From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
To: devel@edk2.groups.io
Cc: Brijesh Singh <brijesh.singh@amd.com>,
James Bottomley <jejb@linux.ibm.com>,
Ard Biesheuvel <ard.biesheuvel@arm.com>,
Rebecca Cran <rebecca@bsdio.com>,
Laszlo Ersek <lersek@redhat.com>, Julien Grall <julien@xen.org>,
Peter Grehan <grehan@freebsd.org>,
Jordan Justen <jordan.l.justen@intel.com>,
Anthony Perard <anthony.perard@citrix.com>
Subject: [PATCH v2 00/15] SEV-ES security mitigations
Date: Wed, 6 Jan 2021 15:21:26 -0600 [thread overview]
Message-ID: <cover.1609968101.git.thomas.lendacky@amd.com> (raw)
From: Tom Lendacky <thomas.lendacky@amd.com>
This patch series provides security mitigations for SEV-ES to protect
against some attacks identified in the paper titled "Exploiting Interfaces
of Secure Encrypted Virtual Machines" at:
https://arxiv.org/pdf/2010.07094.pdf
The mitigations include:
- Validating the encryption bit position provided by the hypervisor.
Additionally, once validated use the validated value throughout the
code.
- Validating that SEV-ES has been advertised to the guest if a #VC has
been taken to prevent the hypervisor from pretending that SEV-ES is
not enabled.
- Validate that MMIO is performed to/from unencrypted memory addresses
to prevent the hypervisor try to inject data or expose secrets within
the guest.
And a change separate from the above paper:
- When checking #VC related per-vCPU values, make checks for explicit
values vs non-zero values so that a hypervisor can't write random data
to the location to alter guest processing behavior.
Also, as part of creating these mitigations:
- MemEncryptSevLib is updated to now be available during SEC
- #VC now supports a single nested invocation
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108
---
These patches are based on commit:
7785b38ac977 ("ArmPkg: Fix Ecc error 5007 in DefaultExceptionHandlerLib")
All modified DSC files successfully built.
Changes since v1:
- Added CLI before HLT in the halt loops
- Split the encryption mask retrieval interface patch into three
patches
- Split out some coding style fixes as a pre-patch in order to pass ECC
- Implemented an SEC specific version of the
MemEncryptSevLocateInitialSmramSaveStateMapPagesCreated() interface.
- Clarified/expanded some commit messages and comments
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Julien Grall <julien@xen.org>
Cc: Peter Grehan <grehan@freebsd.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Tom Lendacky (15):
Ovmf/ResetVector: Simplify and consolidate the SEV features checks
OvmfPkg/Sec: Move SEV-ES SEC workarea definition to common header file
OvmfPkg/ResetVector: Validate the encryption bit position for
SEV/SEV-ES
OvmfPkg/ResetVector: Perform a simple SEV-ES sanity check
OvmfPkg/MemEncryptSevLib: Save the encryption mask at boot time
OvmfPkg/MemEncryptSevLib: Add an interface to retrieve the encryption
mask
OvmfPkg/MemEncryptSevLib: Obtain encryption mask using the new
interface
OvmfPkg/AmdSevDxe: Clear encryption bit on PCIe MMCONFIG range
OvmfPkg/VmgExitLib: Check for an explicit DR7 cached value
OvmfPkg/MemEncryptSevLib: Coding style fixes in prep for SEC library
OvmfPkg/MemEncryptSevLib: Make the MemEncryptSevLib available for SEC
OvmfPkg/MemEncryptSevLib: Address range encryption state interface
OvmfPkg/VmgExitLib: Support nested #VCs
OvmfPkg/PlatformPei: Reserve GHCB backup pages if S3 is supported
OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory
OvmfPkg/OvmfPkg.dec | 2 +
OvmfPkg/AmdSev/AmdSevX64.dsc | 6 +-
OvmfPkg/Bhyve/BhyveX64.dsc | 4 +-
OvmfPkg/OvmfPkgIa32.dsc | 4 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 4 +-
OvmfPkg/OvmfPkgX64.dsc | 6 +-
OvmfPkg/OvmfXen.dsc | 3 +-
OvmfPkg/AmdSev/AmdSevX64.fdf | 3 +
OvmfPkg/OvmfPkgX64.fdf | 3 +
OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 8 +-
OvmfPkg/Library/BaseMemEncryptSevLib/{BaseMemEncryptSevLib.inf => DxeMemEncryptSevLib.inf} | 16 +-
OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | 57 ++
OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf | 51 ++
OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf | 45 +
OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 6 +-
OvmfPkg/PlatformPei/PlatformPei.inf | 2 +
OvmfPkg/Include/Library/MemEncryptSevLib.h | 90 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h | 35 +-
OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.h | 53 ++
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 20 +-
OvmfPkg/Bhyve/PlatformPei/AmdSev.c | 12 +-
OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c | 145 +++
OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c | 31 +-
OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c | 155 ----
OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c | 63 ++
OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c | 159 ++++
OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c | 155 ++++
OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c | 32 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 893 ++++++++++++++++++
OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c | 100 ++
OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c | 954 +++-----------------
OvmfPkg/Library/VmgExitLib/PeiDxeVmgExitVcHandler.c | 103 +++
OvmfPkg/Library/VmgExitLib/SecVmgExitVcHandler.c | 109 +++
OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 130 ++-
OvmfPkg/PlatformPei/AmdSev.c | 50 +-
OvmfPkg/PlatformPei/MemDetect.c | 5 +
OvmfPkg/Sec/SecMain.c | 6 +-
OvmfPkg/XenPlatformPei/AmdSev.c | 12 +-
OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm | 118 +++
OvmfPkg/ResetVector/Ia32/PageTables64.asm | 110 ++-
OvmfPkg/ResetVector/ResetVector.nasmb | 5 +-
41 files changed, 2679 insertions(+), 1086 deletions(-)
rename OvmfPkg/Library/BaseMemEncryptSevLib/{BaseMemEncryptSevLib.inf => DxeMemEncryptSevLib.inf} (63%)
create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
create mode 100644 OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
create mode 100644 OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.h
create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
delete mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c
create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c
create mode 100644 OvmfPkg/Library/VmgExitLib/PeiDxeVmgExitVcHandler.c
create mode 100644 OvmfPkg/Library/VmgExitLib/SecVmgExitVcHandler.c
create mode 100644 OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm
--
2.30.0
next reply other threads:[~2021-01-06 21:22 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-06 21:21 Lendacky, Thomas [this message]
2021-01-06 21:21 ` [PATCH v2 01/15] Ovmf/ResetVector: Simplify and consolidate the SEV features checks Lendacky, Thomas
2021-01-06 21:21 ` [PATCH v2 02/15] OvmfPkg/Sec: Move SEV-ES SEC workarea definition to common header file Lendacky, Thomas
2021-01-06 21:21 ` [PATCH v2 03/15] OvmfPkg/ResetVector: Validate the encryption bit position for SEV/SEV-ES Lendacky, Thomas
2021-01-07 14:43 ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 04/15] OvmfPkg/ResetVector: Perform a simple SEV-ES sanity check Lendacky, Thomas
2021-01-07 14:44 ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 05/15] OvmfPkg/MemEncryptSevLib: Save the encryption mask at boot time Lendacky, Thomas
2021-01-07 14:52 ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 06/15] OvmfPkg/MemEncryptSevLib: Add an interface to retrieve the encryption mask Lendacky, Thomas
2021-01-07 15:50 ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 07/15] OvmfPkg/MemEncryptSevLib: Obtain encryption mask using the new interface Lendacky, Thomas
2021-01-07 15:56 ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 08/15] OvmfPkg/AmdSevDxe: Clear encryption bit on PCIe MMCONFIG range Lendacky, Thomas
2021-01-07 17:11 ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 09/15] OvmfPkg/VmgExitLib: Check for an explicit DR7 cached value Lendacky, Thomas
2021-01-06 21:21 ` [PATCH v2 10/15] OvmfPkg/MemEncryptSevLib: Coding style fixes in prep for SEC library Lendacky, Thomas
2021-01-07 17:12 ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 11/15] OvmfPkg/MemEncryptSevLib: Make the MemEncryptSevLib available for SEC Lendacky, Thomas
2021-01-07 17:22 ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 12/15] OvmfPkg/MemEncryptSevLib: Address range encryption state interface Lendacky, Thomas
2021-01-06 21:21 ` [PATCH v2 13/15] OvmfPkg/VmgExitLib: Support nested #VCs Lendacky, Thomas
2021-01-06 21:21 ` [PATCH v2 14/15] OvmfPkg/PlatformPei: Reserve GHCB backup pages if S3 is supported Lendacky, Thomas
2021-01-07 17:25 ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 15/15] OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory Lendacky, Thomas
2021-01-07 17:27 ` [edk2-devel] " Laszlo Ersek
2021-01-07 17:33 ` Lendacky, Thomas
2021-01-07 17:48 ` Laszlo Ersek
2021-01-07 18:37 ` Lendacky, Thomas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1609968101.git.thomas.lendacky@amd.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox