretSize); > + > return gBS->InstallConfigurationTable ( > &gConfidentialComputingSecretGuid, > - &mSecretDxeTable > + SecretDxeTable > ); > }