* [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic
@ 2017-10-05 20:16 Brijesh Singh
2017-10-05 20:16 ` [PATCH v2 2/2] OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when SEV is active Brijesh Singh
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Brijesh Singh @ 2017-10-05 20:16 UTC (permalink / raw)
To: edk2-devel
Cc: Brijesh Singh, Chao Zhang, Jordan Justen, Laszlo Ersek,
Tom Lendacky
By default the image verification policy for option ROM images is 0x4
(DENY_EXECUTE_ON_SECURITY_VIOLATION) but the following OvmfPkg commit:
1fea9ddb4e3f OvmfPkg: execute option ROM images regardless of Secure Boot
set it to 0x0 (ALWAYS_EXECUTE). This is fine because typically option
ROMs comes from host-side and most of the time cloud provider (i.e
hypervisor) have full access over a guest anyway. But when secure boot
is enabled, we would like to deny the execution of option ROM when
SEV is active. Having dynamic Pcd will give us flexibility to set the
security policy at the runtime.
Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=728
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
Changes since v1:
* Add Contributed-under tag
SecurityPkg/SecurityPkg.dec | 24 ++++++++++----------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 01bff01ed50a..4e32d172d7d9 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -230,18 +230,6 @@ [Ppis]
#
[PcdsFixedAtBuild, PcdsPatchableInModule]
- ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
- # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
- # 0x00000000 Always trust the image.<BR>
- # 0x00000001 Never trust the image.<BR>
- # 0x00000002 Allow execution when there is security violation.<BR>
- # 0x00000003 Defer execution when there is security violation.<BR>
- # 0x00000004 Deny execution when there is security violation.<BR>
- # 0x00000005 Query user when there is security violation.<BR>
- # @Prompt Set policy for the image from OptionRom.
- # @ValidRange 0x80000001 | 0x00000000 - 0x00000005
- gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001
-
## Image verification policy for removable media which includes CD-ROM, Floppy, USB and network.
# Only following values are valid:<BR><BR>
# NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
@@ -304,6 +292,18 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000|UINT32|0x00000007
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
+ ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
+ # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
+ # 0x00000000 Always trust the image.<BR>
+ # 0x00000001 Never trust the image.<BR>
+ # 0x00000002 Allow execution when there is security violation.<BR>
+ # 0x00000003 Defer execution when there is security violation.<BR>
+ # 0x00000004 Deny execution when there is security violation.<BR>
+ # 0x00000005 Query user when there is security violation.<BR>
+ # @Prompt Set policy for the image from OptionRom.
+ # @ValidRange 0x80000001 | 0x00000000 - 0x00000005
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001
+
## Indicates the presence or absence of the platform operator during firmware booting.
# If platform operator is not physical presence during boot. TPM will be locked and the TPM commands
# that required operator physical presence can not run.<BR><BR>
--
2.9.5
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v2 2/2] OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when SEV is active
2017-10-05 20:16 [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic Brijesh Singh
@ 2017-10-05 20:16 ` Brijesh Singh
2017-10-05 20:29 ` Laszlo Ersek
2017-10-10 11:28 ` [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic Laszlo Ersek
2017-10-17 19:30 ` Laszlo Ersek
2 siblings, 1 reply; 8+ messages in thread
From: Brijesh Singh @ 2017-10-05 20:16 UTC (permalink / raw)
To: edk2-devel
Cc: Brijesh Singh, Chao Zhang, Jordan Justen, Laszlo Ersek,
Tom Lendacky
The following commit:
1fea9ddb4e3f OvmfPkg: execute option ROM images regardless of Secure Boot
sets the OptionRomImageVerificationPolicy to ALWAYS_EXECUTE the expansion
ROMs attached to the emulated PCI devices. A expansion ROM constitute
another channel through which a cloud provider (i.e hypervisor) can
inject a code in guest boot flow to compromise it.
When SEV is enabled, the bios code has been verified by the guest owner
via the SEV guest launch sequence before its executed. When secure boot,
is enabled, lets make sure that we do not allow guest bios to execute a
code which is not signed by the guest owner.
Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=728
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
Changes since v1:
* Add Contributed-under tag
* Fix OvmfPkgIa32.dsc build
OvmfPkg/OvmfPkgIa32.dsc | 9 +++++----
OvmfPkg/OvmfPkgIa32X64.dsc | 9 +++++----
OvmfPkg/OvmfPkgX64.dsc | 9 +++++----
OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++
OvmfPkg/PlatformPei/AmdSev.c | 7 +++++++
5 files changed, 24 insertions(+), 12 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 92e943d4a0d0..7fb557b7c9cd 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -483,10 +483,6 @@ [PcdsFixedAtBuild]
gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000
!endif
-!if $(SECURE_BOOT_ENABLE) == TRUE
- gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!endif
-
# IRQs 5, 9, 10, 11 are level-triggered
gPcAtChipsetPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel|0x0E20
@@ -544,6 +540,11 @@ [PcdsDynamicDefault]
gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000
!endif
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
+!endif
+
+
################################################################################
#
# Components Section - list of all EDK II Modules needed by this Platform.
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 7f9220ccb90a..4bcbddb95768 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -489,10 +489,6 @@ [PcdsFixedAtBuild.X64]
gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000
!endif
-!if $(SECURE_BOOT_ENABLE) == TRUE
- gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!endif
-
# IRQs 5, 9, 10, 11 are level-triggered
gPcAtChipsetPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel|0x0E20
@@ -552,6 +548,11 @@ [PcdsDynamicDefault]
gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000
!endif
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
+!endif
+
+
################################################################################
#
# Components Section - list of all EDK II Modules needed by this Platform.
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 36c60fc19c40..e52a3bd4db9b 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -488,10 +488,6 @@ [PcdsFixedAtBuild]
gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000
!endif
-!if $(SECURE_BOOT_ENABLE) == TRUE
- gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!endif
-
# IRQs 5, 9, 10, 11 are level-triggered
gPcAtChipsetPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel|0x0E20
@@ -551,6 +547,11 @@ [PcdsDynamicDefault]
gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000
!endif
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
+!endif
+
+
################################################################################
#
# Components Section - list of all EDK II Modules needed by this Platform.
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index 16a8db7b0bd2..de7434d93dc0 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -41,6 +41,7 @@ [Packages]
IntelFrameworkModulePkg/IntelFrameworkModulePkg.dec
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
UefiCpuPkg/UefiCpuPkg.dec
OvmfPkg/OvmfPkg.dec
@@ -96,6 +97,7 @@ [Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy
gUefiCpuPkgTokenSpaceGuid.PcdCpuLocalApicBaseAddress
gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber
gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index 26f7c3fdbb13..1539e5b5cdce 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -59,4 +59,11 @@ AmdSevInitialize (
ASSERT_RETURN_ERROR (PcdStatus);
DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));
+
+ //
+ // Set Pcd to Deny the execution of option ROM when security
+ // violation.
+ //
+ PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);
+ ASSERT_RETURN_ERROR (PcdStatus);
}
--
2.9.5
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v2 2/2] OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when SEV is active
2017-10-05 20:16 ` [PATCH v2 2/2] OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when SEV is active Brijesh Singh
@ 2017-10-05 20:29 ` Laszlo Ersek
0 siblings, 0 replies; 8+ messages in thread
From: Laszlo Ersek @ 2017-10-05 20:29 UTC (permalink / raw)
To: Brijesh Singh, edk2-devel; +Cc: Chao Zhang, Jordan Justen, Tom Lendacky
On 10/05/17 22:16, Brijesh Singh wrote:
> The following commit:
>
> 1fea9ddb4e3f OvmfPkg: execute option ROM images regardless of Secure Boot
>
> sets the OptionRomImageVerificationPolicy to ALWAYS_EXECUTE the expansion
> ROMs attached to the emulated PCI devices. A expansion ROM constitute
> another channel through which a cloud provider (i.e hypervisor) can
> inject a code in guest boot flow to compromise it.
>
> When SEV is enabled, the bios code has been verified by the guest owner
> via the SEV guest launch sequence before its executed. When secure boot,
> is enabled, lets make sure that we do not allow guest bios to execute a
> code which is not signed by the guest owner.
>
> Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=728
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
> Changes since v1:
> * Add Contributed-under tag
> * Fix OvmfPkgIa32.dsc build
>
> OvmfPkg/OvmfPkgIa32.dsc | 9 +++++----
> OvmfPkg/OvmfPkgIa32X64.dsc | 9 +++++----
> OvmfPkg/OvmfPkgX64.dsc | 9 +++++----
> OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++
> OvmfPkg/PlatformPei/AmdSev.c | 7 +++++++
> 5 files changed, 24 insertions(+), 12 deletions(-)
>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index 92e943d4a0d0..7fb557b7c9cd 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -483,10 +483,6 @@ [PcdsFixedAtBuild]
> gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000
> !endif
>
> -!if $(SECURE_BOOT_ENABLE) == TRUE
> - gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
> -!endif
> -
> # IRQs 5, 9, 10, 11 are level-triggered
> gPcAtChipsetPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel|0x0E20
>
> @@ -544,6 +540,11 @@ [PcdsDynamicDefault]
> gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000
> !endif
>
> +!if $(SECURE_BOOT_ENABLE) == TRUE
> + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
> +!endif
> +
> +
> ################################################################################
> #
> # Components Section - list of all EDK II Modules needed by this Platform.
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index 7f9220ccb90a..4bcbddb95768 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -489,10 +489,6 @@ [PcdsFixedAtBuild.X64]
> gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000
> !endif
>
> -!if $(SECURE_BOOT_ENABLE) == TRUE
> - gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
> -!endif
> -
> # IRQs 5, 9, 10, 11 are level-triggered
> gPcAtChipsetPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel|0x0E20
>
> @@ -552,6 +548,11 @@ [PcdsDynamicDefault]
> gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000
> !endif
>
> +!if $(SECURE_BOOT_ENABLE) == TRUE
> + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
> +!endif
> +
> +
> ################################################################################
> #
> # Components Section - list of all EDK II Modules needed by this Platform.
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index 36c60fc19c40..e52a3bd4db9b 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -488,10 +488,6 @@ [PcdsFixedAtBuild]
> gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000
> !endif
>
> -!if $(SECURE_BOOT_ENABLE) == TRUE
> - gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
> -!endif
> -
> # IRQs 5, 9, 10, 11 are level-triggered
> gPcAtChipsetPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel|0x0E20
>
> @@ -551,6 +547,11 @@ [PcdsDynamicDefault]
> gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000
> !endif
>
> +!if $(SECURE_BOOT_ENABLE) == TRUE
> + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
> +!endif
> +
> +
> ################################################################################
> #
> # Components Section - list of all EDK II Modules needed by this Platform.
> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
> index 16a8db7b0bd2..de7434d93dc0 100644
> --- a/OvmfPkg/PlatformPei/PlatformPei.inf
> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf
> @@ -41,6 +41,7 @@ [Packages]
> IntelFrameworkModulePkg/IntelFrameworkModulePkg.dec
> MdePkg/MdePkg.dec
> MdeModulePkg/MdeModulePkg.dec
> + SecurityPkg/SecurityPkg.dec
> UefiCpuPkg/UefiCpuPkg.dec
> OvmfPkg/OvmfPkg.dec
>
> @@ -96,6 +97,7 @@ [Pcd]
> gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable
> gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask
> + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy
> gUefiCpuPkgTokenSpaceGuid.PcdCpuLocalApicBaseAddress
> gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber
> gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds
> diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
> index 26f7c3fdbb13..1539e5b5cdce 100644
> --- a/OvmfPkg/PlatformPei/AmdSev.c
> +++ b/OvmfPkg/PlatformPei/AmdSev.c
> @@ -59,4 +59,11 @@ AmdSevInitialize (
> ASSERT_RETURN_ERROR (PcdStatus);
>
> DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));
> +
> + //
> + // Set Pcd to Deny the execution of option ROM when security
> + // violation.
> + //
> + PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4);
> + ASSERT_RETURN_ERROR (PcdStatus);
> }
>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic
2017-10-05 20:16 [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic Brijesh Singh
2017-10-05 20:16 ` [PATCH v2 2/2] OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when SEV is active Brijesh Singh
@ 2017-10-10 11:28 ` Laszlo Ersek
2017-10-10 13:46 ` Yao, Jiewen
2017-10-17 19:30 ` Laszlo Ersek
2 siblings, 1 reply; 8+ messages in thread
From: Laszlo Ersek @ 2017-10-10 11:28 UTC (permalink / raw)
To: Qin Long, Jiewen Yao
Cc: Brijesh Singh, edk2-devel, Jordan Justen, Tom Lendacky,
Chao Zhang
Jiewen, Qin,
can you guys perhaps help with reviewing this patch? (The second patch
in the series is for OvmfPkg, and it depends on this one.)
Thanks!
Laszlo
On 10/05/17 22:16, Brijesh Singh wrote:
> By default the image verification policy for option ROM images is 0x4
> (DENY_EXECUTE_ON_SECURITY_VIOLATION) but the following OvmfPkg commit:
>
> 1fea9ddb4e3f OvmfPkg: execute option ROM images regardless of Secure Boot
>
> set it to 0x0 (ALWAYS_EXECUTE). This is fine because typically option
> ROMs comes from host-side and most of the time cloud provider (i.e
> hypervisor) have full access over a guest anyway. But when secure boot
> is enabled, we would like to deny the execution of option ROM when
> SEV is active. Having dynamic Pcd will give us flexibility to set the
> security policy at the runtime.
>
> Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=728
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
>
> Changes since v1:
> * Add Contributed-under tag
>
> SecurityPkg/SecurityPkg.dec | 24 ++++++++++----------
> 1 file changed, 12 insertions(+), 12 deletions(-)
>
> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
> index 01bff01ed50a..4e32d172d7d9 100644
> --- a/SecurityPkg/SecurityPkg.dec
> +++ b/SecurityPkg/SecurityPkg.dec
> @@ -230,18 +230,6 @@ [Ppis]
> #
>
> [PcdsFixedAtBuild, PcdsPatchableInModule]
> - ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
> - # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
> - # 0x00000000 Always trust the image.<BR>
> - # 0x00000001 Never trust the image.<BR>
> - # 0x00000002 Allow execution when there is security violation.<BR>
> - # 0x00000003 Defer execution when there is security violation.<BR>
> - # 0x00000004 Deny execution when there is security violation.<BR>
> - # 0x00000005 Query user when there is security violation.<BR>
> - # @Prompt Set policy for the image from OptionRom.
> - # @ValidRange 0x80000001 | 0x00000000 - 0x00000005
> - gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001
> -
> ## Image verification policy for removable media which includes CD-ROM, Floppy, USB and network.
> # Only following values are valid:<BR><BR>
> # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
> @@ -304,6 +292,18 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
> gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000|UINT32|0x00000007
>
> [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
> + ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
> + # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
> + # 0x00000000 Always trust the image.<BR>
> + # 0x00000001 Never trust the image.<BR>
> + # 0x00000002 Allow execution when there is security violation.<BR>
> + # 0x00000003 Defer execution when there is security violation.<BR>
> + # 0x00000004 Deny execution when there is security violation.<BR>
> + # 0x00000005 Query user when there is security violation.<BR>
> + # @Prompt Set policy for the image from OptionRom.
> + # @ValidRange 0x80000001 | 0x00000000 - 0x00000005
> + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001
> +
> ## Indicates the presence or absence of the platform operator during firmware booting.
> # If platform operator is not physical presence during boot. TPM will be locked and the TPM commands
> # that required operator physical presence can not run.<BR><BR>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic
2017-10-10 11:28 ` [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic Laszlo Ersek
@ 2017-10-10 13:46 ` Yao, Jiewen
2017-10-10 16:53 ` Long, Qin
2017-10-10 17:29 ` Laszlo Ersek
0 siblings, 2 replies; 8+ messages in thread
From: Yao, Jiewen @ 2017-10-10 13:46 UTC (permalink / raw)
To: Laszlo Ersek, Long, Qin
Cc: Brijesh Singh, edk2-devel@lists.01.org, Justen, Jordan L,
Tom Lendacky, Zhang, Chao B
I am OK on this patch.
Reviewed-by: Jiewen.yao@intel.com<mailto:Jiewen.yao@intel.com>
BTW: Do you also need update PcdRemovableMediaImageVerificationPolicy and PcdFixedMediaImageVerificationPolicy?
Thank you
Yao Jiewen
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Tuesday, October 10, 2017 7:28 PM
To: Long, Qin <qin.long@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>; edk2-devel@lists.01.org; Justen, Jordan L <jordan.l.justen@intel.com>; Tom Lendacky <thomas.lendacky@amd.com>; Zhang, Chao B <chao.b.zhang@intel.com>
Subject: Re: [edk2] [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic
Jiewen, Qin,
can you guys perhaps help with reviewing this patch? (The second patch
in the series is for OvmfPkg, and it depends on this one.)
Thanks!
Laszlo
On 10/05/17 22:16, Brijesh Singh wrote:
> By default the image verification policy for option ROM images is 0x4
> (DENY_EXECUTE_ON_SECURITY_VIOLATION) but the following OvmfPkg commit:
>
> 1fea9ddb4e3f OvmfPkg: execute option ROM images regardless of Secure Boot
>
> set it to 0x0 (ALWAYS_EXECUTE). This is fine because typically option
> ROMs comes from host-side and most of the time cloud provider (i.e
> hypervisor) have full access over a guest anyway. But when secure boot
> is enabled, we would like to deny the execution of option ROM when
> SEV is active. Having dynamic Pcd will give us flexibility to set the
> security policy at the runtime.
>
> Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=728
> Cc: Chao Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Cc: Jordan Justen <jordan.l.justen@intel.com<mailto:jordan.l.justen@intel.com>>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
> Cc: Tom Lendacky <thomas.lendacky@amd.com<mailto:thomas.lendacky@amd.com>>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>
> ---
>
> Changes since v1:
> * Add Contributed-under tag
>
> SecurityPkg/SecurityPkg.dec | 24 ++++++++++----------
> 1 file changed, 12 insertions(+), 12 deletions(-)
>
> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
> index 01bff01ed50a..4e32d172d7d9 100644
> --- a/SecurityPkg/SecurityPkg.dec
> +++ b/SecurityPkg/SecurityPkg.dec
> @@ -230,18 +230,6 @@ [Ppis]
> #
>
> [PcdsFixedAtBuild, PcdsPatchableInModule]
> - ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
> - # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
> - # 0x00000000 Always trust the image.<BR>
> - # 0x00000001 Never trust the image.<BR>
> - # 0x00000002 Allow execution when there is security violation.<BR>
> - # 0x00000003 Defer execution when there is security violation.<BR>
> - # 0x00000004 Deny execution when there is security violation.<BR>
> - # 0x00000005 Query user when there is security violation.<BR>
> - # @Prompt Set policy for the image from OptionRom.
> - # @ValidRange 0x80000001 | 0x00000000 - 0x00000005
> - gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001
> -
> ## Image verification policy for removable media which includes CD-ROM, Floppy, USB and network.
> # Only following values are valid:<BR><BR>
> # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
> @@ -304,6 +292,18 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
> gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000|UINT32|0x00000007
>
> [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
> + ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
> + # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
> + # 0x00000000 Always trust the image.<BR>
> + # 0x00000001 Never trust the image.<BR>
> + # 0x00000002 Allow execution when there is security violation.<BR>
> + # 0x00000003 Defer execution when there is security violation.<BR>
> + # 0x00000004 Deny execution when there is security violation.<BR>
> + # 0x00000005 Query user when there is security violation.<BR>
> + # @Prompt Set policy for the image from OptionRom.
> + # @ValidRange 0x80000001 | 0x00000000 - 0x00000005
> + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001
> +
> ## Indicates the presence or absence of the platform operator during firmware booting.
> # If platform operator is not physical presence during boot. TPM will be locked and the TPM commands
> # that required operator physical presence can not run.<BR><BR>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic
2017-10-10 13:46 ` Yao, Jiewen
@ 2017-10-10 16:53 ` Long, Qin
2017-10-10 17:29 ` Laszlo Ersek
1 sibling, 0 replies; 8+ messages in thread
From: Long, Qin @ 2017-10-10 16:53 UTC (permalink / raw)
To: Yao, Jiewen, Laszlo Ersek
Cc: Brijesh Singh, edk2-devel@lists.01.org, Justen, Jordan L,
Tom Lendacky, Zhang, Chao B
The patch looks good to me.
Reviewed-by: Long Qin <qin.long@intel.com>
Best Regards & Thanks,
LONG, Qin
From: Yao, Jiewen
Sent: Tuesday, October 10, 2017 9:47 PM
To: Laszlo Ersek <lersek@redhat.com>; Long, Qin <qin.long@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>; edk2-devel@lists.01.org; Justen, Jordan L <jordan.l.justen@intel.com>; Tom Lendacky <thomas.lendacky@amd.com>; Zhang, Chao B <chao.b.zhang@intel.com>
Subject: RE: [edk2] [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic
I am OK on this patch.
Reviewed-by: Jiewen.yao@intel.com<mailto:Jiewen.yao@intel.com>
BTW: Do you also need update PcdRemovableMediaImageVerificationPolicy and PcdFixedMediaImageVerificationPolicy?
Thank you
Yao Jiewen
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Tuesday, October 10, 2017 7:28 PM
To: Long, Qin <qin.long@intel.com<mailto:qin.long@intel.com>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
Cc: Brijesh Singh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>; Justen, Jordan L <jordan.l.justen@intel.com<mailto:jordan.l.justen@intel.com>>; Tom Lendacky <thomas.lendacky@amd.com<mailto:thomas.lendacky@amd.com>>; Zhang, Chao B <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
Subject: Re: [edk2] [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic
Jiewen, Qin,
can you guys perhaps help with reviewing this patch? (The second patch
in the series is for OvmfPkg, and it depends on this one.)
Thanks!
Laszlo
On 10/05/17 22:16, Brijesh Singh wrote:
> By default the image verification policy for option ROM images is 0x4
> (DENY_EXECUTE_ON_SECURITY_VIOLATION) but the following OvmfPkg commit:
>
> 1fea9ddb4e3f OvmfPkg: execute option ROM images regardless of Secure Boot
>
> set it to 0x0 (ALWAYS_EXECUTE). This is fine because typically option
> ROMs comes from host-side and most of the time cloud provider (i.e
> hypervisor) have full access over a guest anyway. But when secure boot
> is enabled, we would like to deny the execution of option ROM when
> SEV is active. Having dynamic Pcd will give us flexibility to set the
> security policy at the runtime.
>
> Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=728
> Cc: Chao Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Cc: Jordan Justen <jordan.l.justen@intel.com<mailto:jordan.l.justen@intel.com>>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
> Cc: Tom Lendacky <thomas.lendacky@amd.com<mailto:thomas.lendacky@amd.com>>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>
> ---
>
> Changes since v1:
> * Add Contributed-under tag
>
> SecurityPkg/SecurityPkg.dec | 24 ++++++++++----------
> 1 file changed, 12 insertions(+), 12 deletions(-)
>
> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
> index 01bff01ed50a..4e32d172d7d9 100644
> --- a/SecurityPkg/SecurityPkg.dec
> +++ b/SecurityPkg/SecurityPkg.dec
> @@ -230,18 +230,6 @@ [Ppis]
> #
>
> [PcdsFixedAtBuild, PcdsPatchableInModule]
> - ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
> - # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
> - # 0x00000000 Always trust the image.<BR>
> - # 0x00000001 Never trust the image.<BR>
> - # 0x00000002 Allow execution when there is security violation.<BR>
> - # 0x00000003 Defer execution when there is security violation.<BR>
> - # 0x00000004 Deny execution when there is security violation.<BR>
> - # 0x00000005 Query user when there is security violation.<BR>
> - # @Prompt Set policy for the image from OptionRom.
> - # @ValidRange 0x80000001 | 0x00000000 - 0x00000005
> - gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001
> -
> ## Image verification policy for removable media which includes CD-ROM, Floppy, USB and network.
> # Only following values are valid:<BR><BR>
> # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
> @@ -304,6 +292,18 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
> gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000|UINT32|0x00000007
>
> [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
> + ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
> + # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
> + # 0x00000000 Always trust the image.<BR>
> + # 0x00000001 Never trust the image.<BR>
> + # 0x00000002 Allow execution when there is security violation.<BR>
> + # 0x00000003 Defer execution when there is security violation.<BR>
> + # 0x00000004 Deny execution when there is security violation.<BR>
> + # 0x00000005 Query user when there is security violation.<BR>
> + # @Prompt Set policy for the image from OptionRom.
> + # @ValidRange 0x80000001 | 0x00000000 - 0x00000005
> + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001
> +
> ## Indicates the presence or absence of the platform operator during firmware booting.
> # If platform operator is not physical presence during boot. TPM will be locked and the TPM commands
> # that required operator physical presence can not run.<BR><BR>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic
2017-10-10 13:46 ` Yao, Jiewen
2017-10-10 16:53 ` Long, Qin
@ 2017-10-10 17:29 ` Laszlo Ersek
1 sibling, 0 replies; 8+ messages in thread
From: Laszlo Ersek @ 2017-10-10 17:29 UTC (permalink / raw)
To: Yao, Jiewen, Long, Qin
Cc: Brijesh Singh, edk2-devel@lists.01.org, Justen, Jordan L,
Tom Lendacky, Zhang, Chao B
On 10/10/17 15:46, Yao, Jiewen wrote:
> I am OK on this patch.
>
> Reviewed-by: Jiewen.yao@intel.com<mailto:Jiewen.yao@intel.com>
Thanks!
(Thanks to Qin as well!)
> BTW: Do you also need update PcdRemovableMediaImageVerificationPolicy and PcdFixedMediaImageVerificationPolicy?
No, not at this time -- in OvmfPkg we are fine with the 0x04 defaults
for those PCDs, and don't intend to change them at all (either
dynamically or via a different fixed-at-build default).
The option ROM verification policy is special, because in a virt guest
environment, the host environment is trusted by default, and the option
ROMs come from the host environment. For this reason we originally
overrode the relevant PCD with value 0x00 -- ALWAYS_EXECUTE.
However, in SEV guests, the host environment is no longer trusted, and
we should restore the 0x04 policy for option ROMs. Given that SEV is
detected dynamically in OVMF, we need to massage the PCD dynamically too.
Do you think that all of these PCDs should be declared similarly (i.e.
that their declarations should permit the exact same set of storage
types, for symmetry)?
If so, do you prefer a follow-up patch for the DEC file, or a v3 of this
set?
Thanks!
Laszlo
>
>
> Thank you
> Yao Jiewen
>
>
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Tuesday, October 10, 2017 7:28 PM
> To: Long, Qin <qin.long@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>; edk2-devel@lists.01.org; Justen, Jordan L <jordan.l.justen@intel.com>; Tom Lendacky <thomas.lendacky@amd.com>; Zhang, Chao B <chao.b.zhang@intel.com>
> Subject: Re: [edk2] [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic
>
> Jiewen, Qin,
>
> can you guys perhaps help with reviewing this patch? (The second patch
> in the series is for OvmfPkg, and it depends on this one.)
>
> Thanks!
> Laszlo
>
> On 10/05/17 22:16, Brijesh Singh wrote:
>> By default the image verification policy for option ROM images is 0x4
>> (DENY_EXECUTE_ON_SECURITY_VIOLATION) but the following OvmfPkg commit:
>>
>> 1fea9ddb4e3f OvmfPkg: execute option ROM images regardless of Secure Boot
>>
>> set it to 0x0 (ALWAYS_EXECUTE). This is fine because typically option
>> ROMs comes from host-side and most of the time cloud provider (i.e
>> hypervisor) have full access over a guest anyway. But when secure boot
>> is enabled, we would like to deny the execution of option ROM when
>> SEV is active. Having dynamic Pcd will give us flexibility to set the
>> security policy at the runtime.
>>
>> Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=728
>> Cc: Chao Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
>> Cc: Jordan Justen <jordan.l.justen@intel.com<mailto:jordan.l.justen@intel.com>>
>> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
>> Cc: Tom Lendacky <thomas.lendacky@amd.com<mailto:thomas.lendacky@amd.com>>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>
>> ---
>>
>> Changes since v1:
>> * Add Contributed-under tag
>>
>> SecurityPkg/SecurityPkg.dec | 24 ++++++++++----------
>> 1 file changed, 12 insertions(+), 12 deletions(-)
>>
>> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
>> index 01bff01ed50a..4e32d172d7d9 100644
>> --- a/SecurityPkg/SecurityPkg.dec
>> +++ b/SecurityPkg/SecurityPkg.dec
>> @@ -230,18 +230,6 @@ [Ppis]
>> #
>>
>> [PcdsFixedAtBuild, PcdsPatchableInModule]
>> - ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
>> - # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
>> - # 0x00000000 Always trust the image.<BR>
>> - # 0x00000001 Never trust the image.<BR>
>> - # 0x00000002 Allow execution when there is security violation.<BR>
>> - # 0x00000003 Defer execution when there is security violation.<BR>
>> - # 0x00000004 Deny execution when there is security violation.<BR>
>> - # 0x00000005 Query user when there is security violation.<BR>
>> - # @Prompt Set policy for the image from OptionRom.
>> - # @ValidRange 0x80000001 | 0x00000000 - 0x00000005
>> - gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001
>> -
>> ## Image verification policy for removable media which includes CD-ROM, Floppy, USB and network.
>> # Only following values are valid:<BR><BR>
>> # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
>> @@ -304,6 +292,18 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
>> gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000|UINT32|0x00000007
>>
>> [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
>> + ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
>> + # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
>> + # 0x00000000 Always trust the image.<BR>
>> + # 0x00000001 Never trust the image.<BR>
>> + # 0x00000002 Allow execution when there is security violation.<BR>
>> + # 0x00000003 Defer execution when there is security violation.<BR>
>> + # 0x00000004 Deny execution when there is security violation.<BR>
>> + # 0x00000005 Query user when there is security violation.<BR>
>> + # @Prompt Set policy for the image from OptionRom.
>> + # @ValidRange 0x80000001 | 0x00000000 - 0x00000005
>> + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001
>> +
>> ## Indicates the presence or absence of the platform operator during firmware booting.
>> # If platform operator is not physical presence during boot. TPM will be locked and the TPM commands
>> # that required operator physical presence can not run.<BR><BR>
>>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic
2017-10-05 20:16 [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic Brijesh Singh
2017-10-05 20:16 ` [PATCH v2 2/2] OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when SEV is active Brijesh Singh
2017-10-10 11:28 ` [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic Laszlo Ersek
@ 2017-10-17 19:30 ` Laszlo Ersek
2 siblings, 0 replies; 8+ messages in thread
From: Laszlo Ersek @ 2017-10-17 19:30 UTC (permalink / raw)
To: Brijesh Singh, edk2-devel; +Cc: Jordan Justen, Tom Lendacky, Chao Zhang
On 10/05/17 22:16, Brijesh Singh wrote:
> By default the image verification policy for option ROM images is 0x4
> (DENY_EXECUTE_ON_SECURITY_VIOLATION) but the following OvmfPkg commit:
>
> 1fea9ddb4e3f OvmfPkg: execute option ROM images regardless of Secure Boot
>
> set it to 0x0 (ALWAYS_EXECUTE). This is fine because typically option
> ROMs comes from host-side and most of the time cloud provider (i.e
> hypervisor) have full access over a guest anyway. But when secure boot
> is enabled, we would like to deny the execution of option ROM when
> SEV is active. Having dynamic Pcd will give us flexibility to set the
> security policy at the runtime.
>
> Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=728
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
>
> Changes since v1:
> * Add Contributed-under tag
>
> SecurityPkg/SecurityPkg.dec | 24 ++++++++++----------
> 1 file changed, 12 insertions(+), 12 deletions(-)
>
> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
> index 01bff01ed50a..4e32d172d7d9 100644
> --- a/SecurityPkg/SecurityPkg.dec
> +++ b/SecurityPkg/SecurityPkg.dec
> @@ -230,18 +230,6 @@ [Ppis]
> #
>
> [PcdsFixedAtBuild, PcdsPatchableInModule]
> - ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
> - # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
> - # 0x00000000 Always trust the image.<BR>
> - # 0x00000001 Never trust the image.<BR>
> - # 0x00000002 Allow execution when there is security violation.<BR>
> - # 0x00000003 Defer execution when there is security violation.<BR>
> - # 0x00000004 Deny execution when there is security violation.<BR>
> - # 0x00000005 Query user when there is security violation.<BR>
> - # @Prompt Set policy for the image from OptionRom.
> - # @ValidRange 0x80000001 | 0x00000000 - 0x00000005
> - gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001
> -
> ## Image verification policy for removable media which includes CD-ROM, Floppy, USB and network.
> # Only following values are valid:<BR><BR>
> # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
> @@ -304,6 +292,18 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
> gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000|UINT32|0x00000007
>
> [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
> + ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
> + # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
> + # 0x00000000 Always trust the image.<BR>
> + # 0x00000001 Never trust the image.<BR>
> + # 0x00000002 Allow execution when there is security violation.<BR>
> + # 0x00000003 Defer execution when there is security violation.<BR>
> + # 0x00000004 Deny execution when there is security violation.<BR>
> + # 0x00000005 Query user when there is security violation.<BR>
> + # @Prompt Set policy for the image from OptionRom.
> + # @ValidRange 0x80000001 | 0x00000000 - 0x00000005
> + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001
> +
> ## Indicates the presence or absence of the platform operator during firmware booting.
> # If platform operator is not physical presence during boot. TPM will be locked and the TPM commands
> # that required operator physical presence can not run.<BR><BR>
>
Thanks everyone for the feedback; series pushed as commit range
65c77f02104c..6041ac65ae87.
Cheers
Laszlo
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-10-17 19:27 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-05 20:16 [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic Brijesh Singh
2017-10-05 20:16 ` [PATCH v2 2/2] OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when SEV is active Brijesh Singh
2017-10-05 20:29 ` Laszlo Ersek
2017-10-10 11:28 ` [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic Laszlo Ersek
2017-10-10 13:46 ` Yao, Jiewen
2017-10-10 16:53 ` Long, Qin
2017-10-10 17:29 ` Laszlo Ersek
2017-10-17 19:30 ` Laszlo Ersek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox