From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web12.4614.1650377199825347183 for ; Tue, 19 Apr 2022 07:06:40 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=l1NY66bd; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1650377199; x=1681913199; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=wK1NTFrqv1Z4JowX019u5JDBZUUZvq85FQw46p/3oeg=; b=l1NY66bdiFV0nmV6klq8In/w/E4nfagYFJB4SbyJkvjnlXDaG1vErayv PcfNTDqpIvhlI7BNeLAiOOctMeP+XYSvpGOW45YoCRfyXQy7wgd0ceiV9 cXZq1c5aZCsdNHOJ1eTlYcaSYlYYEyCdofAmrpZqskew1fJ6TjbZZaz7A T9XnH5hbDfoD8ZpKuPEqh2XLVFFN7Vc8BCQlUey9BU5bVpOYKFnd82DZ2 aCJ41bAS7nr9KvV7A1yAGlkQGpFGW6W/4R8igV59381TgYfs0W8Rws8HK MQyFacZVc42h22GnH5/60SvtmfEN8N91cVOn5WOjePcyDQzTSrdnYI8A/ A==; X-IronPort-AV: E=McAfee;i="6400,9594,10322"; a="262630652" X-IronPort-AV: E=Sophos;i="5.90,272,1643702400"; d="scan'208";a="262630652" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2022 07:06:39 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,272,1643702400"; d="scan'208";a="727078325" Received: from fmsmsx606.amr.corp.intel.com ([10.18.126.86]) by orsmga005.jf.intel.com with ESMTP; 19 Apr 2022 07:06:38 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx606.amr.corp.intel.com (10.18.126.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Tue, 19 Apr 2022 07:06:38 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Tue, 19 Apr 2022 07:06:38 -0700 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.170) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Tue, 19 Apr 2022 07:06:37 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ico7qLuSuolaO+jccOuE/jI3OmYm4k6+tOT2WXM7WbAejHFrKzgGTqTKTB8tTwsIt1aKyxfE7/1MWCFhBnqlXaab6sys7sXaZK7KwawYhb9xb92uAhsNx3zFCFUX9zw0JY8qm5lAJzJviGzth8tFUSgkD2YLHDCTMYGXGQXYgwohcSambd8T635PrQpog9jCL6xDyezi9fuh1eOEbIrNRRvyPuTk7kg6s7MvU++Gt9i5NCWX6KU14pv5mtoIh9K5n66dHgNb10M+kCs2t+zniS5pF1IXRLaabDPVCBDFaYZKR1RNuolRSda0foMKdOvUXAmbGn/rf7F1iA9DBa5+/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WjE/wQmsh1KRSB4VK/2nmtE2I59JEV9XfOz7n9cxo8k=; b=DLfjCZn2fo+D+VVYNEJcMqqImDFcgsXc49CrxY28PsLTlgZpmF7Q6Om3c6N9rloRl1kP1fEMM5uyPMUbwwC1T+o3bvqkA6BVHwh6UrjtCt1FilVZIsP1duJ/ymDR1RhdxsVcSKUl4jnIA8uzGUSN1c09b8ZO6I7tantuogbSRMlPqhMgX6RJt507DFa05m5DVHcZP6E+ByaTuZYSDr0qxufmgOx1WK0rNW366tBH1U9yunKCm1/K7YzAGBBWBCDyLZn9bq9ui2p1M5CCNsvpaSek5BMFDQGSEM5Mp72GHQSUq2F5ryimoLZaxv1gRaNeIP7VIJ6b8P7wx+HUbZYQpA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by MN2PR11MB3855.namprd11.prod.outlook.com (2603:10b6:208:f6::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20; Tue, 19 Apr 2022 14:06:35 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::d55d:28c1:bfab:3dd]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::d55d:28c1:bfab:3dd%5]) with mapi id 15.20.5186.013; Tue, 19 Apr 2022 14:06:35 +0000 From: "Yao, Jiewen" To: Gerd Hoffmann , "devel@edk2.groups.io" , "Xu, Min M" CC: Ard Biesheuvel , "Justen, Jordan L" , Brijesh Singh , "Aktas, Erdem" , James Bottomley , "Tom Lendacky" Subject: Re: [edk2-devel] [PATCH V3 5/9] OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV Thread-Topic: [edk2-devel] [PATCH V3 5/9] OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV Thread-Index: AQHYU95iMIYlb1sFBkiJhG2nbXFPI6z3L/KAgAAUaWA= Date: Tue, 19 Apr 2022 14:06:35 +0000 Message-ID: References: <1992c4538efeb3cd3d2e53bd02f2dd24663e9825.1650239544.git.min.m.xu@intel.com> <20220419065851.mwjpm6jaeu3zudjk@sirius.home.kraxel.org> <20220419124901.idh7zaff3os6532f@sirius.home.kraxel.org> In-Reply-To: <20220419124901.idh7zaff3os6532f@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.401.20 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: eca7968f-d68d-4524-38ad-08da220dd080 x-ms-traffictypediagnostic: MN2PR11MB3855:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 7G6dgl/hdVRXNEB3+MYG3NQWfiu9vBe7QpPDmJFBb1/qulbzGGqqqqHYV9jcawRTZQ/o5rZxi/lJOgBpSJZ2HmHbwhHUyCuAbG6IFlhep3TXx5dp7qrsvxVTgnfy483c2Vb8WS4YZtzGc5A96xX4VcHhQatAGtnsYOGsBirTbD+Qs6b8wAZOIe0fA/7gkP2nODWfc3lbnaqinp/gJBg54AKT/+y+/GJbiXc9mTnEODtXicb2NUWTqgm1Tnyj3FfaUc4NGz5MpQupclKcznaSQdTVLyOG6WrwFye2xT9TfgiXjn7S+h6m2knscJ/FdAw2S9tWwhD6BkgGzFoEoyEKwqdBs3VzrQpWFRwmWu1yLU+locxOHaFjXy3LbQy2h2DrWJftMsykult9zmxfdb8msk8qvA/cFfO0K0W9Lbj31etjIN8iVDFh555pUNuaBUNcK1E6WMjZZ4/PnfbcAuAI+v+NIboRk3LJLyvQiuGVGv6om44WaiZdRGwXRARWmOdDs9QFfvrupNfejF6+JqYBxhNjbY/+oRRZ0lGyNJkP9sNJM6EhufxvebMpEj3/ZJ55/Ke+adR12zdQw9Q7vR7adc5RNeSyqdWxJEvpGulAQXsgRPmOVIfIBVvLFTpTTKtzejxSAEARqy06lKGlhFRK1wpOJ3tHJ1uGUrMMQbX5H9QK+KGuQxL/A/9clSKv7bMByWTC2tJX2YKVZqkS4xuGuoy4FcYIz/s5AoZiZrAO7lWatPhVzMamwGyKTWez8mP8Br9goVHWQFkb0x68GzmhFOxdtMxyHGEBwb+HCmaluYw= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(52536014)(71200400001)(9686003)(82960400001)(33656002)(5660300002)(4326008)(966005)(86362001)(8936002)(53546011)(66476007)(122000001)(66446008)(6506007)(8676002)(66946007)(38100700002)(76116006)(7696005)(64756008)(508600001)(38070700005)(2906002)(316002)(6636002)(186003)(26005)(55016003)(54906003)(83380400001)(110136005)(66556008);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?mljE1B4h1dwvuXzDxTwFA4XNvDaq1NAM8qb4C/oCiNiyfgyvNNeh6m9e7ZZL?= =?us-ascii?Q?WT4VeR1BSO0BS5XfMEaHD6pADaaOz40GNtwCgJN8cf5FeJ6hi4uj1cuwL1D4?= =?us-ascii?Q?6DCtJ1rks9spV3wZ3Go2fZOn99rFVWoA2WWOYqmSK7HqlAwiukQ2sJbPxF2q?= =?us-ascii?Q?c8//xtkPvebKnI0EIruNsXByzGT8e+khCWS+joPF8XxKBXSb3JuAVRQe8r/j?= =?us-ascii?Q?qh/9OZ+tMSDqwNCtjB5Z75+iKwAAQkxXCzSYnRo9ndEo0ASlAdTZneR8I3FL?= =?us-ascii?Q?Ww0QwkzvGIHLqFxazhcU+bqef9A6ahWFXwF7wbsup9QAimo6Hp3/ts/uHlSB?= =?us-ascii?Q?nxpA9GE2nC7b0I4td8aJSKYbTgAD2VhEoTwYxd2QzvBdK+u1M2EwyFMQc6vX?= =?us-ascii?Q?q7wmhTfJYPkCMnmJwMwYRooDkYv1yzrhaXCU7u6/jv56lszXQofeWcoPd8Ly?= =?us-ascii?Q?NSvw6c7IiouIWxpgt5uHqv5k8QgkBUYxHWMMgpo/kCD9GWVdZfiPmq/RhG1G?= =?us-ascii?Q?wY1hZ+G6CiqKk4eSmg74Up4wU9TkqtxyoLtYOXRfFBjp5xsahXhhnm7nYx8K?= =?us-ascii?Q?TYBwkv7Wqfg050IAMb63416YnyoTsacK9mCungxXhbeKo+xPr3jmAiUPWPSw?= =?us-ascii?Q?NBRKm+UO4FdNqlha88LoJiY7jR688kvT1yG3todW+g6Xab7aFwbgIHEghQKE?= =?us-ascii?Q?YNP/JQFBQm80rSXBKk0rIZw2T80DFP8A5vJEfQA7vwpOHVlGGvA+e28EJUGk?= =?us-ascii?Q?0kcenkZg+bkdSqzuQjeUAszIv4r37G7TSvWZ/emI4Thwbt2VfqpPCkbH1ORs?= =?us-ascii?Q?chvVMzxd+N/KgYneYdBwR/hvRz5x7PPu8UHyFRJG3f7pQOf1Ffmvj70/8VmV?= =?us-ascii?Q?KHxIefluM4IJNTjn+yH1G5WTpk+Jq4VEGFXZVwnIx4pKVIh7+P0pcJ+VvVOi?= =?us-ascii?Q?qYYyAJNi63JJT0l9+WZGWXim9ALBqXt3QDmp6VvHVDcrBnKvt3B+PjTAAdUh?= =?us-ascii?Q?6ZY9owh0bGmkfhUxTVIqkZdbbpH34CHjI9ZdV1keTmSWvgA1+mlSMEsA+1dQ?= =?us-ascii?Q?FBrOrRLKZ6mrSlukOxuT5oDJjGzXlEGvl6X7t4LX0gfn8JMZvpkhCd6IEzPE?= =?us-ascii?Q?K539KcxYwMpkp8f7nwHk8SD/EfwbKq72H98HVElqlYQ3w0jnadEUUAbSH66h?= =?us-ascii?Q?JpHD3qLJ+XdTwxp+YWDfcnrZtbXxxwj01fkJNQn6UHwsAPb5WWrFs4Q3g+Vz?= =?us-ascii?Q?lHVlXOvNVxUwt0CqvP6gHFmZN2zb5CWjgIVOqwtMNFey7+RvX9q59+bMbzUU?= =?us-ascii?Q?3aEJzKE6Qyg1SJKjPmAShLwIjqFrLj+IT8z8RAmLpXzdlGR8jyTZ3XqC8H4v?= =?us-ascii?Q?dPiyroRr1GRDh1zdQOlyPLNFU8zg6QWFhdbsgvt4C5DJHcxcr1grZOiYSpGq?= =?us-ascii?Q?vW8R3/mrFjwETj2Su1ghRyUCRrgGBbxmf80e/Ik506Pv7a0Dc8smJVqbpnai?= =?us-ascii?Q?MI7KYi2V6blvTLdIyENJOpG1uNZVyQWclEi43cQGEt/ICa0t5wRl3cPiZAn6?= =?us-ascii?Q?koklCidh8Qtmnp5GeyJLBHVUOOrsqPZXOXo9JQ4A7G2dotUvqdAPEqtoXVnB?= =?us-ascii?Q?X1kKssL8mYSgzuUrREeNriz57t1Q1vMzzmLKuxyNdjTr2aqsJ21hK9TyM+58?= =?us-ascii?Q?98EbsGn7pAIVjGgWiZ05c4s0u1H9YyXP3JNkSr8sIoM3NzSoAz0SNY7NKyUi?= =?us-ascii?Q?AiF7Rf0/lg=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: eca7968f-d68d-4524-38ad-08da220dd080 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Apr 2022 14:06:35.3704 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 6K/aDGbAgWVsFuQ0B6NIQo7xHqGR4075Ppsy52iX2Wjpg592ANaT7jRLoRPB5AyZ2WUM9B7paUjAADkqo/s/pg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3855 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Inlined > -----Original Message----- > From: Gerd Hoffmann > Sent: Tuesday, April 19, 2022 8:49 PM > To: devel@edk2.groups.io; Xu, Min M > Cc: Ard Biesheuvel ; Yao, Jiewen > ; Justen, Jordan L ; Bri= jesh > Singh ; Aktas, Erdem ; > James Bottomley ; Tom Lendacky > > Subject: Re: [edk2-devel] [PATCH V3 5/9] OvmfPkg/IntelTdx: Measure Td > HobList and Configuration FV >=20 > On Tue, Apr 19, 2022 at 11:12:39AM +0000, Min Xu wrote: > > On April 19, 2022 2:59 PM, Gerd Hoffmann wrote: > > > On Mon, Apr 18, 2022 at 07:59:56AM +0800, Min Xu wrote: > > > > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3853 > > > > > > > > TdHobList and Configuration FV are external data provided by Host V= MM. > > > > These are not trusted in Td guest. So they should be validated , > > > > measured and extended to Td RTMR registers. In the meantime 2 > > > > EFI_CC_EVENT_HOB are created. These 2 GUIDed HOBs carry the hash > > > value > > > > of TdHobList and Configuration FV. In DXE phase EFI_CC_EVENT can be > > > > created based on these > > > > 2 GUIDed HOBs. > > > > > > Why this is done in the SEC phase? > > TdHobList is consumed in SEC phase. So before it is consumed, it should= be > validated, measured. >=20 > Yes for validation (aka sanity-checking the fields, etc). > But for measurement I don't see why the ordering matters. > Whenever you do that before or after consuming the TdHob > should not make a difference. [Jiewen] I disagree. The order matters from security perspective. If you use it, there is risk that the buggy code will compromise the system= before you have chance to measure it. There was already known attacks: The measurement was in wrong place, which = caused the attack can forge the measurement. The best practice is always: measure then use. >=20 > > CFV contains the information provisioned by host VMM, for example, the > > secure boot parameters. These external data should be validated and > > measured as well. >=20 > Same argument here. >=20 > You pull a bunch of stuff into SEC (sha384, ...), and I'm wondering > whenever it would be better to move measurement to DXE instead where > you just don't need that kind of changes. >=20 > take care, > Gerd