From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.1921.1630390652548163330 for ; Mon, 30 Aug 2021 23:17:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=bYQRjHPY; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: min.m.xu@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10092"; a="218418517" X-IronPort-AV: E=Sophos;i="5.84,365,1620716400"; d="scan'208";a="218418517" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Aug 2021 23:17:31 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.84,365,1620716400"; d="scan'208";a="540884379" Received: from orsmsx606.amr.corp.intel.com ([10.22.229.19]) by fmsmga002.fm.intel.com with ESMTP; 30 Aug 2021 23:17:31 -0700 Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by ORSMSX606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Mon, 30 Aug 2021 23:17:30 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10 via Frontend Transport; Mon, 30 Aug 2021 23:17:30 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.175) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.10; Mon, 30 Aug 2021 23:17:30 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mFqEAWyYYaUwatZUK/9t/I4hQV3seazy6XCSgoPJED4XP2SIbjLOcAaWiLSEc6+GhZjNCKuCw0KnzbGlDpd/EQxOCyIXm6GRJ6MMEj5y6tdZbDgJTaPQueHGL4YxuoogFSasUtbuSLy0SXI63mHJlG+GfUNEmCkZAQVFKF5wi4u1qmYwF0bd/i83GBOLKf+Qp29BcKup2kSP5wkYEDmCJJRnIXzzilBiBDfWRBQIcWT1GiCufSadXsYNk7EIpfrAcNYJOuOfLz0tiQ9MRvCbGcZb0psXGDLMGWH5oHy48gRcYJuLIxLniUXPmOz74fvEWEbEgySufKzbX3frLA7NjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qXkmVizCi4UDb3Ml7gK/+Oee8excAGO58pnYYvIHlxo=; b=US4nd/Yfqqun5rvD39Ls/ria9A/W6jngfUWfnxAh78YfhRLIjmuRIZGnHH6LhHM3e8ROG/6T1AJ5hgwphN+Pzbbh/snE/PL57gNIfWALzY047YAWnpFqBZsrhUi0vu85+AgGMJx9z2I2WmpOWuqWZxxkxt/JfpqS9XmkoN7RudzCzG4gRPQydZ/8otl3yBWk2zjTqkDn0Bwg6GUxRAomw2YAfrCNJBDHTipk44YSvwivlYm2h9y/BdQQ1eYNzY5rAX7SJhUVO7glBUOSEup527l7D3nWTv2Srx30ZdoPGeGRPTrcRXecHf8MOKhTxSr+RD90SXIS73mVDFu/wliSIg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qXkmVizCi4UDb3Ml7gK/+Oee8excAGO58pnYYvIHlxo=; b=bYQRjHPY/z2KLNI2LYmSAwmc53YqJo20Wxq08wSmLPA/CgsxFe2L+3fHNWFyw5IvdGQ7Qx+TBasoziQ5TL84TkMSd+pYDUvdM3SRMAQfzJLlm/UNjbiRGXG5DmEqchxunKHPk9T20uABJNc6lZfPH/NcVwLHu4SHnvF6Xep7T9k= Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH0PR11MB4854.namprd11.prod.outlook.com (2603:10b6:510:35::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.24; Tue, 31 Aug 2021 06:17:29 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::c93:200e:5aeb:e11b]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::c93:200e:5aeb:e11b%3]) with mapi id 15.20.4415.029; Tue, 31 Aug 2021 06:17:29 +0000 From: "Min Xu" To: "devel@edk2.groups.io" , "kraxel@redhat.com" CC: Ard Biesheuvel , "Justen, Jordan L" , Brijesh Singh , "Erdem Aktas" , James Bottomley , "Yao, Jiewen" , Tom Lendacky Subject: Re: [edk2-devel] [PATCH V5 1/2] OvmfPkg: Introduce Tdx BFV/CFV PCDs and PcdOvmfImageSizeInKb Thread-Topic: [edk2-devel] [PATCH V5 1/2] OvmfPkg: Introduce Tdx BFV/CFV PCDs and PcdOvmfImageSizeInKb Thread-Index: AQHXnUe4YoRICQS34UKQwQm3+qtkS6uLn8GAgAFQ3+CAACKSgIAADl7w Date: Tue, 31 Aug 2021 06:17:29 +0000 Message-ID: References: <77440edd1e175207dffcaaa052ce26ae71e6c66c.1630289827.git.min.m.xu@intel.com> <20210830070339.u47qq3g7hb4rq3xc@sirius.home.kraxel.org> <20210831051305.dhqvsh4jzqekmjly@sirius.home.kraxel.org> In-Reply-To: <20210831051305.dhqvsh4jzqekmjly@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6b9c15ac-36ed-4fcf-d995-08d96c4702b7 x-ms-traffictypediagnostic: PH0PR11MB4854: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: wh0vLAoOqKfsRbKhDDS+eCcsrs+jZvwi5QEeF9GGQ0I4cpP0VWJa+0OyHHfqv8dNCeCGyoLe0OjfTGgVoWNQ70/mUpLqfGYUNI+NcoUAnT/kwEJt3OL8aSzR9XiDR1cUDotjTpYU3FHdJXPJubMXs0KqCOe674MVR8dx39X5nB886OlDXpJWZcBsCf5wOc7CiR7RR9FMnbjdin5A8/YK6T9rxQg1ac8FA+26YRvqjsxh5xmwlP60dEDMJF8OnU+wpsAfNNjFQyFpZUa1fbS56rO/SyuAL+oAz/dlfhh8KzFZMeH0djWsqQtKyDYypruCBhUlWO5T+7hxBJnU0AUE4Wsq05ZjGasjqk1oF5BgDacxVG2favm+2zjRa4UgnUATcauuikxRGAI6rIy05KwKlymOMsdHqYPFPFiKLZgMfIGfTOkaZEpnqqNQ4SeAJDU8EOv0QBmfJ/NPsiaKsSb0KV/9DWNeaB0r0aOuAwIUqhSZYTZAWivEB7L4iKL7KdaPMguZBpHZpNl4okcc0ASxEysW5tW1ctDIEU+nYSh7cwUmmnInmOsUkdexFIApzqucKRI5hqt8bdMhXQTMaBUvPqI+L1n5mirMWHmYcWPdfBfVJCU9sbbYdspcBObOHTRdFtvN7d9rbJvJZWgyftaTeGfCqvWMdb7XJ3FcfuwEKudn96srwTuudgg39pSDK9LtbkY/USbGwMkeEnt+km1UDre5Ot9ba84DtYr/IH5TvAfvdElhVBfbFKSMzRtZ7JqkCVKIgwZ+94VWRfXcD3eP817oKWMLwGOBO4T/BblMAkklk9osMkIkdXyVRxkMUODHS3RSzUEIg5+ozZGCv14/iQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(39860400002)(136003)(376002)(366004)(346002)(396003)(33656002)(54906003)(86362001)(76116006)(4326008)(2906002)(66476007)(66556008)(64756008)(71200400001)(83380400001)(66946007)(55016002)(110136005)(66446008)(9686003)(186003)(52536014)(7696005)(5660300002)(26005)(316002)(6506007)(8676002)(122000001)(966005)(8936002)(38070700005)(38100700002)(478600001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?eQvie2FyTQ+dnqVAuxHrdNXKXPj/WJcv9S8MdkkYs97FLBzGlteTRH75JgNe?= =?us-ascii?Q?3JPFKeX697JDNLi7vdCSZqpR1BHgTUxob00k2G0jgPJEA+j3r5xpSEih7yVP?= =?us-ascii?Q?AG8SeooO0/QcLZ8eCzV0BIuN3QLpI4f7y7VZmTQCan0fiL9XoxrukOf6+vnE?= =?us-ascii?Q?hmBkAYfR76OJIcf2HMdtO1WK0lRO/vrh2BNxdayzba+dyGQsvuJzyBivtum+?= =?us-ascii?Q?3A20gLPH5xgC0E5JOkDdpZMCmy03bj9WkERHUON0LDUS1DvQbIH2OaOx68s+?= =?us-ascii?Q?q8p8xFH0+GArKtez+J9nHIdLQhHvN6Xxpkpz2f0cDjRuXVMa2HTFAIznk2Qs?= =?us-ascii?Q?VTjMnWHIbnLSQOSYy0A+MmYWS9632t0gzIz3whs10U0ZkJ/8+/9HrNWiz23l?= =?us-ascii?Q?Y3t4jKr0M3d7n2rmfiTeL1HK9/3q+Vs/U0HLDT2mryzXfRam1CfJwqzp0cag?= =?us-ascii?Q?dhvNl8GT14yjhh2dk095EdSSfZCQcF8eBhTrkzuxvq6TpALGgKYpmnDRd7jX?= =?us-ascii?Q?3+jyciMfaYAtdGQHpn4dMTezXf4bzLwqu5BpyMb3uf+7AqcCNAsdUXluFlHI?= =?us-ascii?Q?9NQFpecHWg7aFaKE9qVLl2ftLxoEeOjenIcGWd3pdQ4o3EWqBD/ocTo0pzon?= =?us-ascii?Q?8UY9hKivFoYsxXswDXg3Curadb0TF/55BqZOx0AfqvMspndryEcE/EwukzcZ?= =?us-ascii?Q?myrteh0SSwaiv9I9vpJnfBuP0l2gmedVdn2yXdt1kLGx+ANXvkVZ/1mJYi8R?= =?us-ascii?Q?SfCea9CPk3ynot31QGi5/q/oAX0yrfac9UkhgTw0jb2RsC5/16aZMySGqT4Y?= =?us-ascii?Q?laZNtfcgj3WI+VuVcr0cNBMGk8MIEvQVJk+geUgg6U2NUSQbXH1SnKliUnwl?= =?us-ascii?Q?TTLzUOWRKZ/CDv3Paj/R6SYvgGTvB+vg5mnBEVQ2/12o0lHtlJT1xGMIoWU7?= =?us-ascii?Q?V76+dN75fwbu50uMZIfvDe5lXeM7KUxb0Hva9+7NHL5ecDhzagzS+85Gi40K?= =?us-ascii?Q?dhO/Ou6q1wvElaPer5WbZrJ4eUU9SSX0pUG13mYVwnhUF7bhCrGQRF5m9+k1?= =?us-ascii?Q?Iffd0uxrnigq9r6H5cHSekmn0YIec4kyjPfYJzQg4/vAX56/gUf05Vtksapx?= =?us-ascii?Q?cHTI2QoFgfgA55vMxiBQlyX4Z3k1xoXzTdMYXNlDLKky2nVKVyi8Zsvbn17c?= =?us-ascii?Q?txVWDvyxjwgXaHdNnFGUCAAfRUphgZUGOlaDi4aAhqeHG9u8bpKdTpC031FK?= =?us-ascii?Q?9iElZRHWyRudpOHfd5W4MwWgT7S9yzrAJuV+dDuK/LTrKAeaMpq0jhzW7fwD?= =?us-ascii?Q?2tMkDpgHLMCjZGOK2pCSKzjz?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6b9c15ac-36ed-4fcf-d995-08d96c4702b7 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Aug 2021 06:17:29.2054 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: +K5OojGn7quSrEuAfi5xhL3OBwE3nqz0muBiKdPARwFFxdx988e+AU5iPvzu6GIWpthX6OHq2foWeIt7/9Y8+g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4854 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On August 31, 2021 1:13 PM, Gerd Hoffmann wrote: > Hi, >=20 > > > From a security point of view I don't think it is a good idea to > > > hard code any assumptions about the layout of the vars volume. > > Do you mean I cannot assume the layout of VarStore? > > At least in Ovmf the VarStore.fdf.inc defines the layout of VarStore li= ke > below. >=20 > What prevents an attacker from creating a varstore with a different layou= t? > Place the variables at the end of the file, which isn't measured (because= you > assume it is the spare part), then being able to change variables without= the > guest noticing? If the VarStore does not follow the layout defined in VarStore.fdf.inc, do = you mean the current Variable mechanism still works? From the code of InitNonVolatileVariableStore(), the first variable is right after the VarSt= oreHeader. See GetStartPointer(). >=20 > take care, > Gerd >=20 >=20 >=20 >=20 >=20