From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id CA4DFAC11B6 for ; Thu, 30 May 2024 15:46:13 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=LcPyPbLfm4+1ly7JmWFIyF6TvE9Bl62sFgMMF3g1fVk=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:User-Agent:To:Cc:References:From:Subject:In-Reply-To:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1717083973; v=1; b=ctsz1qUzSECB37EIY36W8yduKr/smMACio1HQnv/efDTSKXhQpNp/fjVC/qZyUVH/6K8iBy8 khIsNBX3mKZQrKnF4ZO6vYlfeWNsoAlvIGxUfvibROB4NNTL5ouAhjuzFz1NXxp3ubsAvRsv3+n zWvihRJjeINM52YnsCuJWZHuQWrfQbhFWwUJUl7VezJnalojR+92fLHB7pdkkahUaN86NTpbs6N cwHcAn724mazJF4mmf+B6MxW64dVpGxqerzsgySyIjHR5Uuf4cehwE9e1yaDdYcGV0qRN1nuc5C zM+ScO9iEgBZDXRRNQzdwFCo546Nl5xYo4lbNtgkPJBXw== X-Received: by 127.0.0.2 with SMTP id nJNyYY7687511xgwZTXlg1ub; Thu, 30 May 2024 08:46:12 -0700 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.83]) by mx.groups.io with SMTP id smtpd.web10.13254.1717083971421003912 for ; Thu, 30 May 2024 08:46:11 -0700 X-Received: from BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17) by SJ0PR12MB6784.namprd12.prod.outlook.com (2603:10b6:a03:44f::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.22; Thu, 30 May 2024 15:46:08 +0000 X-Received: from BL1PR12MB5732.namprd12.prod.outlook.com ([fe80::bf0:d462:345b:dc52]) by BL1PR12MB5732.namprd12.prod.outlook.com ([fe80::bf0:d462:345b:dc52%7]) with mapi id 15.20.7611.030; Thu, 30 May 2024 15:46:08 +0000 Message-ID: Date: Thu, 30 May 2024 10:46:06 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 To: Tobin Feldman-Fitzthum , devel@edk2.groups.io, Gerd Hoffmann , Ard Biesheuvel Cc: dov.murik@gmail.com, james.bottomley@hansenpartnership.com, tobin@ibm.com References: From: "Lendacky, Thomas via groups.io" Subject: Re: [edk2-devel] [PATCH 1/2] AmdSev: Rework Blob Verifier In-Reply-To: X-ClientProxiedBy: SA0PR11CA0107.namprd11.prod.outlook.com (2603:10b6:806:d1::22) To BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL1PR12MB5732:EE_|SJ0PR12MB6784:EE_ X-MS-Office365-Filtering-Correlation-Id: 71ab8c1b-3a5d-44e7-42e4-08dc80bf9fb6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: =?utf-8?B?ZERhU1JOaWpINmdQeDhzQXZyclFLdXZxQnAwZGtWakhWcGJWcmtJZ3RNaDQw?= =?utf-8?B?ZGxiMEtCakZmL29iT1RNcmFwVURDMTNBMUZZTk5mWVVkemhSdURLcFYyTlFt?= =?utf-8?B?UHY2a0ZrbzgyanZSaUpCc0YrKzVlWFZ0WDdqVzR1MG83eTN0bGlXWVVMRVBk?= =?utf-8?B?dUZ2bUI3ck9IQWRKUWJSSEZYOEU0alJXQ3BNTnRjTmVmaHBsSHVVa0NhSjk4?= =?utf-8?B?cXQ3c3lrNXJTWWRJRXNjeE5GU2tzYW5KMUxCUkpNV1p6bk42dnlRSkNtNzg4?= =?utf-8?B?Z3NuR1lxbzh4bGhqYlM1eER2SnhUVnlXZlhCMkpUWXptVVA4Ym9hcmdwd0Zv?= =?utf-8?B?ZTU3U3NtMHYwL1lUaTIxMWtVRmNsMmtHM1dVSTZiNk1VWVAybHZSSjBzeEpr?= =?utf-8?B?SjB0WnkxWFpnN3pWSG9mZ091SGxqdjU1Y1hYN1hKL2V4QXNBcnV4RjdsRWVD?= =?utf-8?B?bUxHU0x0WGNiMmtKQThCekNVMThib1QvbzJ2cGJIQVdaRnFGOGdsVkc1SnBR?= =?utf-8?B?Qi94TEx2N2haOWh4eHR5R3ExUHgwYnQ1UzAwK2NMTGl4aHV2aWFVZVZjQkhT?= =?utf-8?B?UEhvVDJ0bVdJTVZKZmVsMFZEQTRFcEpZMDEyRmZtZFFNSjNSKzZRRkRIeENM?= =?utf-8?B?NFMyVEhxblo2TkRJQWdlUzF1OWRrSjc5UHYyRU1hL2VqQm9EM1RVcWMwQXBW?= =?utf-8?B?cXczSzBxTEhQNUV1T3lTdzl3OERDRm40WlN1T0s0OEk4b21OVzYzNDkrUTMz?= =?utf-8?B?OWt4d09GeDFFY2Rsa0x5eXIyNVcvSnlXb01HSzdUbUd4dEJqT3VBelZoNldW?= =?utf-8?B?eHlCWjdHaGlVQUhpRGZIWWY3U1JjbWx6OTE1RVZhZk5qNHA3Z1dtUWV4M3I5?= =?utf-8?B?WkdIUTN2NThSbC90SFpUVDB4Z25OQm9ROU54UXRYTTJyQ3lHUnVNM0N2SWRn?= =?utf-8?B?MmZHSjlMQmlVc0RiME1NM3R4MHNWZ1NBeGRLclptVXpqNnJxY2RnUzUvV3l1?= =?utf-8?B?Wk5yaGVQUTdCTWwzd0pOaXBUcnAxM1czK2c4NHhseFlQMzRYS2ZsbHpPZWtw?= =?utf-8?B?UlBISUsxTGYvSU9EQlREK0ttQm00L1U1OTQ1Y0J1OGdML3k2WVZKNGQyaHk0?= =?utf-8?B?VU9XdlBEWk5JdHhIV1JEQWRkZEVuNjV5cHpDSWNPcmNjTDZJeGFFME02eTVK?= =?utf-8?B?Wk1ITGJtSER2c0d4L1lvRy9nVUUxaVBZOGhoL1U4eWZBSkI0cmNnbU5jMjVk?= =?utf-8?B?dWdGamE2NmQzd1BjRTNBRnVqZWlPLytEcXoxUkhtbDBLdXBGL0FDZ0NZNU1P?= =?utf-8?B?SEMyLzJtRW9GQjVHMkxnMjVNRlBPRUpPZ1pSOFZGSWhNamxYcjZwaUhJRE5M?= =?utf-8?B?VjdYdTNmYWVLU1IrbEhkZFNuT3U2d0xITkhJYi96OEw1a1ZYd2FKNlFqOGl0?= =?utf-8?B?K0hsUWxjVmpuaGdNd1EwbnpXUWQzdzA1aVpYTjU4c0RzcjI1cFZCTnJwUGpo?= =?utf-8?B?aEltS1RMMkw0RFBZemMzdnBsMFJDUFZmZk5FM0YweTBOb3g5SFFrTGJaZm51?= =?utf-8?B?RldMZVJVSzVjbFliUkpzUVRHVVRBRDU5RllrYmdDSXNKeWpoc2J3SXNrWkZq?= =?utf-8?B?TmprVGdFT212RUtIdkdMMmFlWXh0enlOOWhVOHVBYU5DRWVNS2ZCeEg5NVNY?= =?utf-8?B?cXduVHhrRWJpSEVRcUZhWjJBWHJ5QnlZQXdjSXA0TVJjek01WnlVMkx3PT0=?= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?S2xEZEd1a2hibVdYV21yNkZZQVJYbyt4TnpQdmFNQmVuaTZQL1BJcGZnaEhZ?= =?utf-8?B?UHBRZmpwWVBFalFOd280dG94cFdrck4xVk1TOU5RV09rRko3SmhyM09SQkQ5?= =?utf-8?B?eWJHcTY4YWFvY1libncwUFRlcXdoeG5Ndk1BZEdydm81QnN6Z2tvT21XZjQz?= =?utf-8?B?bFU1MDgzNEduWlVVMUErRDByM0J3WEQrZU1zWDB4eUtPRlhnR1R4Z0RlMFg0?= =?utf-8?B?MDZDbGo2R0R6TVU3L01kRElvcmdIUE82bm9lUlZkVUFpckhWaU0rb29rbXFi?= =?utf-8?B?UkkxYnA3UDdCNTdMVnlCczlSdGpvZ0ZIa1U0bmRZcExBM1RLTE44cDZScEFk?= =?utf-8?B?M095Qm8wcm9wWnFZdGg1YUMwUzFvK0M1ZUtQbk9vTlpZM0NxVk05OTRkd3NQ?= =?utf-8?B?Sy95N3YyOEl0RE5mUThvaC9qeDl2MURVeDBpSVBFR1FQNGRSOHNaZzRuU2Rk?= =?utf-8?B?dDY1VmFxSTN5UFpESDBYdjRXUEIraThLeVUxOThpOWIrZm9LYlE1QzRRODll?= =?utf-8?B?ckhFZ0N2MnkyaTBrQ0RDdi9zcjFNTE9kZUFPN0tpYldzVHYvU3YyQkFSQUlY?= =?utf-8?B?YXExNEthNkY1bzRaUjN3Mm1mZGovcnZLcUYveHhSdStmUXBqOUZzckFFWnNP?= =?utf-8?B?bGx3cHllcFZRL3kwdUNLWDZQR3V6MkVBMzVWcjJFOFB1aHpTOUJoS3M2TFY5?= =?utf-8?B?WTJJdWtsbjZNRE1saHdDY0tYbnI2NGY4T096ZXVvUDdva3lpdm53M29zRURR?= =?utf-8?B?aHZwSGE3OWROV3VIbEw3aEZRNWtiMlFSSW13VFpWNU5xajdxRDFmUTdCVzY5?= =?utf-8?B?cHlHRUN2Z3FRM0NsOU9ia2gwM0dudkVhZXhTVllpeTNidjlua2RJbEozUTlI?= =?utf-8?B?ZjBWUXVOYUVHUEVSYVEvVENCVkdveUFISG1wZENHb3hpdlFTRS9ISWV3Qjg4?= =?utf-8?B?cTd1czlROWtjdXFTL2RMMFhMUlZzWjdPSEdGM1JIczZad2tGQjZuNi9WZG52?= =?utf-8?B?L0tKb25hRzlSRk4vbEtXM2RzTm9hTjdYL25ZK3dtNTM5REJuU1o5UzU4ZW0r?= =?utf-8?B?bElLbmUrcVBpNE55Wmc5RCt0blVCYzNwSjladXA3QUlhcEJRS1hpR3RqNk04?= =?utf-8?B?ekVaVWJMb3ZjUUIxdEN4TDlabWhnSDJMajczMWYrOGRLeElZRVhEc2ZjQkFE?= =?utf-8?B?Mkp2dkZVRG9OY09tb0hvZXJsYUpkczJycDI1emYxZ0tqUE5aK3owWWJpbXNy?= =?utf-8?B?SVllaWZZbEpCY213SHBNcExvcEFyeHo0aXp5TXR5WERBZjUyeExnTWJNVFNE?= =?utf-8?B?M1hFaENYSlQrNGZVem1idjZxQXllZVRqRXpWSmpjTG9JZnJqaHhKWjVOVldM?= =?utf-8?B?VTgwRE9ldzdOck16ZFlYb2dlZjE0dVg2Njd5eFdManRiUWplYTRhbVZqck1z?= =?utf-8?B?d1BteUkrTkU4RzUrYWwrYU55d3RDNHBkakJkd3k5VERhQm1EcU4zZDlUN0Qr?= =?utf-8?B?d0lmUFduQWd5Ulh3dGllbjBPdVgvOTFwd3FxelNZelA5M2Q5Wk1RNm02VFE4?= =?utf-8?B?NnZYemJDRmxJQXNXejRKQ0dnV1F2U1dYWHAzaFk0WG9INWRYOGtIU0F3QjdJ?= =?utf-8?B?MnRKcnphL2NNUGJLWWNLMmxGNmVnRzRxZ0t0OC9udi9Tb0FHN2MxMHV6dmNZ?= =?utf-8?B?MmlreHJXWGQyNUpsVTQ2RlNkajB4b3RLdGhxWjJqWTVPeUhGVW9qQk5NWnBE?= =?utf-8?B?elRacHNRSDNQcWpYb1U1OCtrZ204WHVpZjlTOEhCUmJmb05zMmNQY09NWEI4?= =?utf-8?B?RmM1SHBKSVE2NmlkVkY1SUVsdkRSeEI3NTNvb0dEWnJPSGhFSEJqVUU2MkNM?= =?utf-8?B?UWxWRkhmUUVkdVFYSlpDVVd6WlpZL29LTXlub2d5YThtczlOYXdsSmE0TERz?= =?utf-8?B?ZmdHVTcwKytaaThEeWRPOCttTWY1OUFZOW5Zci9GbWxLMUk3SW5Mc3JuR1h0?= =?utf-8?B?TGhROWZMRjRnTHA0ZHk4WENJcWNselBlMGJBbnJYTzVDYjdZOHRmSFk5V0hh?= =?utf-8?B?SXljVnRmY0dsd3haODRWSkQybGlQVGdPS3JiRnNlUDhUcm9nVlh6VlRuVmNq?= =?utf-8?Q?8/Zm19LTaIexLI2lvAYPBODl3?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 71ab8c1b-3a5d-44e7-42e4-08dc80bf9fb6 X-MS-Exchange-CrossTenant-AuthSource: BL1PR12MB5732.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2024 15:46:08.7590 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: JllwYVBdtVRleNUkQ8DaE/uf59Rn+nmeHKlkUK4CHnHhJPGlWLJScu1RpEa+DWW6S7nZGiOKGr91BWvr11xOyA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR12MB6784 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 30 May 2024 08:46:11 -0700 Resent-From: thomas.lendacky@amd.com Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: j7ZHfqkRALitHYzD2mIfj6E4x7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=ctsz1qUz; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io On 5/6/24 15:27, Tobin Feldman-Fitzthum wrote: > The Blob Verifier checks boot artifacts against a hash table > injected by the hypervisor and measured by hardware. >=20 > Update the Blob Verifier to enter a dead loop if the artifacts > do not match. There are some changes to messages from ERROR to WARN and the return is=20 kept as EFI_ACCESS_DENIED, so it would be best to describe in the commit=20 message what situations result in EFI_ACCES_DENIED vs dead loop. >=20 > Signed-off-by: Tobin Feldman-Fitzthum > --- > .../BlobVerifierSevHashes.c | 39 +++++++++++++++---- > 1 file changed, 31 insertions(+), 8 deletions(-) >=20 > diff --git a/OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashe= s.c b/OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c > index 2e58794c3c..ee8bca509a 100644 > --- a/OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c > +++ b/OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c > @@ -77,13 +77,17 @@ FindBlobEntryGuid ( > /** > Verify blob from an external source. > =20 > + If a non-secure configuration is detected this function will enter a > + dead loop to prevent a boot. > + > @param[in] BlobName The name of the blob > @param[in] Buf The data of the blob > @param[in] BufSize The size of the blob in bytes > =20 > - @retval EFI_SUCCESS The blob was verified successfully. > - @retval EFI_ACCESS_DENIED The blob could not be verified, and ther= efore > - should be considered non-secure. > + @retval EFI_SUCCESS The blob was verified successfully or wa= s not > + found in the hash table. > + @retval EFI_ACCESS_DENIED Kernel hashes not supported, but the boo= t > + can continue safely. > **/ > EFI_STATUS > EFIAPI > @@ -99,8 +103,8 @@ VerifyBlob ( > =20 > if ((mHashesTable =3D=3D NULL) || (mHashesTableSize =3D=3D 0)) { > DEBUG (( > - DEBUG_ERROR, > - "%a: Verifier called but no hashes table discoverd in MEMFD\n", > + DEBUG_WARN, > + "%a: No hashes table discovered in MEMFD\n", Technically, this should really just change the ERROR to WARN without=20 changing the message text. > __func__ > )); > return EFI_ACCESS_DENIED; > @@ -114,7 +118,8 @@ VerifyBlob ( > __func__, > BlobName > )); > - return EFI_ACCESS_DENIED; > + > + CpuDeadLoop (); > } > =20 > // > @@ -136,10 +141,22 @@ VerifyBlob ( > =20 > DEBUG ((DEBUG_INFO, "%a: Found GUID %g in table\n", __func__, Guid)= ); > =20 > + if (BufSize =3D=3D 0) { > + DEBUG (( > + DEBUG_ERROR, > + "%a: Blob Specified in Hash Table was not Provided", > + __func__, > + EntrySize, > + SHA256_DIGEST_SIZE Looks like there's no substitution spots in the message for these last=20 two parameters. Thanks, Tom > + )); > + > + CpuDeadLoop (); > + } > + > EntrySize =3D Entry->Len - sizeof Entry->Guid - sizeof Entry->Len; > if (EntrySize !=3D SHA256_DIGEST_SIZE) { > DEBUG (( > - DEBUG_ERROR, > + DEBUG_WARN, > "%a: Hash has the wrong size %d !=3D %d\n", > __func__, > EntrySize, > @@ -170,18 +187,24 @@ VerifyBlob ( > __func__, > BlobName > )); > + > + CpuDeadLoop (); > } > =20 > return Status; > } > =20 > + // > + // If the GUID is not in the hash table, execution can still continue. > + // This blob will not be measured, but at least one blob must be. > + // > DEBUG (( > DEBUG_ERROR, > "%a: Hash GUID %g not found in table\n", > __func__, > Guid > )); > - return EFI_ACCESS_DENIED; > + return EFI_SUCCESS; > } > =20 > /** -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119397): https://edk2.groups.io/g/devel/message/119397 Mute This Topic: https://groups.io/mt/105977014/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-