From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web10.5704.1650447978254659361 for ; Wed, 20 Apr 2022 02:46:21 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=FiOLDFxF; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1650447980; x=1681983980; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=39qMo+cHzM/BKdk/U+1ll69NbQfsyqnNBzntJqNrens=; b=FiOLDFxF1ocRHZrgW/Mqkhen66lAaN3f0tSZdR1EblYAPl8f10JeHqug 7b/EU7rOJyn4e2lEAvgyhzsy+nWkcClNZsJYLyypEWvIDNperU/hybRgi MtgSy/y/hDUHEwf+uhAlFw6FKbHCC9eli+hL5zs742LS8uIBB78sUQl/S 2jPU+Gvcj/drGH6QFqKGjA1/yDQHpCewZWij2EMIeyQOvptnk5FfCHA9n M0oBZ0PMD7OhreI31F1kk7NCVgSmrGYD9fkdL6Z53cOSj8aEtNdWhNGNs 2xqB0UWWQJuF1yHDInhT+60m40LnriKVVl+ZEmhbjo7CORZdXeiR6LIgH A==; X-IronPort-AV: E=McAfee;i="6400,9594,10322"; a="262845029" X-IronPort-AV: E=Sophos;i="5.90,275,1643702400"; d="scan'208";a="262845029" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2022 02:46:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,275,1643702400"; d="scan'208";a="593115509" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga001.jf.intel.com with ESMTP; 20 Apr 2022 02:46:17 -0700 Received: from fmsmsx606.amr.corp.intel.com (10.18.126.86) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Wed, 20 Apr 2022 02:46:16 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx606.amr.corp.intel.com (10.18.126.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Wed, 20 Apr 2022 02:46:16 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.171) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Wed, 20 Apr 2022 02:46:16 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QX58JzuvXLiMxurDBADwVkCIuyWKDP9Aad4WLAZ0xqUS0v35gST2gWIunI6HOwSVJsuzi4Unsgseyn6ieC3AaiMMO1DlcRtHaXCTqvAP15XUfGXp4I3FZxLwQ38Ife+6ixKFgo3VOYClCoTTOaG86vTuD/CX0EVkS8ESIBXcEHr7kCBgYsHNDTNMixC/xhreF3vQAg8LP6qCZ5wjh5Ow6XVCgY1YxusKvw3CLGzOz2mBHAx3FybXCpWvFzMYLDsBaPDlQwO1zoJ3bvjgUZEy9xmS5qPwwYAWrEg/hXS+IxC3JPZHdM0Q6Gp7RpZ9Z09tAA5QcbFhX/ynZ5sCst9G0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=V2nY8HUFLQhbAIbOzCvViaI+ylZhxya62ZTJ/IVpVqI=; b=Slyyb55Kxm1yPfU20p6rxVGFaq+pcz31cnQSPJjY0sGRHjc1yXZ4Ved+XmI1MwPffew+ZyqjC72X3YSoJPmuBM1B2ETa48KafDOLBYiBERqIl8b5HsOHIh8FZhzAHKB5YiAYVXrYUWTLqcliz4zviByPSfEWizxILWuR9BzaNY10ronpQX79vgsbE9RB/JaLs0NOFCMIWTR3lWqc44aR4aqx5vZBnpL/ZU+WpFQtRgKraDeSeKV60Ms3pq3qcEG5W7dzXZJ00Ju44XTxFFqGj5S26jdZ2RmMg79AYa9Zjl0B+ZEHzBdZL5hWXoPorR028os0wHgciltSbk0wbkDQ9w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by DM4PR11MB5969.namprd11.prod.outlook.com (2603:10b6:8:5c::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20; Wed, 20 Apr 2022 09:46:14 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::d55d:28c1:bfab:3dd]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::d55d:28c1:bfab:3dd%5]) with mapi id 15.20.5186.013; Wed, 20 Apr 2022 09:46:14 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "kraxel@redhat.com" CC: "Xu, Min M" , Ard Biesheuvel , "Justen, Jordan L" , Brijesh Singh , "Aktas, Erdem" , James Bottomley , Tom Lendacky Subject: Re: [edk2-devel] [PATCH V3 5/9] OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV Thread-Topic: [edk2-devel] [PATCH V3 5/9] OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV Thread-Index: AQHYU95iMIYlb1sFBkiJhG2nbXFPI6z3L/KAgAAUaWCAATHnAIAAFg6w Date: Wed, 20 Apr 2022 09:46:13 +0000 Message-ID: References: <1992c4538efeb3cd3d2e53bd02f2dd24663e9825.1650239544.git.min.m.xu@intel.com> <20220419065851.mwjpm6jaeu3zudjk@sirius.home.kraxel.org> <20220419124901.idh7zaff3os6532f@sirius.home.kraxel.org> <20220420081656.nl4sykhnwzugynm5@sirius.home.kraxel.org> In-Reply-To: <20220420081656.nl4sykhnwzugynm5@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.401.20 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e75a3559-6dcf-41e2-2c6b-08da22b29bcf x-ms-traffictypediagnostic: DM4PR11MB5969:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: qGZI4nHUMwk+MNnBbDb2+S+ohDRKJwBfce32PukIlMnkPh/aXag838Cl4hyGQUnx27/scNKzFRPP+SpA3PN9VYgiesiZcgl19bmfibhSUd1dvIL9UYflkA3oveIlZS8jpIkYWrKjTa9k/iUw08GMuo0KZ95zeFDDruqgkCte6cZgTCXjTqyJFXicQts/DNXjbphXvQnyGmf8aZqxgKKivFR2RVN1Dhl/BknC3M5UWSo6K/2M7rWSGYIwxyQyyMlQJxh8KsasBnqvGnZM9CCgTZtZIrXy9rqjLbkiqAswVf+eCfMVoz0jSxvdQ3GkHMgUV5gXhs/iwOPCJdS0OjHsXn8/1i+gnvpL501EZVnKzEjkVMzdTfpjDOSye2tbiL9QEz2YgrVR7Y2rEKi0Qpq7hG3YPudp7aJV9+QCAU+Y/2H5c7rWzn/88uk72tDevErNBuy23GcIT/cBEM1P5KYXI6nzN8Lk10yBYW6v6wLIYSDRTCCT/0a4aXHrh9qd8CkMuslCq1IsUYwOVxos3kuPFwC2tlH8c7nuxe0w4mkn6zU4wJiFmkWEZLAD9ZdAjwm/8dsbhYRVf8Q9icIC+ylyff7G5NrbpyMejw12z+IsxEgThVWX1OxIiQBTmUSs4DyUcWpGiKwqYR3jcRo9tUkkdlqizS9v6Qt7Lh+uN/GwE8Jay/JBFOD0YCzhlFxbg/3YXVXEYtFAGHVMKRHpspvC0lJAxTPGPTpsJ1ka2QaE3DTsprKzEJuQx4w9iL6uB6m5uidjVEh3N6rQDFGHfDRaxcT7px0CiMxApTr5leokg4cSSTFokfk+JwrD9M5MmS+LBJGuHxc0oQdWXpCrotW60A== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(7696005)(508600001)(52536014)(9686003)(38100700002)(4326008)(8676002)(66946007)(64756008)(66476007)(66556008)(76116006)(86362001)(66446008)(8936002)(5660300002)(316002)(83380400001)(53546011)(33656002)(6506007)(82960400001)(26005)(186003)(966005)(122000001)(54906003)(2906002)(38070700005)(55016003)(71200400001)(110136005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?oVLj72KqBN0i3mlOox249chtDzGCQFBvFj2BOrIT2w0NTiEUay1QKeFXdvBw?= =?us-ascii?Q?x8sir9+PpmT9ef2LYC5bT3lIaJqrY5XGk8LENEANjDrnIUBH+OOFk3ucjKI8?= =?us-ascii?Q?mL9pt7l7qus4JICQOG9WQ/k/i9VVpFRAlgN9OWibvH/qJTG6AJNLHzlEfUxb?= =?us-ascii?Q?JLRCoFB/D8QBIGe+FA9+D4S5rmzj0LouEbbaglta9zlt0dqDWzVISOnLC/QA?= =?us-ascii?Q?TdNcQiW55YGVcekR8+BxLT9W6KkMkYy4mqLt64wjX7GIn+YbX5+xa/lYU/b+?= =?us-ascii?Q?jjqmAMfWCjK8/QEcS51JWUGJscdGIRGRQ/+HxbQYeOCkqcdWbQUForyYZZIU?= =?us-ascii?Q?ebfc1MyvUld5WS8hE1rUGQVZbxcRcOujrA7kLQZyDklZzouGev7z5d7jW4Fs?= =?us-ascii?Q?ZELRsZAw+3K7THs2JdlnmgqCQePC/P9nj0UADIDi5mazrTrlPOKTq8+esFSZ?= =?us-ascii?Q?xE6WqICHzxNyX78UXD9ATV7Ore5NPFMatwauIDLtjFyzvOEZlMQbWMm7cEgc?= =?us-ascii?Q?TwGanxWPdvPB60FePNhzozLmKDaZCFKoeVAWaaAsXiQmDrsRh4jDPi8sYbb/?= =?us-ascii?Q?lQu5J3WT0qsidBDGtiI6VXQdTTziZUcW7Ar7g16ZPPJ7DlmNUIHn/9FnVpdu?= =?us-ascii?Q?bLelawe2MIjBgQkW5CmnFq4UwqM0661YOoitvZmRlwx191BbhNOAPSHrfGPO?= =?us-ascii?Q?CNPJqEbr0IdofVvVvQe8+3RNt1oIqjejV7irdF8HCBXD9oxC7AdxS3AQki0M?= =?us-ascii?Q?/0H55uKm0Xj9eR1J7C4in9jAwWMpOvkXyqLAgeJY7UYcztJ/UQRVJLLqrd1y?= =?us-ascii?Q?umu5N4E/E5pThxxRfxJOtWX5h0jSLB93ttzq54GUXnHtPpPCC+DkHE1cSBkS?= =?us-ascii?Q?d8vjMs3YBwVdsA513cYmCQMAGl1r0eYpCam96SDEYEFgHQIBSKzdsLyB6bYn?= =?us-ascii?Q?+Fwz8gZ2C6bbaF/xec4Fe+79zPGynuNSwMPw4avH+6/dcth2cN/bRi6GaxbK?= =?us-ascii?Q?vdEFsBd6VoaRqDczmOM27CacZJXQv4XOIhXSvg8gFFy2mTgTWDO/wSaOB/y4?= =?us-ascii?Q?diNg6yT6C13y5VGTVb5qeDvY9qEMZHQ2EgkH1G3eBeZeyx4lIOxnAI67t5xA?= =?us-ascii?Q?49QuTNWAAuv2ggt33/EdC1m/rCmfLB9PfLGdXZEWxSPbXyON29oOJTNtOfAz?= =?us-ascii?Q?c6I3tSUMpABoPesemAy39XD3zxYBK42BCfRZJY8HWwAzjiKbXRNjL9GqaO1U?= =?us-ascii?Q?QUq2Yg6HeB6/Nccgux+EOWOleFlyFw7Q9OS2hXeTpEC8W/k0bYEweQrPwvaB?= =?us-ascii?Q?uDFGdayuGtizwqhN6++XcPR6FeRbk+Ca1dVd5fCj4KL+9zGnC0dQW30iSqHO?= =?us-ascii?Q?WswDjI/LE+GnjwBr6aGD53tXJUyyKQ66CXaaCs6331OhsQ1i4RhD5Z8dXECc?= =?us-ascii?Q?oCrbYb18/hy2dF4oQMqlGwkQtLYYBOgbETeCSwyaUU8PJFVHBingL6F5RlHz?= =?us-ascii?Q?/FH2CMEf2dEseAF84px0BL1FFoKsaa2X/kAF+q8NRbPN/NEPX3t8e2eZGxqM?= =?us-ascii?Q?Jp6kfv+/KzNWwu20KJH7hfRksC1hhPeazjb7zjVxd0h3dgBpg5cSaCd43via?= =?us-ascii?Q?SbAMKn+WKVIW0cUOwPuNP1UJvR7xaMXwKS0heqAeTI6jJBIrQHbUS5M+g0Ss?= =?us-ascii?Q?sfMYmD8rRon8OEaIVVVYGAz1u8ENyebM4acS8k7zDIBgaGqjXkORfhAhcYXS?= =?us-ascii?Q?H69BpUqZOw=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: e75a3559-6dcf-41e2-2c6b-08da22b29bcf X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Apr 2022 09:46:13.9759 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: eH9tgiRdy/pOJpKEwU1DcFOezGh4O6d/rQQHyoH2bu16aqrh3U/oMO+zuQetzO0AawWqZ6lpwomu+6HWAYgRrw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB5969 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Gerd I cannot agree your statement on ordering. Smart attacker can forge the good measurement based upon the severity of vu= lnerability. One famous example in 2011: https://invisiblethingslab.com/resources/2011/Attacking_Intel_TXT_via_SINIT= _hijacking.pdf Because the attack happens before PCR18 measurement, the PCR18 is forged su= ccessfully. > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Gerd > Hoffmann > Sent: Wednesday, April 20, 2022 4:17 PM > To: Yao, Jiewen > Cc: devel@edk2.groups.io; Xu, Min M ; Ard Biesheuvel > ; Justen, Jordan L = ; > Brijesh Singh ; Aktas, Erdem > ; James Bottomley ; Tom > Lendacky > Subject: Re: [edk2-devel] [PATCH V3 5/9] OvmfPkg/IntelTdx: Measure Td > HobList and Configuration FV >=20 > Hi, >=20 > > > Yes for validation (aka sanity-checking the fields, etc). > > > But for measurement I don't see why the ordering matters. > > > Whenever you do that before or after consuming the TdHob > > > should not make a difference. > > > > [Jiewen] I disagree. The order matters from security perspective. > > If you use it, there is risk that the buggy code will compromise the sy= stem > before you have chance to measure it. >=20 > Measurement will only record hashes for verification later on. > It will not prevent running possibly buggy/compromised code. >=20 > So, no matter what the order is, you'll figure the system got > compromised after the fact, when checking the hashes later, and in turn > take actions like refusing to hand out secrets to the compromised > system. >=20 > > There was already known attacks: The measurement was in wrong place, > > which caused the attack can forge the measurement. >=20 > Do you have a link or CVE number for me? >=20 > thanks, > Gerd >=20 >=20 >=20 >=20 >=20