From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web09.33407.1629997132142059371 for ; Thu, 26 Aug 2021 09:58:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=ap10410k; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: jiewen.yao@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10088"; a="217825068" X-IronPort-AV: E=Sophos;i="5.84,354,1620716400"; d="scan'208";a="217825068" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Aug 2021 09:58:51 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.84,354,1620716400"; d="scan'208";a="508449362" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by orsmga001.jf.intel.com with ESMTP; 26 Aug 2021 09:58:51 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Thu, 26 Aug 2021 09:58:51 -0700 Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Thu, 26 Aug 2021 09:58:50 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10 via Frontend Transport; Thu, 26 Aug 2021 09:58:50 -0700 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.47) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.10; Thu, 26 Aug 2021 09:58:50 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KdSxo3+lJZWi8E6UfUp5hAAXRfEEiiliFlFLQlsyLil/jGKNAzz++NWX9R0SGHieG8eXPNuN21rdBfhQkr2YvsMizfvOYDqywSGcRIvkh5gtABRkxUnM+Vmil8FUoyJl4Ztn5f/9Wbzd5iDnBRM37my5P2f1etrrJA2kT7ssm6DmkbSRsoM2rgbPzOyxE6zNX9IY5OqnWNNJlndWWuB+0MNyCxJhO80A07+dj3c7kpLycOtdfouCYvgDYezQoWpu69tiXAl0YOd1ufolEps8kuQmFxXNQRoTnV1jSxFrwaebrZtB/VSL4s3M3YKVXFdYDmvjWU26LMcpPHD/7zxZtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jvu9YYfGJxK5GO7Z+qMcuq7gQWj55C7ARhbFjx3mmLo=; b=eoiA0+ElduD9Nhv/iSyfIvggUsCAnQSCmk9D14MFpS2DN0hhyNEc+Z059hI78OY6FIIs7rEL5vpY8+cVRaz7EANJHMG5tTYsyGwNuSC2WQIVkTX3W2RTnDsOOLpaC4/kx4rPzeD1Li5DkEXjHW1dJuSn/bbYqdk/WKqV+GT+w1j6QnEGbK4y+zzFWvPDJS+EQoSCXC2krgdCHKaeszVitD4lZp+eUq/mH89KQ4dcFLKiXT+IMtBcOBY01MM9jsZfI9bHejiVWitJ2gb7tyH2OjzcTBaDmPoOwwhefKtaCzCMS6wsgho+FGgvmnarhNwh9HyuC256n3hMwsr+phBCqw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jvu9YYfGJxK5GO7Z+qMcuq7gQWj55C7ARhbFjx3mmLo=; b=ap10410klfTRblhojQVsmIiinANuNJ/4Jaa/pTdCULdo0HU8q5zzPGVC/mPjEYtO99ogyIgU9gGD/NRJ2g8VdoOJYFkorOd7L2FMlSbEzc+WF7QT7UbcrzQ4R2W1u0UsTGC56GVkZYi0dft6Xv7MbpBp5UJcs40qdTHl/uJbeco= Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14) by PH0PR11MB5045.namprd11.prod.outlook.com (2603:10b6:510:3f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.17; Thu, 26 Aug 2021 16:58:47 +0000 Received: from PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::e97b:e466:268f:fb79]) by PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::e97b:e466:268f:fb79%6]) with mapi id 15.20.4436.024; Thu, 26 Aug 2021 16:58:47 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "kraxel@redhat.com" CC: Ard Biesheuvel , "Xu, Min M" , "Ard Biesheuvel" , "Justen, Jordan L" , Brijesh Singh , "Erdem Aktas" , James Bottomley , "Tom Lendacky" , "Yamahata, Isaku" Subject: Re: [edk2-devel] [PATCH 18/23] OvmfPkg: Enable Tdx in SecMain.c Thread-Topic: [edk2-devel] [PATCH 18/23] OvmfPkg: Enable Tdx in SecMain.c Thread-Index: AQHXj3FdcI3h9T1gnEKykKGFK85I0at6bd2AgAB/3gCAARvDgIAGmLcAgAANpQCAARgVkIAAJW8AgAADM8CAAHH8gIAACJBwgAEfjACAAIjUEA== Date: Thu, 26 Aug 2021 16:58:46 +0000 Message-ID: References: <20210819064937.o646vxjebwzgfgoz@sirius.home.kraxel.org> <20210820072253.plne3mudm3dj6777@sirius.home.kraxel.org> <20210825075218.mpmkcwu3zo6tykm2@sirius.home.kraxel.org> <20210825145143.rp3gqcqzd6fktkjk@sirius.home.kraxel.org> <20210826083132.owdvtvylzklskc4q@sirius.home.kraxel.org> In-Reply-To: <20210826083132.owdvtvylzklskc4q@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 07281776-9660-4bd3-4e91-08d968b2c529 x-ms-traffictypediagnostic: PH0PR11MB5045: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: J2qkUbDhXI+Fog6q94+JEZ9OkeR3KXwj7o2KSpi3lTfR7+AfayOerjv2yreEWAWXmiGJZy05u0rNr9MT1t70A5mWj1pQL1iDX/uH2+y2VhWrLX+gaMnJZ3/cO7pkLn32Lh6ZQIF7rJJ0QvNn87kNZF9M8grDw07PnOEuNa3pRBzNt5mi5n1a9jy12o1Y4lZg36M2BonlM7kPEgruK/lLJN/Z62ydps8KKjXOi6ALkDaA1kO88q1Z40oDAWd4gTBOWFNZCC24YfKui7/aOZbGaoGgteind96/IAHrFi1EOPjshkUhsQh/umyA3sBA5z6MxJigwZCl0PC5fRxbGxhSISlQwEyqMYqm9h0VOmXlmoEMIokbKUXaUx3wrBUyvuuyAv/Ueq0gLXNIcbFpZo7Kc3/IKB/DHAf1W5i8PkiaAWEYCGxjMdt6F9F2fPpx1sL3JcIlaqn1o2k+B/33sx5Rm6yulK25Kpr1AfZxtI0Ulapl6ZUh9I4qLEjsaOMVAJ6WZ0jJPBiSp5rBS66jqVUO8CnYlW3niUKLOwjofs0Uxfl5ZEVxm+dSTylrJErT1PCiZEWR9JVQUwM+oCsErLlcehksTcWwkhj7+YYrft3JIrpnGNca7mk+eQPKMAcfCo9FtMzkPBfkjb1TlDyLK9QMXKhCQlHxzETiF6AtMA/4LCI4lV7/GpAruNp/V/QgGI+2hjvqRMtSX1Zp98yiODySuDW1zRhakiheCORI1HmS3hSRqJGDo10vyM02yoVaFVcsfMycQrw7yh60K9xjRyqpnwNrWlZwXWrY+ZP9rGMHk0vzd9qEwi/MkJyvN6QslTSh666/qX/9zj2r+OeQLhl+/Q== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(396003)(39860400002)(366004)(136003)(4326008)(316002)(26005)(54906003)(110136005)(966005)(55016002)(71200400001)(33656002)(186003)(9686003)(86362001)(107886003)(38070700005)(2906002)(66946007)(66556008)(66476007)(64756008)(76116006)(8936002)(122000001)(38100700002)(7696005)(8676002)(83380400001)(5660300002)(53546011)(478600001)(66446008)(6506007)(52536014);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?MJBPCBfmkR6QTzGXgKXYqqfM61Fn7sNxPrA4zOOU4F7CU4YdFL6FzrZuDrB/?= =?us-ascii?Q?aYX5iwhoAakKMRFsueXUdDvyhLwQEvyvnT60tIOP23n5PR7dGGPAaTN50q6e?= =?us-ascii?Q?zqWKR/wx5ShOJSZbzHsQAFf61660LZYZwSDS+JX9TlwqsjWr6mfKvbv5LB+R?= =?us-ascii?Q?G7g+/lL+SkYoqyOUiXro0OiYDbVr84WYuwaa6kjEXcBCE06A9ijrDxUKtf2f?= =?us-ascii?Q?ui9lnzQicfuWKmObJbzJVw7yrce7KUHCNq5VE/8W7OqfznvSkAKDjqPx/k2s?= =?us-ascii?Q?Y4oVMjbi2krYwTStn4j+sgB9ho2KZm2984SabnQMFH3udt69z1wnITwO8PGA?= =?us-ascii?Q?mBtzeGYsJwsDp4NUZigz1BFSfiTgtWABulGz8R4v3HVo8H4UJEuHBefobJjr?= =?us-ascii?Q?7BsuiqUxPj7BLqFpyBPxGZ2VRMFQVG8BuRpDFtj4ovOj9ZHgbAql1dP2zalJ?= =?us-ascii?Q?UlF4S3zdMqM8bq3vk/Qu+URf7kqOaO62j8wrlnsfQ7eglU8Qr99VvwUIfERb?= =?us-ascii?Q?NImBxnQlkcRqHEqVi99phP77TqHEPT9WxjZARKZa5J6QgDGBcYVL2MpJFPCL?= =?us-ascii?Q?2Kh3RAMBVQcQ8AXw0b9EvawU9dXguHruMNlGV6iYZLQs9Lnxl+/WGN3Lun7g?= =?us-ascii?Q?nBuQVtGA6MBMdp1W6n+8/gDGlJu2kcgQUtcZYtpYkg+cxNci5SCcu9rJ1jih?= =?us-ascii?Q?QzOJK5S0wGEXdlETJ+turoOysjIgiaizkj6NzHZVAwNTVWOuAWl4fQe5QMWE?= =?us-ascii?Q?sTXevv3T5mgZ5zelnQwlw58tiiSHgxBUgLQBLvCDKGldcIOroRuQsclrh5m+?= =?us-ascii?Q?iU4nmnLGQpDUy9JtDRgNvn6j209iE8Z2a6l25bUkdYd4TXDZOvKsV1xXmfd3?= =?us-ascii?Q?Wi+1e/KF1G06ymykMO/jeqAZv6ZkVZslXsVP8N0TK9wddJJ2NoNVA60kNBdN?= =?us-ascii?Q?8McIWZA0hqD+P6qdK72hsbGBS6qJbd0YiD/3uvfSkheAPgBFKT3XlyupVTKE?= =?us-ascii?Q?JMWY89Sq8zzeIvSBQcRHHN817fuFYWS+opnIKgub4iRKv14TiH0wSCrQ4tKy?= =?us-ascii?Q?fU8HnmQApZmgeB/NJDRvwvkydxr7cWYYN15gXg+vxYeZ7mwYw5oppIjpeZwg?= =?us-ascii?Q?6Ppkuh1Au6q2Gbj69RxiXVSb3C30Gj7827tlhru2udC/4ls72/XJRglFtJtU?= =?us-ascii?Q?nQnfd0Xi9mJazPxGVrWXap7caXP5jaggXxmGz84H3SoD8bhPVRbUXEfkDzBZ?= =?us-ascii?Q?/R7kCU9ZicTn3Mua2h9x/AhAILgQTqOQQhFGdQIGe9DMq2ERnW//KsJUhmNn?= =?us-ascii?Q?0Q67fiXeNDPua44jXbb7IyX9?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 07281776-9660-4bd3-4e91-08d968b2c529 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Aug 2021 16:58:46.9139 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: tElvYTzW7cxkehhjzEjAeSQNtRBi4OwF9GawWWdJUe1b13RyZDXUFjzZIFvzFTGd/t2RZ8Hgav4NVGXHuwSQ+g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5045 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Comment below: > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Gerd > Hoffmann > Sent: Thursday, August 26, 2021 4:32 PM > To: Yao, Jiewen > Cc: devel@edk2.groups.io; Ard Biesheuvel ; Xu, Min M > ; Ard Biesheuvel ; Justen, > Jordan L ; Brijesh Singh ; > Erdem Aktas ; James Bottomley > ; Tom Lendacky ; > Yamahata, Isaku > Subject: Re: [edk2-devel] [PATCH 18/23] OvmfPkg: Enable Tdx in SecMain.c >=20 > Hi, >=20 > > Some reference for QEMU: > > https://lists.nongnu.org/archive/html/qemu-devel/2021-07/msg01682.html >=20 > Ah, good. /me adds an entry to the todo list. >=20 > > > > The fw_cfg is still allowed in the TDVF design guide, just because = we > > > > feel it is a burden to convert everything suddenly. > > > > > > What is the longer-term plan here? > > > > > > Does it make sense to special-case the memory map? > > > > > > If we want handle other fw_cfg items that way too later on, shouldn't= we > > > better check how we can improve the fw_cfg interface so it works bett= er > > > with confidential computing? > > > > [Jiewen] So far, my hope is to limit the fw_cfg as much as possible. > > My worry is that we have to measure fw_cfg everywhere. If we miss one p= lace, > it will be a completeness vulnerability for trusted computing. > > > > I also think if we can add measurement code inside of fw_cfg get functi= on. > > Then we need improve the FwCfg API - Current style: QemuFwCfgSelectItem= () > + QemuFwCfgReadxxx() is not friendly for measurement. For example, we can > combine them and do QemuFwCfgSelectRead (). >=20 > I was more thinking about a completely different way to pass (constant) > fw_cfg data. Something like defining a fw_cfg hob and adding that to the > td hob. QemuFwCfgLib could lookup the hob and use that when it finds > the needed entry there. >=20 > In case the entry is not there try use io instead. We'll continue to > need that for the acpi tables for example, these entries are not > constant. qemu will adapt them when the firmware maps hardware > resources referenced in acpi tables (mmconfig region, power management > registers, ...). [Jiewen] That is great idea. I really like it. >=20 > > The QemuFwCfgWritexxx() interface may also bring inconsistency issue. > > If we use this API, we have 2 copy data. >=20 > Do you need any writable fw_cfg entries in TDX mode? [Jiewen] I hope NOT to support writable fw_cfg. In our TDX design, we even don't want to support SetVariable to NV Storage,= just to reduce the risk. >=20 > 'git grep' shows the ramfb driver, smi feature negotiation and s3 > support use QemuFwCfgWrite() [Jiewen] TDVF does not support SMM, and TDVF does not support S3.=20 >=20 > > One is in TDVF (trusted), and > > the other is in VMM/QEMU (untrusted). What if the VMM modifies its > > untrusted copy? >=20 > > What I can see is many potential attack surfaces. :-( >=20 > Well, you have to trust VMM/QEMU to a certain degree. TDX can prevent > data leaking, but it can't prevent VMM misbehaving. [Jiewen] Yes, you are right. It is "in certain degree". The threat model is : TD cannot resist the deny-of-service (DOS) attack from VMM/QEMU. TD need maintain the integrity and confidentiality, to avoid tamper and inf= ormation disclosure. If VMM misbehaving causes the system hang or guest device error, it is OK. But if VMM misbehaving causes a TD secret leak to QEMU or TD tampered witho= ut being detected by measurement register (MRTD or RTMR), that is NOT accep= table. If we allow the misbehaving, then we have to do thorough analysis to unders= tand the impact. If we can think of a way to avoid the possibility of misbehaving, then we k= now we are good. :-) That is our preference so far. >=20 > > Please let me know if you need any other information. >=20 > Sure. For now I have to read more docs and patches ... >=20 > take care, > Gerd >=20 >=20 >=20 >=20 >=20