From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.61]) by mx.groups.io with SMTP id smtpd.web10.30084.1626709864190533715 for ; Mon, 19 Jul 2021 08:51:04 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=1EshIpBG; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.61, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aily97w/VUWHmiXFstrpppySG/r4vOqm1NoDJYhxpDrmsLU2UOhb4J1zJ52L4EQmIRUdzsDRL6D91GgCnTmBipYYRjOdNQwsWCFDdg81wwRBAl0z87Jh2GWnJ0QA7e6pcZmFHO1FpS9bvEq2/uByF0uy+OM4rpmF0lnzdfHqgnu7Tr7SCGf+sFO4Xoy/GecffVik9p5VZjVtch/dvaOWotkk5/uIghnl7RXjKCJ9uc5+ujf5Af3Np+Dlnj/vUdl7uaIgW5oBBoxR+m/UPPfyxuQ6tG+PRJ0IGr3mZjoOubi1oU0bR9srsRcWdv3VkEk+ItsRkwAvFWP7ULanOHsDAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PPNAl4t8DhJ6ny9g0ATGo4SnHCFC/OWlCedhGBlHJjY=; b=Zb9d/zb8ZlejkGOJ8RljP5pJTWng24kHUM60K2tno0vO6ufBdPEEYCQd+OzQiUj5BT7AwjdC22zZ9MmT4qF82CHYRhrff3vf4xaTXf1Bo5iAS7OwIwDvoprvwFOi6MheBN69G5jeb8Ke1giIc0zJEYiXz/+lvLASgxpm8K2mm/OmtXeX3oazXR+c6o3/uaO5qeJOjY77yGHoAaqgaxkdfFrT/e7gkI8YgPa76kNsB+oBUsoWyxb22qU1VFkMsZ3bjbZB4a8uSgd9Qw7c9qi5TO8P/8spAZVOLvTuT7wHd5jCK3+m6kCZItiAFi3nqkRit4+aWCI1Uav+eaLUx7CzSg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PPNAl4t8DhJ6ny9g0ATGo4SnHCFC/OWlCedhGBlHJjY=; b=1EshIpBG/F816Fq4VlmaQma1KZVuNgtgdmuWs1jzUNV2D1AHCx57sOnVumm6dScKgP0tU/S+VynCDdV3Sx1wJOdZmD6Rjj4KrNhJf7HW1A9WO8fV5vHzZaS//U+kBTLKHs7WG4gpCWXo6cV/uF/nOGUb93pUKIXELKFBCxTnUXs= Authentication-Results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by DM6PR12MB5552.namprd12.prod.outlook.com (2603:10b6:5:1bd::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21; Mon, 19 Jul 2021 15:51:02 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::73:2581:970b:3208]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::73:2581:970b:3208%3]) with mapi id 15.20.4331.032; Mon, 19 Jul 2021 15:51:02 +0000 Subject: Re: [PATCH v2 04/11] OvmfPkg: add library class BlobVerifierLib with null implementation To: Dov Murik , devel@edk2.groups.io Cc: Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , Jim Cadden , James Bottomley , Hubertus Franke , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Ashish Kalra , Brijesh Singh , Erdem Aktas , Jiewen Yao , Min Xu References: <20210706085501.1260662-1-dovmurik@linux.ibm.com> <20210706085501.1260662-5-dovmurik@linux.ibm.com> From: "Lendacky, Thomas" Message-ID: <8f07b11e-90cd-1ecf-c512-5b17bf616a65@amd.com> Date: Mon, 19 Jul 2021 10:50:59 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: <20210706085501.1260662-5-dovmurik@linux.ibm.com> X-ClientProxiedBy: SA9P223CA0027.NAMP223.PROD.OUTLOOK.COM (2603:10b6:806:26::32) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.30.241] (165.204.77.1) by SA9P223CA0027.NAMP223.PROD.OUTLOOK.COM (2603:10b6:806:26::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.23 via Frontend Transport; Mon, 19 Jul 2021 15:51:01 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7b758c5a-1b18-4f85-c7a3-08d94acd029d X-MS-TrafficTypeDiagnostic: DM6PR12MB5552: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: y2uzVTvuZcJILcpAUUM/ErJgpQpBk2rO1szX2fWZvGwZEDWRGqOoVhikn5PmduzUWlUWdQTnrSrIkANBFmH6c5KAETELmvt+F0LV5eMh9Da7D7C7QmQN08gKv7vlA2lWyLHmgCU7SkqeSWcfDEcsK5iVNF5o9aCTADwdPOBG3Osqi0WW0g56IcUSagSZHFSGbebsG1Jm/r0KOPp/WfzK48mPzIdQhy54V+ze4Aud9J8Pp7i23xks78GWi6r5XszR4fzLSAduAESeEbIiuGQHTuaNFjAn3Lto+1dw4Z2tNYN4Seilw5QK4uH7HKoiClM0UO8V/onHao8SMwzrTyzsoFs6kRUD1ccgMptetTEsIf/oC0iBXAZ0V0jRoI4LPeX/XOqseyKwJrTBtGbdx4iHxgY42mM3n5T3fX466jQ0J3g+VyIzBebrmkNZ+NkdZCYINEqjhSpwqC5OU4/elv/mzN+I/Vw4mwcXQyFF76JQAImE1TdS+8FxPeY4lzg0RagYw3FFnp6O/A5ODUf9M3CG/zzgfeyArYT4juHIa8ZaU/y+fz0Z2taDxxTmnblFW6TkIhbEmHfeeTA+TD2J0GMbCsFtrRiqjZFbBHeQXUm7IY5FYsVyfIUMEMQi5c50O/GSjVIUH/m/cVbyw5HXLetUUYoCibnJhz1VJFbV9Zjc+Xm824S36mfeVzi5ZOWPGPUHMDmRz0DzId5BbzsZ+gOfRK//IfuqXcHZWmoluAOuCDrFqPgzezDkBZPnzwI1AtQrS7gRycDufyIxVrfgOmNGXd1iCCjjrxhJn0qiOq1EBTzf0dCKGdWtr2cDKrZ2iJqa X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(346002)(376002)(39860400002)(396003)(136003)(36756003)(2906002)(31686004)(31696002)(86362001)(8676002)(186003)(956004)(54906003)(26005)(316002)(2616005)(16576012)(6486002)(478600001)(966005)(8936002)(7416002)(53546011)(38100700002)(5660300002)(66476007)(4326008)(66946007)(83380400001)(66556008)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?cVJidmZlR3VVV1dFajNGQUE0RnVtamk2TGZyL1BDbFBvM3NsVXNIWmFPMFBN?= =?utf-8?B?d2pWa2M2eVpqRThaM3A5ZFM4emNyUEFNUzVSaTVtV3VUZGZTbUJJREhHSWxP?= =?utf-8?B?OE5KQU8rSzJKaUppazdXS1pjSjlZelVmTmpOcW1NN0llZGNOVTVORkYxQUl3?= =?utf-8?B?OGhnRTl6WHVlelhQL3V4TTZvQ2NDNCthNW9JUERKRUNlWExFZGhzK0RmOTYw?= =?utf-8?B?NUowNkI4RFpjRlRtalRYU1hxaElxUzBqRDhZTG9xMklKd0ZxU1BkY1NOcjl2?= =?utf-8?B?YmRUOWRkUWlYcGhtM2NlQjhUUGlicTlXZklUL1dLT2R5NXFqMlhRVU8zTW15?= =?utf-8?B?aHhYeGpZVXlrcGpPdXd3eW5SUGVHL3FJMlExMDVXQk5mTUx5dDRZQ1dQcDZt?= =?utf-8?B?SVRQRk5GU2tmcCt5c3BXdDB2eWJDaG1XUDdyWHRCazhZR0RqcjVDL2c3YVhI?= =?utf-8?B?blIxWE1reG1iOXJjNWNzMDk0QndtLy9jbys2L1BkZVMybXdZdVNsL1RnenEw?= =?utf-8?B?NWpDMzZ1UlRzTE9mdXFpSUVFRkNHZWxTZi92OXVUYTVwTnp5OUo5REkxMmRI?= =?utf-8?B?UFViY2VpbFB2akpSNmp3YXVsaS9Sd3h1ZTh1anZvZXlJbWlmOHBRajNSVHpK?= =?utf-8?B?MEdGcEc0ejQyNVROUVZwR2o0b01jYUp2MWVjRE5IZlFMUG5zdHJNbE1hVzZx?= =?utf-8?B?cmhxbE1nWkVzTktRMEZFYzdHa3RMMjQzZ3cwb0c0VGJDdVU2L3VGbjN0MUky?= =?utf-8?B?SDhCeWxiWDRtYlhzdEtwMG9xdGdnaEcrN3U4RFY3cituM2RKckFJZlZ2QzhT?= =?utf-8?B?TVNnZHN5UldmeDMzWXR3U0VUNWRGTG1DbUlIQzUybjdpRlYyeE12RFRtaHMw?= =?utf-8?B?dy9RYlpTUkJ4djVkMmVDYmI4TERtWVpBZVdtaytlWTNHbHp4dDlnMGhFc1B4?= =?utf-8?B?TXFpdkFDVVlqZVJEYjloSXQwM2tLdTdLcmw2RE1qQ0h1SEZpUFhQeEhYRmFs?= =?utf-8?B?cXUyUzh5ZktMVVJ0MjRiUUF3dFc4MUQ3ZWpvdDB3Y0FrY0YvVjV0V1Z5Rlpp?= =?utf-8?B?WDN1eG5jRnBIMjMrK21UTjJZOFZkcit3ZWtFWEtscDAvTUs5Y3FTc2hxb0xU?= =?utf-8?B?dE9YUXlzNG1GTE4xTDVxaFdCOTU0ci9HUFFIQ1ZnRjdnYUdaOFNhL2NzckFP?= =?utf-8?B?YmV0MWd4amtvTWhUM3MvdC80VTJ5SHFmYnNsYitjdGxOb2RSaVhxaXpZUWZJ?= =?utf-8?B?V1FiLys3dHRZTU9yZy9JR25vM251NHltWVhoV2pMb1hBQmhGZ2IwRWVkT0ds?= =?utf-8?B?cDBIL0UxbUNHMkoxVjd1empONHRhVGR1TkNQcGU2cHlDWVVwaWdoMkRZZnFq?= =?utf-8?B?b051RGE0TUk5VTF5SWlNOEc5WVhWUUp0MDNGSnhRMkFjM3Z5eE1DZFM1MnR3?= =?utf-8?B?NVNTR2g1QmVUKzRlTWZrSVNXaGNkaUFqN1d6KzZNd1dFSHFjZmdyTC9kRTRV?= =?utf-8?B?cmhPdTlSc3BHSFJxcjJOUi9KQ09SMTdMelFFb214YkVRZWdIUDI5aFdIL3V2?= =?utf-8?B?T2NXVGpPbnRxSFRlNWQrdFE5eUxoRXk2RlV2Umd3dC91T2FhbGhBb1ZGYTI2?= =?utf-8?B?MVU5R0ZLTmYrOFN3VWtkRGJUMDVBcnBCY1VmYnU5ekpweUJRNXlIMzNKSmxV?= =?utf-8?B?TEk5WVdOeXdCN29LWWZhdFVLcElVZCtlV2ZvZWF4Y3dFNndyaGdBUmk0d1Nv?= =?utf-8?Q?jMyeJT4Bd/9n+WJT27srIBLvO1a51xrJl7vSLk3?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7b758c5a-1b18-4f85-c7a3-08d94acd029d X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jul 2021 15:51:02.3446 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: azOQ25EwpAHnCCesHzNOS/hObmK4Br7GKfN8dbpM39YmZQjkvNZA1eAZmQ+o5k/o4bGmGb/UUMpvTIJkW0vJ4A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB5552 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 7/6/21 3:54 AM, Dov Murik wrote: > BlobVerifierLib will be used to verify blobs fetching them from QEMU's > firmware config (fw_cfg) in platforms that enable such verification. > > The null implementation NullBlobVerifierLib treats all blobs as valid. > > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Cc: Jordan Justen > Cc: Ashish Kalra > Cc: Brijesh Singh > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Min Xu > Cc: Tom Lendacky > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 > Signed-off-by: Dov Murik > --- > OvmfPkg/OvmfPkg.dec | 3 ++ > OvmfPkg/Library/BlobVerifierLib/NullBlobVerifierLib.inf | 27 ++++++++++++++ > OvmfPkg/Include/Library/BlobVerifierLib.h | 38 ++++++++++++++++++++ > OvmfPkg/Library/BlobVerifierLib/NullBlobVerifier.c | 34 ++++++++++++++++++ > 4 files changed, 102 insertions(+) > > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec > index 6ae733f6e39f..f82228d69cc2 100644 > --- a/OvmfPkg/OvmfPkg.dec > +++ b/OvmfPkg/OvmfPkg.dec > @@ -23,6 +23,9 @@ [LibraryClasses] > ## @libraryclass Access bhyve's firmware control interface. > BhyveFwCtlLib|Include/Library/BhyveFwCtlLib.h > > + ## @libraryclass Verify blobs read from the VMM > + BlobVerifierLib|Include/Library/BlobVerifierLib.h > + > ## @libraryclass Loads and boots a Linux kernel image > # > LoadLinuxLib|Include/Library/LoadLinuxLib.h > diff --git a/OvmfPkg/Library/BlobVerifierLib/NullBlobVerifierLib.inf b/OvmfPkg/Library/BlobVerifierLib/NullBlobVerifierLib.inf > new file mode 100644 > index 000000000000..c8942ad05d96 > --- /dev/null > +++ b/OvmfPkg/Library/BlobVerifierLib/NullBlobVerifierLib.inf > @@ -0,0 +1,27 @@ > +## @file > +# > +# Null implementation of the blob verifier library. > +# > +# Copyright (C) 2021, IBM Corp > +# > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION = 0x00010005 You can specify the INF_VERSION using x.y format now, and I believe the latest is 1.29. > + BASE_NAME = NullBlobVerifierLib Typically, the NULL libraries would be named BlobVerifierLibNull. > + FILE_GUID = b1b5533e-e01a-43bb-9e54-414f00ca036e > + MODULE_TYPE = BASE > + VERSION_STRING = 1.0 > + LIBRARY_CLASS = BlobVerifierLib > + > +[Sources] > + NullBlobVerifier.c > + > +[Packages] > + MdePkg/MdePkg.dec > + OvmfPkg/OvmfPkg.dec > + > +[LibraryClasses] > + DebugLib Is this library (and associated include below) needed? > diff --git a/OvmfPkg/Include/Library/BlobVerifierLib.h b/OvmfPkg/Include/Library/BlobVerifierLib.h > new file mode 100644 > index 000000000000..667024766681 > --- /dev/null > +++ b/OvmfPkg/Include/Library/BlobVerifierLib.h > @@ -0,0 +1,38 @@ > +/** @file > + > + Blob verification library > + > + This library class allows verifiying whether blobs from external sources > + (such as QEMU's firmware config) are trusted. > + > + Copyright (C) 2021, IBM Corporation > + > + SPDX-License-Identifier: BSD-2-Clause-Patent > +**/ > + > +#ifndef BLOB_VERIFIER_LIB_H__ > +#define BLOB_VERIFIER_LIB_H__ > + > +#include > +#include > + > +/** > + Verify blob from an external source. > + > + @param BlobName The name of the blob I believe this is supposed to be @param[in] > + @param Buf The data of the blob > + @param BufSize The size of the blob in bytes > + > + @retval EFI_SUCCESS The blob was verified successfully. > + @retval EFI_ACCESS_DENIED The blob could not be verified, and therefore > + should be considered non-secure. > +**/ > +EFI_STATUS > +EFIAPI > +VerifyBlob ( > + IN CONST CHAR16 *BlobName, > + IN CONST VOID *Buf, > + UINT32 BufSize Missing "IN" here (same below for these). Thanks, Tom > + ); > + > +#endif > diff --git a/OvmfPkg/Library/BlobVerifierLib/NullBlobVerifier.c b/OvmfPkg/Library/BlobVerifierLib/NullBlobVerifier.c > new file mode 100644 > index 000000000000..7b31b6ec767d > --- /dev/null > +++ b/OvmfPkg/Library/BlobVerifierLib/NullBlobVerifier.c > @@ -0,0 +1,34 @@ > +/** @file > + > + Null implementation of the blob verifier library. > + > + Copyright (C) 2021, IBM Corporation > + > + SPDX-License-Identifier: BSD-2-Clause-Patent > +**/ > + > +#include > +#include > +#include > + > +/** > + Verify blob from an external source. > + > + @param BlobName The name of the blob > + @param Buf The data of the blob > + @param BufSize The size of the blob in bytes > + > + @retval EFI_SUCCESS The blob was verified successfully. > + @retval EFI_ACCESS_DENIED The blob could not be verified, and therefore > + should be considered non-secure. > +**/ > +EFI_STATUS > +EFIAPI > +VerifyBlob ( > + IN CONST CHAR16 *BlobName, > + IN CONST VOID *Buf, > + UINT32 BufSize > + ) > +{ > + return EFI_SUCCESS; > +} >