From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web10.52981.1683213264453577006 for ; Thu, 04 May 2023 08:14:24 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@ibm.com header.s=pp1 header.b=fyJYKgnt; spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: jejb@linux.ibm.com) Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 344F99Pp007305; Thu, 4 May 2023 15:14:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : reply-to : to : cc : date : in-reply-to : references : content-type : mime-version : content-transfer-encoding; s=pp1; bh=oxav9KSIE518AxPCd5riQpw6l9pcx59QL22BYt4rONA=; b=fyJYKgntbAzt4suoknF/zbbPJaEy8fzdq1osXok8zbFBs5Wr8hldzidN4qaOKVyiEmUD 5Y59jB4J9GwIwnDBI7AsG6yXnlCDqWbvK8SNYDhMduJdoAqnKdcaD2cmRlo7wz+mkQGA bWZ+mj1SwqmSrIJmKhWS9Z7zoYmHi99Q8q9buaaMcFAvqxvvKDTOZe55H/OkO5SUzq4Q PDLoVMyBDAQGiYBBeKrw0BVeg3tQsv8HcX2/gi7OyD8C4OtQUu27q8DBcuPu3jY+xvMx K1mXgG8cgJv9l0BB/pXKj+wh5hVGv4lU41bF3F06yCEuT/a1SdAlWmdu5gg7WXW83SQR Ww== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3qcec1snq4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 04 May 2023 15:14:16 +0000 Received: from m0356517.ppops.net (m0356517.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 344F9ViP009888; Thu, 4 May 2023 15:14:15 GMT Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3qcec1snnm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 04 May 2023 15:14:15 +0000 Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 344CoZWd011874; Thu, 4 May 2023 15:14:14 GMT Received: from smtprelay01.wdc07v.mail.ibm.com ([9.208.129.119]) by ppma01wdc.us.ibm.com (PPS) with ESMTPS id 3q8tv824hk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 04 May 2023 15:14:14 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay01.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 344FECPj35062350 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 4 May 2023 15:14:13 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BB9AC58064; Thu, 4 May 2023 15:14:12 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D876658058; Thu, 4 May 2023 15:14:10 +0000 (GMT) Received: from [IPv6:2601:5c4:4302:c21::a774] (unknown [9.211.131.5]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Thu, 4 May 2023 15:14:10 +0000 (GMT) Message-ID: <9b85d94d2541e802aba58d25b9055b48984b6622.camel@linux.ibm.com> Subject: Re: [edk2-devel] [PATCH 2/3] OvmfPkg/AmdSev: stop using PlatformBootManagerLibGrub From: "James Bottomley" Reply-To: jejb@linux.ibm.com To: devel@edk2.groups.io, kraxel@redhat.com Cc: Jiewen Yao , Erdem Aktas , Min Xu , Tom Lendacky , Jordan Justen , Stefan Berger , Julien Grall , Anthony Perard , =?ISO-8859-1?Q?Marc-Andr=E9?= Lureau , Ard Biesheuvel , Oliver Steffen , Pawel Polawski , Michael Roth Date: Thu, 04 May 2023 11:14:09 -0400 In-Reply-To: References: <20230504133251.1031341-1-kraxel@redhat.com> <20230504133251.1031341-3-kraxel@redhat.com> User-Agent: Evolution 3.42.4 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: B--pxP6xdtVhgbrcIzzXjx3Fzr0VX0rA X-Proofpoint-ORIG-GUID: FxL7PZgJjSrIadS69AWofJmX78SZZ3Xl X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-05-04_10,2023-05-04_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 lowpriorityscore=0 bulkscore=0 phishscore=0 mlxlogscore=999 impostorscore=0 malwarescore=0 suspectscore=0 clxscore=1015 mlxscore=0 adultscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000 definitions=main-2305040124 X-MIME-Autoconverted: from 8bit to quoted-printable by mx0a-001b2d01.pphosted.com id 344F99Pp007305 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, 2023-05-04 at 17:08 +0200, Gerd Hoffmann wrote: > On Thu, May 04, 2023 at 10:16:05AM -0400, James Bottomley wrote: > > On Thu, 2023-05-04 at 15:32 +0200, Gerd Hoffmann wrote: > > > Use PlatformBootManagerLib with PcdBootRestrictToFirmware > > > set to TRUE instead. > > >=20 > > > Signed-off-by: Gerd Hoffmann > > > --- > > > =C2=A0OvmfPkg/AmdSev/AmdSevX64.dsc | 10 ++++++++-- > > > =C2=A01 file changed, 8 insertions(+), 2 deletions(-) > > >=20 > > > diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc > > > b/OvmfPkg/AmdSev/AmdSevX64.dsc > > > index 943c4eed9831..b32049194d39 100644 > > > --- a/OvmfPkg/AmdSev/AmdSevX64.dsc > > > +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc > > > @@ -153,6 +153,7 @@ [LibraryClasses] > > > =C2=A0=C2=A0 > > > UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriv > > > erEntryPoint.inf > > > =C2=A0=C2=A0 > > > UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoin > > > t/UefiApplicationEntryPoint.inf > > > =C2=A0=C2=A0 > > > DevicePathLib|MdePkg/Library/UefiDevicePathLibDevicePathProtocol/ > > > UefiDevicePathLibDevicePathProtocol.inf > > > +=C2=A0 NvVarsFileLib|OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.i= nf > >=20 > > All additions apart from this look fine, but this one is a security > > risk: EFI variables represent an unmeasured configuration for SEV > > boot and, as such, can be used to influence the boot and > > potentially reveal boot secrets, so the AmdSevPkg was designed to > > have read only EFI variables that couldn't be subject to outside > > influence. >=20 > NvVarsFileLib gets disabled already case PcdSecureBootSupported is > set. Is that good enough?=C2=A0 If not I can extend that to also check > PcdBootRestrictToFirmware. I think pcd disabling is good enough, although usually secure boot isn't enabled for this (problem sharing the signing key if the variables have to be fixed inside the OVMF file), so it would need to be a more universal PCD. What we need to prevent is the addition of a file on the edk2 partition (which is unencrypted) from being able to influence the boot configuration. James