* Re: [edk2-devel] [PATCH v2 0/9] Migrate Pointer from flash to permanent memory (CVE-2019-11098) [not found] <161DD7A1BBA5A0CB.10798@groups.io> @ 2020-07-02 5:21 ` Guomin Jiang 0 siblings, 0 replies; 2+ messages in thread From: Guomin Jiang @ 2020-07-02 5:21 UTC (permalink / raw) To: devel@edk2.groups.io, Jiang, Guomin Cc: Wang, Jian J, Wu, Hao A, Bi, Dandan, Gao, Liming, De, Debkumar, Han, Harry, West, Catharine, Dong, Eric, Ni, Ray, Laszlo Ersek, Kumar, Rahul1, Yao, Jiewen, Zhang, Chao B, Zhang, Qi1 Hi everybody, I am sorry for bothering you, I just want to reminder you that I want catch those change up next stable tag. So I hope that you can give me some comments or reviewed-by. Appreciate it. > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Guomin > Jiang > Sent: Thursday, July 2, 2020 1:15 PM > To: devel@edk2.groups.io > Cc: Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A > <hao.a.wu@intel.com>; Bi, Dandan <dandan.bi@intel.com>; Gao, Liming > <liming.gao@intel.com>; De, Debkumar <debkumar.de@intel.com>; Han, > Harry <harry.han@intel.com>; West, Catharine <catharine.west@intel.com>; > Dong, Eric <eric.dong@intel.com>; Ni, Ray <ray.ni@intel.com>; Laszlo Ersek > <lersek@redhat.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>; Yao, > Jiewen <jiewen.yao@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>; > Zhang, Qi1 <qi1.zhang@intel.com> > Subject: [edk2-devel] [PATCH v2 0/9] Migrate Pointer from flash to > permanent memory (CVE-2019-11098) > > The TOCTOU vulnerability allow that the physical present person to replace > the code with the normal BootGuard check and PCR0 value. > The issue occur when BootGuard measure IBB and access flash code after > NEM disable. > the reason why we access the flash code is that we have some pointer to > flash. > To avoid this vulnerability, we need to convert those pointers, the patch > series do this work and make sure that no code will access flash address. > > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Hao A Wu <hao.a.wu@intel.com> > Cc: Dandan Bi <dandan.bi@intel.com> > Cc: Liming Gao <liming.gao@intel.com> > Cc: Debkumar De <debkumar.de@intel.com> > Cc: Harry Han <harry.han@intel.com> > Cc: Catharine West <catharine.west@intel.com> > Cc: Eric Dong <eric.dong@intel.com> > Cc: Ray Ni <ray.ni@intel.com> > Cc: Laszlo Ersek <lersek@redhat.com> > Cc: Rahul Kumar <rahul1.kumar@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Chao Zhang <chao.b.zhang@intel.com> > Cc: Qi Zhang <qi1.zhang@intel.com> > > Guomin Jiang (5): > MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash > (CVE-2019-11098) > SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash > (CVE-2019-11098) > MdeModulePkg/Core: Add switch to enable or disable TOCTOU feature > (CVE-2019-11098) > UefiCpuPkg/SecMigrationPei: Add switch to control if produce PPI > (CVE-2019-11098) > UefiCpuPkg/CpuMpPei: Enable paging and set NP flag to avoid TOCTOU > (CVE-2019-11098) > > Jian J Wang (1): > MdeModulePkg/DxeIplPeim: Register for shadow on S3 shadowed boot > (CVE-2019-11098) > > Michael Kubacki (3): > MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore > (CVE-2019-11098) > UefiCpuPkg/CpuMpPei: Add GDT and IDT migration support > (CVE-2019-11098) > UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098) > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 + > MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 2 +- > MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 417 > ++++++++++++++++++ > MdeModulePkg/Core/Pei/Image/Image.c | 115 +++++ > MdeModulePkg/Core/Pei/Memory/MemoryServices.c | 82 ++++ > MdeModulePkg/Core/Pei/PeiMain.h | 169 +++++++ > MdeModulePkg/Core/Pei/PeiMain.inf | 3 + > MdeModulePkg/Core/Pei/PeiMain/PeiMain.c | 17 + > MdeModulePkg/Core/Pei/Ppi/Ppi.c | 287 ++++++++++++ > MdeModulePkg/Include/Guid/MigratedFvInfo.h | 22 + > MdeModulePkg/MdeModulePkg.dec | 8 + > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 31 +- > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 + > UefiCpuPkg/CpuMpPei/CpuMpPei.c | 40 +- > UefiCpuPkg/CpuMpPei/CpuMpPei.h | 13 + > UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 3 + > UefiCpuPkg/CpuMpPei/CpuPaging.c | 31 +- > UefiCpuPkg/Include/Ppi/RepublishSecPpi.h | 54 +++ > .../Ia32/ArchExceptionHandler.c | 4 +- > .../SecPeiCpuException.c | 2 +- > UefiCpuPkg/SecCore/SecCore.inf | 2 + > UefiCpuPkg/SecCore/SecMain.c | 26 +- > UefiCpuPkg/SecCore/SecMain.h | 1 + > UefiCpuPkg/SecMigrationPei/SecMigrationPei.c | 374 ++++++++++++++++ > UefiCpuPkg/SecMigrationPei/SecMigrationPei.h | 170 +++++++ > .../SecMigrationPei/SecMigrationPei.inf | 68 +++ > .../SecMigrationPei/SecMigrationPei.uni | 13 + > UefiCpuPkg/UefiCpuPkg.dec | 4 + > UefiCpuPkg/UefiCpuPkg.dsc | 1 + > 29 files changed, 1947 insertions(+), 16 deletions(-) create mode 100644 > MdeModulePkg/Include/Guid/MigratedFvInfo.h > create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni > > -- > 2.25.1.windows.1 > > > ^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH v2 0/9] Migrate Pointer from flash to permanent memory (CVE-2019-11098)
@ 2020-07-02 5:15 Guomin Jiang
2020-07-03 14:06 ` [edk2-devel] " Laszlo Ersek
0 siblings, 1 reply; 2+ messages in thread
From: Guomin Jiang @ 2020-07-02 5:15 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Hao A Wu, Dandan Bi, Liming Gao, Debkumar De,
Harry Han, Catharine West, Eric Dong, Ray Ni, Laszlo Ersek,
Rahul Kumar, Jiewen Yao, Chao Zhang, Qi Zhang
The TOCTOU vulnerability allow that the physical present person to replace the code with the normal BootGuard check and PCR0 value.
The issue occur when BootGuard measure IBB and access flash code after NEM disable.
the reason why we access the flash code is that we have some pointer to flash.
To avoid this vulnerability, we need to convert those pointers, the patch series do this work and make sure that no code will access flash address.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Harry Han <harry.han@intel.com>
Cc: Catharine West <catharine.west@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Guomin Jiang (5):
MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash
(CVE-2019-11098)
SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash
(CVE-2019-11098)
MdeModulePkg/Core: Add switch to enable or disable TOCTOU feature
(CVE-2019-11098)
UefiCpuPkg/SecMigrationPei: Add switch to control if produce PPI
(CVE-2019-11098)
UefiCpuPkg/CpuMpPei: Enable paging and set NP flag to avoid TOCTOU
(CVE-2019-11098)
Jian J Wang (1):
MdeModulePkg/DxeIplPeim: Register for shadow on S3 shadowed boot
(CVE-2019-11098)
Michael Kubacki (3):
MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore
(CVE-2019-11098)
UefiCpuPkg/CpuMpPei: Add GDT and IDT migration support
(CVE-2019-11098)
UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098)
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 +
MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 2 +-
MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 417 ++++++++++++++++++
MdeModulePkg/Core/Pei/Image/Image.c | 115 +++++
MdeModulePkg/Core/Pei/Memory/MemoryServices.c | 82 ++++
MdeModulePkg/Core/Pei/PeiMain.h | 169 +++++++
MdeModulePkg/Core/Pei/PeiMain.inf | 3 +
MdeModulePkg/Core/Pei/PeiMain/PeiMain.c | 17 +
MdeModulePkg/Core/Pei/Ppi/Ppi.c | 287 ++++++++++++
MdeModulePkg/Include/Guid/MigratedFvInfo.h | 22 +
MdeModulePkg/MdeModulePkg.dec | 8 +
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 31 +-
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 +
UefiCpuPkg/CpuMpPei/CpuMpPei.c | 40 +-
UefiCpuPkg/CpuMpPei/CpuMpPei.h | 13 +
UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 3 +
UefiCpuPkg/CpuMpPei/CpuPaging.c | 31 +-
UefiCpuPkg/Include/Ppi/RepublishSecPpi.h | 54 +++
.../Ia32/ArchExceptionHandler.c | 4 +-
.../SecPeiCpuException.c | 2 +-
UefiCpuPkg/SecCore/SecCore.inf | 2 +
UefiCpuPkg/SecCore/SecMain.c | 26 +-
UefiCpuPkg/SecCore/SecMain.h | 1 +
UefiCpuPkg/SecMigrationPei/SecMigrationPei.c | 374 ++++++++++++++++
UefiCpuPkg/SecMigrationPei/SecMigrationPei.h | 170 +++++++
.../SecMigrationPei/SecMigrationPei.inf | 68 +++
.../SecMigrationPei/SecMigrationPei.uni | 13 +
UefiCpuPkg/UefiCpuPkg.dec | 4 +
UefiCpuPkg/UefiCpuPkg.dsc | 1 +
29 files changed, 1947 insertions(+), 16 deletions(-)
create mode 100644 MdeModulePkg/Include/Guid/MigratedFvInfo.h
create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h
create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c
create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h
create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni
--
2.25.1.windows.1
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [edk2-devel] [PATCH v2 0/9] Migrate Pointer from flash to permanent memory (CVE-2019-11098) 2020-07-02 5:15 Guomin Jiang @ 2020-07-03 14:06 ` Laszlo Ersek 0 siblings, 0 replies; 2+ messages in thread From: Laszlo Ersek @ 2020-07-03 14:06 UTC (permalink / raw) To: devel, guomin.jiang, Michael Kubacki Cc: Jian J Wang, Hao A Wu, Dandan Bi, Liming Gao, Debkumar De, Harry Han, Catharine West, Eric Dong, Ray Ni, Rahul Kumar, Jiewen Yao, Chao Zhang, Qi Zhang, Ard Biesheuvel (ARM address) Hi, I'm adding Michael Kubacki's new email address to the "To:" list, as Michael has authored a significant portion of this code, plus he seems to have contributed a large part of the design, in <https://bugzilla.tianocore.org/show_bug.cgi?id=1614>. Also CC'ing Ard. Comments below. On 07/02/20 07:15, Guomin Jiang wrote: > The TOCTOU vulnerability allow that the physical present person to replace the code with the normal BootGuard check and PCR0 value. > The issue occur when BootGuard measure IBB and access flash code after NEM disable. > the reason why we access the flash code is that we have some pointer to flash. > To avoid this vulnerability, we need to convert those pointers, the patch series do this work and make sure that no code will access flash address. I've now read through the comments in <https://bugzilla.tianocore.org/show_bug.cgi?id=1614>, and I've also checked the slides at: [1] https://conference.hitb.org/hitbsecconf2019ams/sessions/now-you-see-it-toctou-attacks-against-secure-boot-and-bootguard/ https://conference.hitb.org/hitbsecconf2019ams/materials/D1T1%20-%20Toctou%20Attacks%20Against%20Secure%20Boot%20-%20Trammell%20Hudson%20&%20Peter%20Bosch.pdf My understanding is that this vulnerability (and fix) do not apply to virtualization, or even most other emulation platforms (such as EmulatorPkg). Therefore I'm requesting that the approach seen in this patch series be reversed, as follows. * The patch v3 #1 should introduce the new PCD called "PcdMigrateTemporaryRamFirmwareVolumes". (Currently: patch v2 #7.) The comments in the DEC file (and in the UNI file) should *very* clearly explain what the PCD controls. It should provide a *concise* description of the entire feature. The default value of the PCD should be TRUE. * The next patches in the series (v3 patches #2, #3, #4) should set the PCD to FALSE in at least the following platform DSC files: - ArmVirtPkg [v3 #2] - EmulatorPkg [v3 #3], - OvmfPkg [v3 #4]. The commit messages on these patches should explain that the vulnerability simply doesn't exist on those platforms, as BootGuard is undefined on them in the first place. "CAR" (Cache-As-RAM) is also undefined on them. In particular, slide #8 in the presentation, titled "Chain of Trust (simplified)", presents two "cascades" (sub-chains of trust). My understanding is that the attack targets the left hand side cascade ("Fused OEM key", "Signed by Intel"). And that cascade doesn't seem to exist at all on virtualized platforms. Furthermore, the abstract at [1] writes, "These protections are supposed to be secure against physical attacks on the SPI flash" foreshadowing that the attack is indeed a physical machine attack. Doesn't apply to virtualization. Therefore both the attack and the mitigation appear moot, on virtual platforms. This should be stated in the commit messages of v3 patches #2, #3, #4. * Patch v3 #5 should be the current (v2) patch #1, namely: MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore This patch should *immediately* depend on "PcdMigrateTemporaryRamFirmwareVolumes". That is, please let's not introduce the feature first as unconditionally active, and then gate it on "PcdMigrateTemporaryRamFirmwareVolumes" separately. The feature should honor "PcdMigrateTemporaryRamFirmwareVolumes" right off the bat. Technically, this more or less means squashing part of patch v2 #7 into v2 #1. The commit message should point out that EvacuateTempRam() is never called if "PcdMigrateTemporaryRamFirmwareVolumes" is FALSE. * I've made the rest of my comments under the individual patches. Thanks, Laszlo > > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Hao A Wu <hao.a.wu@intel.com> > Cc: Dandan Bi <dandan.bi@intel.com> > Cc: Liming Gao <liming.gao@intel.com> > Cc: Debkumar De <debkumar.de@intel.com> > Cc: Harry Han <harry.han@intel.com> > Cc: Catharine West <catharine.west@intel.com> > Cc: Eric Dong <eric.dong@intel.com> > Cc: Ray Ni <ray.ni@intel.com> > Cc: Laszlo Ersek <lersek@redhat.com> > Cc: Rahul Kumar <rahul1.kumar@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Chao Zhang <chao.b.zhang@intel.com> > Cc: Qi Zhang <qi1.zhang@intel.com> > > Guomin Jiang (5): > MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash > (CVE-2019-11098) > SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash > (CVE-2019-11098) > MdeModulePkg/Core: Add switch to enable or disable TOCTOU feature > (CVE-2019-11098) > UefiCpuPkg/SecMigrationPei: Add switch to control if produce PPI > (CVE-2019-11098) > UefiCpuPkg/CpuMpPei: Enable paging and set NP flag to avoid TOCTOU > (CVE-2019-11098) > > Jian J Wang (1): > MdeModulePkg/DxeIplPeim: Register for shadow on S3 shadowed boot > (CVE-2019-11098) > > Michael Kubacki (3): > MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore > (CVE-2019-11098) > UefiCpuPkg/CpuMpPei: Add GDT and IDT migration support > (CVE-2019-11098) > UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098) > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 + > MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 2 +- > MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 417 ++++++++++++++++++ > MdeModulePkg/Core/Pei/Image/Image.c | 115 +++++ > MdeModulePkg/Core/Pei/Memory/MemoryServices.c | 82 ++++ > MdeModulePkg/Core/Pei/PeiMain.h | 169 +++++++ > MdeModulePkg/Core/Pei/PeiMain.inf | 3 + > MdeModulePkg/Core/Pei/PeiMain/PeiMain.c | 17 + > MdeModulePkg/Core/Pei/Ppi/Ppi.c | 287 ++++++++++++ > MdeModulePkg/Include/Guid/MigratedFvInfo.h | 22 + > MdeModulePkg/MdeModulePkg.dec | 8 + > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 31 +- > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 + > UefiCpuPkg/CpuMpPei/CpuMpPei.c | 40 +- > UefiCpuPkg/CpuMpPei/CpuMpPei.h | 13 + > UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 3 + > UefiCpuPkg/CpuMpPei/CpuPaging.c | 31 +- > UefiCpuPkg/Include/Ppi/RepublishSecPpi.h | 54 +++ > .../Ia32/ArchExceptionHandler.c | 4 +- > .../SecPeiCpuException.c | 2 +- > UefiCpuPkg/SecCore/SecCore.inf | 2 + > UefiCpuPkg/SecCore/SecMain.c | 26 +- > UefiCpuPkg/SecCore/SecMain.h | 1 + > UefiCpuPkg/SecMigrationPei/SecMigrationPei.c | 374 ++++++++++++++++ > UefiCpuPkg/SecMigrationPei/SecMigrationPei.h | 170 +++++++ > .../SecMigrationPei/SecMigrationPei.inf | 68 +++ > .../SecMigrationPei/SecMigrationPei.uni | 13 + > UefiCpuPkg/UefiCpuPkg.dec | 4 + > UefiCpuPkg/UefiCpuPkg.dsc | 1 + > 29 files changed, 1947 insertions(+), 16 deletions(-) > create mode 100644 MdeModulePkg/Include/Guid/MigratedFvInfo.h > create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni > ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-07-03 14:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <161DD7A1BBA5A0CB.10798@groups.io>
2020-07-02 5:21 ` [edk2-devel] [PATCH v2 0/9] Migrate Pointer from flash to permanent memory (CVE-2019-11098) Guomin Jiang
2020-07-02 5:15 Guomin Jiang
2020-07-03 14:06 ` [edk2-devel] " Laszlo Ersek
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox