From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id D7A34D80CAA for ; Wed, 8 May 2024 07:35:47 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=ah9T6eI2BtgjJK0oECh3Sr3VwAKMBiJn64xir23ekvg=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1715153746; v=1; b=QHngrDLtZjtu4oSYHSIf+BpC6VwHQQjVHWRSHMSoRgEmVseApbhBLNViuR+YNpRfElgiYu2l 0sdfdlTlDpA6zfrnyO99Co14FkwpegyE+EHJ9F0hUKpg2BOoe1r2YN56oSr4+8oND6Ge2RbZJ9D mK7woWMqhaSzuG3wDhLquz3HCitkK1qCvLAkPi6kpm/iewWuXlfTMDDgOxuS57MurN58/226240 XMToR2TbMYxTygOecOBpYZ/0utUp2ne0+qC5Rw+7tu7OmBieXM5evxoVwI5G5Yvuihtzg/dcTjK UkrGVspHb3rhMpTkXoRbCbmifhWtXkLqTELAnSycNhIsA== X-Received: by 127.0.0.2 with SMTP id m3FDYY7687511xIbBzlyzpOv; Wed, 08 May 2024 00:35:46 -0700 X-Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web10.1501.1715027284941874953 for ; Mon, 06 May 2024 13:28:05 -0700 X-Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 446KO9Kt032545; Mon, 6 May 2024 20:28:01 GMT X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3xy670g09r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 May 2024 20:27:59 +0000 X-Received: from m0360072.ppops.net (m0360072.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 446KRxxw005923; Mon, 6 May 2024 20:27:59 GMT X-Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3xy670g09n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 May 2024 20:27:59 +0000 X-Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 446HPWMv013942; Mon, 6 May 2024 20:27:58 GMT X-Received: from smtprelay02.dal12v.mail.ibm.com ([172.16.1.4]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 3xx222snys-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 May 2024 20:27:58 +0000 X-Received: from smtpav01.wdc07v.mail.ibm.com (smtpav01.wdc07v.mail.ibm.com [10.39.53.228]) by smtprelay02.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 446KRtKO19136904 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 6 May 2024 20:27:58 GMT X-Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A952258059; Mon, 6 May 2024 20:27:55 +0000 (GMT) X-Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0B6C258067; Mon, 6 May 2024 20:27:55 +0000 (GMT) X-Received: from amdrome3.watson.ibm.com (unknown [9.2.130.16]) by smtpav01.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 6 May 2024 20:27:54 +0000 (GMT) From: Tobin Feldman-Fitzthum To: devel@edk2.groups.io Cc: dov.murik@gmail.com, james.bottomley@hansenpartnership.com, thomas.lendacky@amd.com, tobin@ibm.com, Tobin Feldman-Fitzthum Subject: [edk2-devel] [PATCH 1/2] AmdSev: Rework Blob Verifier Date: Mon, 6 May 2024 20:27:35 +0000 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 7ob0W-hg7MHedaqbLKeFtnhyjEva-UUC X-Proofpoint-ORIG-GUID: HvEXOLcB9InZC8QC5C3eukIgG86Puc5w Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 08 May 2024 00:35:40 -0700 Resent-From: tobin@linux.ibm.com Reply-To: devel@edk2.groups.io,tobin@linux.ibm.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: gzyhKtwMrZ0E6gfMAiXptCRRx7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=QHngrDLt; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=ibm.com (policy=none) The Blob Verifier checks boot artifacts against a hash table injected by the hypervisor and measured by hardware. Update the Blob Verifier to enter a dead loop if the artifacts do not match. Signed-off-by: Tobin Feldman-Fitzthum --- .../BlobVerifierSevHashes.c | 39 +++++++++++++++---- 1 file changed, 31 insertions(+), 8 deletions(-) diff --git a/OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.= c b/OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c index 2e58794c3c..ee8bca509a 100644 --- a/OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c +++ b/OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c @@ -77,13 +77,17 @@ FindBlobEntryGuid ( /**=0D Verify blob from an external source.=0D =0D + If a non-secure configuration is detected this function will enter a=0D + dead loop to prevent a boot.=0D +=0D @param[in] BlobName The name of the blob=0D @param[in] Buf The data of the blob=0D @param[in] BufSize The size of the blob in bytes=0D =0D - @retval EFI_SUCCESS The blob was verified successfully.=0D - @retval EFI_ACCESS_DENIED The blob could not be verified, and theref= ore=0D - should be considered non-secure.=0D + @retval EFI_SUCCESS The blob was verified successfully or was = not=0D + found in the hash table.=0D + @retval EFI_ACCESS_DENIED Kernel hashes not supported, but the boot= =0D + can continue safely.=0D **/=0D EFI_STATUS=0D EFIAPI=0D @@ -99,8 +103,8 @@ VerifyBlob ( =0D if ((mHashesTable =3D=3D NULL) || (mHashesTableSize =3D=3D 0)) {=0D DEBUG ((=0D - DEBUG_ERROR,=0D - "%a: Verifier called but no hashes table discoverd in MEMFD\n",=0D + DEBUG_WARN,=0D + "%a: No hashes table discovered in MEMFD\n",=0D __func__=0D ));=0D return EFI_ACCESS_DENIED;=0D @@ -114,7 +118,8 @@ VerifyBlob ( __func__,=0D BlobName=0D ));=0D - return EFI_ACCESS_DENIED;=0D +=0D + CpuDeadLoop ();=0D }=0D =0D //=0D @@ -136,10 +141,22 @@ VerifyBlob ( =0D DEBUG ((DEBUG_INFO, "%a: Found GUID %g in table\n", __func__, Guid));= =0D =0D + if (BufSize =3D=3D 0) {=0D + DEBUG ((=0D + DEBUG_ERROR,=0D + "%a: Blob Specified in Hash Table was not Provided",=0D + __func__,=0D + EntrySize,=0D + SHA256_DIGEST_SIZE=0D + ));=0D +=0D + CpuDeadLoop ();=0D + }=0D +=0D EntrySize =3D Entry->Len - sizeof Entry->Guid - sizeof Entry->Len;=0D if (EntrySize !=3D SHA256_DIGEST_SIZE) {=0D DEBUG ((=0D - DEBUG_ERROR,=0D + DEBUG_WARN,=0D "%a: Hash has the wrong size %d !=3D %d\n",=0D __func__,=0D EntrySize,=0D @@ -170,18 +187,24 @@ VerifyBlob ( __func__,=0D BlobName=0D ));=0D +=0D + CpuDeadLoop ();=0D }=0D =0D return Status;=0D }=0D =0D + //=0D + // If the GUID is not in the hash table, execution can still continue.=0D + // This blob will not be measured, but at least one blob must be.=0D + //=0D DEBUG ((=0D DEBUG_ERROR,=0D "%a: Hash GUID %g not found in table\n",=0D __func__,=0D Guid=0D ));=0D - return EFI_ACCESS_DENIED;=0D + return EFI_SUCCESS;=0D }=0D =0D /**=0D --=20 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118662): https://edk2.groups.io/g/devel/message/118662 Mute This Topic: https://groups.io/mt/105977014/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-