From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web10.52981.1683213264453577006
 for <devel@edk2.groups.io>;
 Thu, 04 May 2023 08:14:24 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@ibm.com header.s=pp1 header.b=fyJYKgnt;
 spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: jejb@linux.ibm.com)
Received: from pps.filterd (m0356517.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 344F99Pp007305;
	Thu, 4 May 2023 15:14:16 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject :
 from : reply-to : to : cc : date : in-reply-to : references : content-type
 : mime-version : content-transfer-encoding; s=pp1;
 bh=oxav9KSIE518AxPCd5riQpw6l9pcx59QL22BYt4rONA=;
 b=fyJYKgntbAzt4suoknF/zbbPJaEy8fzdq1osXok8zbFBs5Wr8hldzidN4qaOKVyiEmUD
 5Y59jB4J9GwIwnDBI7AsG6yXnlCDqWbvK8SNYDhMduJdoAqnKdcaD2cmRlo7wz+mkQGA
 bWZ+mj1SwqmSrIJmKhWS9Z7zoYmHi99Q8q9buaaMcFAvqxvvKDTOZe55H/OkO5SUzq4Q
 PDLoVMyBDAQGiYBBeKrw0BVeg3tQsv8HcX2/gi7OyD8C4OtQUu27q8DBcuPu3jY+xvMx
 K1mXgG8cgJv9l0BB/pXKj+wh5hVGv4lU41bF3F06yCEuT/a1SdAlWmdu5gg7WXW83SQR Ww== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3qcec1snq4-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 04 May 2023 15:14:16 +0000
Received: from m0356517.ppops.net (m0356517.ppops.net [127.0.0.1])
	by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 344F9ViP009888;
	Thu, 4 May 2023 15:14:15 GMT
Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253])
	by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3qcec1snnm-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 04 May 2023 15:14:15 +0000
Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1])
	by ppma01wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 344CoZWd011874;
	Thu, 4 May 2023 15:14:14 GMT
Received: from smtprelay01.wdc07v.mail.ibm.com ([9.208.129.119])
	by ppma01wdc.us.ibm.com (PPS) with ESMTPS id 3q8tv824hk-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 04 May 2023 15:14:14 +0000
Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100])
	by smtprelay01.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 344FECPj35062350
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Thu, 4 May 2023 15:14:13 GMT
Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id BB9AC58064;
	Thu,  4 May 2023 15:14:12 +0000 (GMT)
Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id D876658058;
	Thu,  4 May 2023 15:14:10 +0000 (GMT)
Received: from [IPv6:2601:5c4:4302:c21::a774] (unknown [9.211.131.5])
	by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP;
	Thu,  4 May 2023 15:14:10 +0000 (GMT)
Message-ID: <9b85d94d2541e802aba58d25b9055b48984b6622.camel@linux.ibm.com>
Subject: Re: [edk2-devel] [PATCH 2/3] OvmfPkg/AmdSev: stop using PlatformBootManagerLibGrub
From: "James Bottomley" <jejb@linux.ibm.com>
Reply-To: jejb@linux.ibm.com
To: devel@edk2.groups.io, kraxel@redhat.com
Cc: Jiewen Yao <jiewen.yao@intel.com>, Erdem Aktas <erdemaktas@google.com>,
        Min Xu <min.m.xu@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>,
        Jordan
 Justen <jordan.l.justen@intel.com>,
        Stefan Berger <stefanb@linux.ibm.com>, Julien Grall <julien@xen.org>,
        Anthony Perard <anthony.perard@citrix.com>,
        =?ISO-8859-1?Q?Marc-Andr=E9?= Lureau <marcandre.lureau@redhat.com>,
        Ard
 Biesheuvel <ardb+tianocore@kernel.org>,
        Oliver Steffen
 <osteffen@redhat.com>,
        Pawel Polawski <ppolawsk@redhat.com>,
        Michael Roth
 <michael.roth@amd.com>
Date: Thu, 04 May 2023 11:14:09 -0400
In-Reply-To: <gjhnb2f6plr7mcfropglaqcfiwf7o7g2ody3vt4ksbdwbdsbxm@srtsuf77t6tb>
References: <20230504133251.1031341-1-kraxel@redhat.com>
	 <20230504133251.1031341-3-kraxel@redhat.com>
	 <b4722568547d54b15de4b592dcbd24755893ef88.camel@linux.ibm.com>
	 <gjhnb2f6plr7mcfropglaqcfiwf7o7g2ody3vt4ksbdwbdsbxm@srtsuf77t6tb>
User-Agent: Evolution 3.42.4 
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: B--pxP6xdtVhgbrcIzzXjx3Fzr0VX0rA
X-Proofpoint-ORIG-GUID: FxL7PZgJjSrIadS69AWofJmX78SZZ3Xl
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22
 definitions=2023-05-04_10,2023-05-04_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 lowpriorityscore=0 bulkscore=0 phishscore=0 mlxlogscore=999
 impostorscore=0 malwarescore=0 suspectscore=0 clxscore=1015 mlxscore=0
 adultscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2303200000 definitions=main-2305040124
X-MIME-Autoconverted: from 8bit to quoted-printable by mx0a-001b2d01.pphosted.com id 344F99Pp007305
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, 2023-05-04 at 17:08 +0200, Gerd Hoffmann wrote:
> On Thu, May 04, 2023 at 10:16:05AM -0400, James Bottomley wrote:
> > On Thu, 2023-05-04 at 15:32 +0200, Gerd Hoffmann wrote:
> > > Use PlatformBootManagerLib with PcdBootRestrictToFirmware
> > > set to TRUE instead.
> > >=20
> > > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > > ---
> > > =C2=A0OvmfPkg/AmdSev/AmdSevX64.dsc | 10 ++++++++--
> > > =C2=A01 file changed, 8 insertions(+), 2 deletions(-)
> > >=20
> > > diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc
> > > b/OvmfPkg/AmdSev/AmdSevX64.dsc
> > > index 943c4eed9831..b32049194d39 100644
> > > --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
> > > +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
> > > @@ -153,6 +153,7 @@ [LibraryClasses]
> > > =C2=A0=C2=A0
> > > UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriv
> > > erEntryPoint.inf
> > > =C2=A0=C2=A0
> > > UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoin
> > > t/UefiApplicationEntryPoint.inf
> > > =C2=A0=C2=A0
> > > DevicePathLib|MdePkg/Library/UefiDevicePathLibDevicePathProtocol/
> > > UefiDevicePathLibDevicePathProtocol.inf
> > > +=C2=A0 NvVarsFileLib|OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.i=
nf
> >=20
> > All additions apart from this look fine, but this one is a security
> > risk: EFI variables represent an unmeasured configuration for SEV
> > boot and, as such, can be used to influence the boot and
> > potentially reveal boot secrets, so the AmdSevPkg was designed to
> > have read only EFI variables that couldn't be subject to outside
> > influence.
>=20
> NvVarsFileLib gets disabled already case PcdSecureBootSupported is
> set. Is that good enough?=C2=A0 If not I can extend that to also check
> PcdBootRestrictToFirmware.

I think pcd disabling is good enough, although usually secure boot
isn't enabled for this (problem sharing the signing key if the
variables have to be fixed inside the OVMF file), so it would need to
be a more universal PCD.  What we need to prevent is the addition of a
file on the edk2 partition (which is unencrypted) from being able to
influence the boot configuration.

James