From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web11.3079.1670616539337040056 for ; Fri, 09 Dec 2022 12:08:59 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OMC9z4nl; spf=pass (domain: kernel.org, ip: 145.40.68.75, mailfrom: ardb@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 5C423B82910 for ; Fri, 9 Dec 2022 20:08:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0E5EAC433EF for ; Fri, 9 Dec 2022 20:08:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1670616536; bh=kAgY/PLNdmJ6dU9bzDC3znYhI2FbZf6izxDZ3LBDX6Y=; h=References:In-Reply-To:From:Date:Subject:To:From; b=OMC9z4nlX4YIRxeHTwAOyjzGoE8fTkMFEmtILIbRJPHsAG2FI1/ExkV01vHmGWR80 WxnENew3yLw6NhYWIjJehLvvnmDdG4liWab9Prf2mbNw0A5P4HVcxnVvp4i/Vh3NcY wpUboSrm9OaMy0W9zwYeFfpmhqVVj6Mb7SBqQb6dhnYZKxV+lQ2SoeO5dH6ZA2Xahf gB61ixRRW6hBYOW9jEB1zSkW0DcnjGJE4OyF5kCAKzRNo3SSoQJ7k1grow7f9+zxAp 21mwRuUv5uSaqLhg2GACwSk2jGdUkUjpgmbe5QhCoVpkrvfnUzzkkX60IorVLyD17n mUlMJbCh44lCg== Received: by mail-lj1-f182.google.com with SMTP id x11so6062382ljh.7 for ; Fri, 09 Dec 2022 12:08:55 -0800 (PST) X-Gm-Message-State: ANoB5pmp6hJ1/lFmLmWR8xJOblyOmzwjyW5Z3d9cXyaBqXw3fWc8Q3kv Id8f2bp76lViA6SgDY5ZUlK5ne1RM0rlBJLw8ok= X-Google-Smtp-Source: AA0mqf4Y5nEvJEuAP+x6vYG2/1XtVZt2rK+Ea5SBbaPrnaVHusDd8ayaiAeHkE4iB59C67BbkfBZ2YWOCY1Zf9eL+rU= X-Received: by 2002:a05:651c:1601:b0:277:3a1:e86d with SMTP id f1-20020a05651c160100b0027703a1e86dmr27020772ljq.152.1670616533953; Fri, 09 Dec 2022 12:08:53 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: "Ard Biesheuvel" Date: Fri, 9 Dec 2022 21:08:42 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [edk2-devel] [PATCH] OvmfPkg/PlatformPei: Validate SEC's GHCB page To: devel@edk2.groups.io, acdunlap@google.com Content-Type: text/plain; charset="UTF-8" On Fri, 9 Dec 2022 at 07:41, Adam Dunlap via groups.io wrote: > > When running under SEV-ES, a page of shared memory is allocated for the > GHCB during the SEC phase at address 0x809000. This page of memory is > eventually passed to the OS as EfiConventionalMemory. When running > SEV-SNP, this page is not PVALIDATE'd in the RMP table, meaning that if > the guest OS tries to access the page, it will think that the host has > voilated the security guarantees and will likely crash. > > This patch validates this page immediately after EDK2 switches to using > the GHCB page allocated for the PEI phase. > > This was tested by writing a UEFI application that reads to and writes > from one bytes of each page of memory and checks to see if a #VC > exception is generated indicating that the page was not validated. > > Signed-off-by: Adam Dunlap > --- > OvmfPkg/PlatformPei/AmdSev.c | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) > > diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c > index e1b9fd9b7f..c465732068 100644 > --- a/OvmfPkg/PlatformPei/AmdSev.c > +++ b/OvmfPkg/PlatformPei/AmdSev.c > @@ -206,6 +206,7 @@ AmdSevEsInitialize ( > { > UINT8 *GhcbBase; > PHYSICAL_ADDRESS GhcbBasePa; > + PHYSICAL_ADDRESS PrevGhcbPa; > UINTN GhcbPageCount; > UINT8 *GhcbBackupBase; > UINT8 *GhcbBackupPages; > @@ -293,8 +294,24 @@ AmdSevEsInitialize ( > GhcbRegister (GhcbBasePa); > } > > + PrevGhcbPa = AsmReadMsr64 (MSR_SEV_ES_GHCB); > + > AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa); > > + // > + // Now that the PEI GHCB is set up, the SEC GHCB page is no longer necessary > + // to keep shared. Later, it is exposed to the OS as EfiConventionalMemory, so > + // it needs to be marked private. The size of the region is hardcoded in > + // OvmfPkg/ResetVector/ResetVector.nasmb in the definition of > + // SNP_SEC_MEM_BASE_DESC_2. > + // > + ASSERT (PrevGhcbPa == FixedPcdGet32(PcdOvmfSecGhcbBase)); > + > + ASSERT_RETURN_ERROR(MemEncryptSevSetPageEncMask( > + 0 /*Cr3 -- use system Cr3*/, > + PrevGhcbPa, > + 1 /*Number of pages*/)); > + What happens to this call when ASSERT()s are compiled out?