From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.80]) by mx.groups.io with SMTP id smtpd.web10.309.1626798267960345149 for ; Tue, 20 Jul 2021 09:24:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=WLethick; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.80, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HDXd0rXQwUohi2/NyNbtAkngoWRZiM+eWO/UXK8lqTL5K6Nc66uJq7CYvUuD14pXtLy2uQJovUZP+Ri8MxgG17tkywKbeA57mcP3ZnP5/iwVC0kmTjFTrPvPyuUSCQbokbSVxuB//XrtyxiJGZZkTuV8KrPtComAziCPrP1MXD+DzFWRWqc++okWhj1NS5kCCUiG2nDVbqQdjZI39+Ht131oS2kieRrDO7sYZ9jjedw3fFjZHZB5zlbA5TLOoTOoivONFq1pqlT9Qce0L1Mi/lhOl3w8CLuFoarz6b2aUA1RTnCdZeAA4Z1I+98K5fuFU1/HsRy2CJz1O7C4EjfiTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dCKOK1chbt0mQ1AKB3uvy1cEXqqR0kyGBONjE3n0K/E=; b=A1mcgSTGAq796UvUCR3Y0KEUCfmsO6+zpJ4HRmYDLV+cbqCXJ7NuC0QwYLoPXw1xm2GEAZK02OyTTx7hVwi1VwOSR0Xw7JUjJQeocPnM4ywUbHERQzPbl0JFYu52NYU1+5eZJ2SfJJVw5ul25jOA+N7HgPxB4JVEz1am4fZhjOHLDHXqc4X8O8yS6IvEGzNNHrZcG49uzZHqeqOPc3OQ3NzyWSfja2mtjJu0pAL8MdsLKLkkF+Let1t3rLKPdpCOM7Yqpi3v4E+Fe5lqqPcG5tTmZE1q2lrqD2Q+m38/HfLvmJdc+EtGm8SW9pkoPbKzlT+KTN2gzUOGt/rW8nNq6w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dCKOK1chbt0mQ1AKB3uvy1cEXqqR0kyGBONjE3n0K/E=; b=WLethickhOj8AnxXnkFhy2/KvVoCGBqTOJBrmPnSV4f2WarUzCk0JpIyeqJU7U6zPMVwHRvsADlKbYcXSjZDr9l9QyM+kv6sZjfFCTzD9V678O2pwrittkaok6hUY8ldcIKDsGoHMAIpxof01FIlGY+ewHYfd9xbQKHVdeB1F8g= Authentication-Results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by DM8PR12MB5447.namprd12.prod.outlook.com (2603:10b6:8:36::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21; Tue, 20 Jul 2021 16:24:26 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::73:2581:970b:3208]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::73:2581:970b:3208%3]) with mapi id 15.20.4331.034; Tue, 20 Jul 2021 16:24:25 +0000 Subject: Re: [PATCH v3 07/11] OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg To: Dov Murik , devel@edk2.groups.io Cc: Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , Jim Cadden , James Bottomley , Hubertus Franke , Ard Biesheuvel , Jordan Justen , Ashish Kalra , Brijesh Singh , Erdem Aktas , Jiewen Yao , Min Xu References: <20210720080401.3662854-1-dovmurik@linux.ibm.com> <20210720080401.3662854-8-dovmurik@linux.ibm.com> From: "Lendacky, Thomas" Message-ID: <793a90db-f2e1-c72c-6e3a-29a473689ad3@amd.com> Date: Tue, 20 Jul 2021 11:24:23 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: <20210720080401.3662854-8-dovmurik@linux.ibm.com> X-ClientProxiedBy: SN4PR0501CA0030.namprd05.prod.outlook.com (2603:10b6:803:40::43) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.30.241] (165.204.77.1) by SN4PR0501CA0030.namprd05.prod.outlook.com (2603:10b6:803:40::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.10 via Frontend Transport; Tue, 20 Jul 2021 16:24:25 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c4a95546-276f-4953-5dbf-08d94b9ad73b X-MS-TrafficTypeDiagnostic: DM8PR12MB5447: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2000; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6J+iJ+IKlsdMPYr0golv9u8UFxi2CyX1YvLH25SHgNDstA2ppIATdK6xz9xhh82DXOdovEiINoi0J+duA6Yl5tDtvdwoEX0nCKYlyc3xuuK4l0nOSSRDyvsR9QifInT7Lz5fZ02bneIJgEVPQaB8yvZG3uv+94w9SDhR+GwUYur4bVvdGIGFEgsWQ65KXiphwac9WbI8wB92Nksvnsq5a63fon2fXK7VxXEnd4ahR+os45MVmJ1ig/AVIsHR5JfbHAFs78lfJcCkz8X/LabLgMzTzKWuEfzF9n3CBpbdQvk5na7xuklXu2V2Uvq8U2QiWPVgebxAlvgMRUk81Tfg6CaglHYm9oTaBsDGmhaVcps25ScTtt6SRrPzb+4j72+zLbsefXz5iOVOb3dUQxQD8nNn/68wSwrUsHXE6rEMlJ2ClIbhihHfrhRcgMCfcO3i7fRaJIb/hyU+SmSK5HN9kF6DPsQmC72+xj5li/BVc0gNCa3gVQvyzOThP5Tf6MPomU/xzT/vcsCqWax/UyjP5BrPRi6RWa5so8r5JNfOW8J6AYyVbbDwNpbSqXuuiu+TpJoJ6j8MB8jypINQCWjCqfsQwKPDkdxXdAAxbyrv23/MS/0b+Jm99x3XsdULDP9ueFBRFCXjyCAQNiYl9hDgwZN6XRFdBW+w142FkgWprlf5jSnweFWYQhvOsEpQXsoKo4Uc32StOp0TomsyFU83lI6Gw4E56IVKUrdiLELFQjrz1bqDBsYh0N0obihw24bW+OaAPbRAhswKZXEb+u+1KxIPTcfNc9wydd7Bv0B9nji7zOdrp5T2cUE7evvM5cmw X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(366004)(346002)(39860400002)(136003)(396003)(376002)(5660300002)(186003)(8676002)(26005)(66556008)(36756003)(31696002)(53546011)(966005)(956004)(2616005)(478600001)(4326008)(54906003)(86362001)(16576012)(2906002)(31686004)(7416002)(83380400001)(15650500001)(316002)(66946007)(6486002)(38100700002)(8936002)(66476007)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?OURnQmFZZjgyNTBRVzNtQ3EwazFSNHZFNld5ckI4NldVbjcxSE5FSUxkTEZ1?= =?utf-8?B?TmlzUkc1WExBSEFnVU1EemRtYzZmUGg1TW9WTzRwNytvKzN3dDNpMGNxQXEx?= =?utf-8?B?OVhvRDNLT3N0eGlwc1lOVnJSWXRlQWJ0NjY3OXROdUh0YmdLRk50L1pqTUNL?= =?utf-8?B?R1VrUjFkZDFlVDMxbG5POXhRZFBLcEVxSVlrT1MwU3NtSmlhYkdBN1FZZW1x?= =?utf-8?B?b2llZzVHNnN2dDhYWDl6VERBOVN2OEptcTlwb0pXMlE4MVJlcERML0VDaUI4?= =?utf-8?B?TUpJNk5SOWRZMk16TEE4cUpueG1HRCtiaUdvbTV6RzB6OWVKSmgvalR1L0No?= =?utf-8?B?aHVRcFA2aGF2MDRWellQYjM1L1VhNHR6Rm1WeFB2dWpYWko4SWwxMkVVZ0J1?= =?utf-8?B?M0l6WnZCZktPcE1sYnBrbTVZcGE1Zzl3Q2tsNGk5S2VtYndaYy9DaVJwUFF4?= =?utf-8?B?Z0NqVlUwSmlPOTdGb0U0VFErMlNMSW5vMXpnZnRCNzJHdjdOL3NJSkV3VTlt?= =?utf-8?B?ZnJEdE0vcFNZSlF4b3IrTmFFOHQ3M2h6bmNJWm4zZWdzd3FQb3dWWTNNYmIw?= =?utf-8?B?Y3ExM2htSVA0SDk4aTZiMW5aV1VHZVQxekJhVEh4dGNYUkFraEFMa3RtbWZB?= =?utf-8?B?S05kRStOREVZTkVWN1BrOHRuT2ZIUXN2THBGWk4vTG1XY0hUd2pxZ0ZpUjg2?= =?utf-8?B?UGZYV1QxYUZUeWRzbmtLTGQ4c1Z5U29Hc3h3MXQ3Ykg3RmwraUk1Mk90cDl4?= =?utf-8?B?UzhwY1h1MzNHb2tQWUlDU0RmVkhTN0lrRFkxKzJDc1d4NW5PdlhHOXJWakp6?= =?utf-8?B?SUI5dEJNN3EwVW1KWmtDR1FLYlVVQzlkbk9NdVdiTUN1bUo0VVBOYVlMZ0cw?= =?utf-8?B?YTE4SW1MOUcwOXBCUnEyVFV1K1hLTEl4NkVCZFZhYjFzVnltWXRDbWRIa09S?= =?utf-8?B?UDh3UXhaREFlSElHWEtsVDdtSld6d1c1T1JvVWZiNEVCZVg2aVBSeVFrZ29N?= =?utf-8?B?WlhEZnB5VTVDQzZ5TE5LeHJYYmVtc2tzYVNGbTc1aHZqaXErS0cvRkY3OHNY?= =?utf-8?B?Umw2U2ZjME9mWDF0VXVTSnI2S3NZSnB0VmdOTllUYlVBNHV2REdkS0JMdnho?= =?utf-8?B?YWtYdllGT25Nc05ieXBSaHVOMXRyc3VuUU5hZEVKL1daN2RQcHZ3QnJad3Zy?= =?utf-8?B?bU5TbUtqY3h0QmMyQXRRb2s4RHRQOUV5dWt4UXlJOWlnL1QwbERnbWNXRFRX?= =?utf-8?B?RlNaeGpVcGVFZ3BCc3JoQVlBOWZCeUhEbk1YYjJSbkd1cE5Ia1ozZVhLd3N5?= =?utf-8?B?QjNoTCt5WVdyM3JDeVI3YVFlcHhUUWpDWWQyM2t1NlFVc25TeUlSYTN4RHlx?= =?utf-8?B?VXBFS2U5aDlHU3RXdlRpN1l4RzM2UkpMM3VQVEtncUJ5NE85TDNBV1Y1M3VZ?= =?utf-8?B?U0IrV2ltUk03WFQ0TXR4dURobDQ3dzVhbDg5NkNoY3Z0RTExclZWMWgxUW5P?= =?utf-8?B?aTFnaTF1ZDVScis0TEwxamNQUUlEdlFsMGRhQUExdlZ2dnNUZGJ6YzlIZ0ZH?= =?utf-8?B?QUVGUlZjOUFjS0tzendRcXZ3N1h5dDE0ZnB5UlFxY29aSEJLNi9LYXRJanY4?= =?utf-8?B?dzFvMzNwd1ZZQmtJZy9wTElYa0M2UlNVSXM1ZmMwZEprY0RPbU9BRWtrenhk?= =?utf-8?B?eCtaUGhFMS9ZYmZvSWgyRklXRWJXZThRWGVzaEpXazRxR2I4NFlSc3pseXVw?= =?utf-8?Q?nZoL8JsxL0MPgCNZyfBUkc4f8avEFm+IhWFc92q?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c4a95546-276f-4953-5dbf-08d94b9ad73b X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jul 2021 16:24:25.8431 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EfExeVsUcQfh3EULWaZMvF3fpYMhygnMe3QB4jyqT3qf+utcmHWY4VkQIe7OI7MGHVGq4G2XdeyO9LHE5+VbAA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR12MB5447 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 7/20/21 3:03 AM, Dov Murik wrote: > In QemuKernelLoaderFsDxeEntrypoint we use FetchBlob to read the content > of the kernel/initrd/cmdline from the QEMU fw_cfg interface. Insert a > call to VerifyBlob after fetching to allow BlobVerifierLib > implementations to add a verification step for these blobs. > > This will allow confidential computing OVMF builds to add verification > mechanisms for these blobs that originate from an untrusted source > (QEMU). > > The null implementation of BlobVerifierLib does nothing in VerifyBlob, > and therefore no functional change is expected. > > Cc: Ard Biesheuvel > Cc: Jordan Justen > Cc: Ashish Kalra > Cc: Brijesh Singh > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Min Xu > Cc: Tom Lendacky > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 > Co-developed-by: James Bottomley > Signed-off-by: James Bottomley > Signed-off-by: Dov Murik Reviewed-by: Tom Lendacky > Reviewed-by: Brijesh Singh > --- > OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c | 9 +++++++++ > 1 file changed, 9 insertions(+)