From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web12.12259.1637679112959383271 for ; Tue, 23 Nov 2021 06:51:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=fSMQOAOk; spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: jejb@linux.ibm.com) Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1ANDX4n4017690; Tue, 23 Nov 2021 14:51:50 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : reply-to : to : cc : date : in-reply-to : references : content-type : mime-version : content-transfer-encoding; s=pp1; bh=6pwDi+ZSUTKvBEGYbsIGg5McTnkePzDo8uW7KiAuMgE=; b=fSMQOAOk9LSEIA30NrG0F0XCA8x0yxhKRE1xYUsKuwdDgfjWrp//dIvZ2eoJ8kFpsPrL bZ7/u2gvfHCWo7g9AIs5ypnYsM0W7pMtTfa9aogkKMi8j5OaueXlsqLs6xjGjUQ9etnd etPFllzYb+CQIJk58KcOdAokmacGP66iVmnZslAb0OnrTe3dIzNkMp9lByddDley9keL 231wgrg19twjoqQQ2+geEpu+VZPvcCViD8FQwJ12csqnw9wKZIr2if2r9M1j8O5UbZIf jxdWacftwCyXf4I+93xA7ZArr5Eakwq0NR3rSiw+a7Ardc9DdJJewL5wqTWnd7g4JX3+ aA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3ch14st2eu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 23 Nov 2021 14:51:49 +0000 Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 1ANEjUCI028705; Tue, 23 Nov 2021 14:51:49 GMT Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186]) by mx0a-001b2d01.pphosted.com with ESMTP id 3ch14st2eh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 23 Nov 2021 14:51:49 +0000 Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1]) by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 1ANEJ1bD018719; Tue, 23 Nov 2021 14:51:48 GMT Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma03wdc.us.ibm.com with ESMTP id 3cernan4q8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 23 Nov 2021 14:51:48 +0000 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 1ANEpl2128312020 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 23 Nov 2021 14:51:47 GMT Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7A0F778068; Tue, 23 Nov 2021 14:51:47 +0000 (GMT) Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F2C3B7805F; Tue, 23 Nov 2021 14:51:45 +0000 (GMT) Received: from jarvis.int.hansenpartnership.com (unknown [9.163.26.160]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP; Tue, 23 Nov 2021 14:51:45 +0000 (GMT) Message-ID: Subject: Re: [PATCH V3 15/29] OvmfPkg: Update SecEntry.nasm to support Tdx From: "James Bottomley" Reply-To: jejb@linux.ibm.com To: "Yao, Jiewen" Cc: Gerd Hoffmann , "Xu, Min M" , "devel@edk2.groups.io" , Ard Biesheuvel , "Justen, Jordan L" , Brijesh Singh , Erdem Aktas , Tom Lendacky Date: Tue, 23 Nov 2021 09:51:44 -0500 In-Reply-To: <1D6AF5B4-87BD-4773-A5C7-4779016A0673@intel.com> References: <867e8a2aaf28c308b20a659057217453c6e38e00.1635769996.git.min.m.xu@intel.com> <20211103063045.kmttoxyluifwo2bq@sirius.home.kraxel.org> <20211117151942.iqow75zq2lrn5xlc@sirius.home.kraxel.org> <20211119151130.g2wcnuhivt3lxvzi@sirius.home.kraxel.org> <20211123123821.q4fanslttg72n2r3@sirius.home.kraxel.org> <1D6AF5B4-87BD-4773-A5C7-4779016A0673@intel.com> User-Agent: Evolution 3.34.4 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: lQ37Mnp9_70tYxTaOSYvQarPBCJDjWEw X-Proofpoint-ORIG-GUID: njKJuleS0cCFJ-iapqj1f8cKJSyxZOlL X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-11-23_05,2021-11-23_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 spamscore=0 bulkscore=0 suspectscore=0 clxscore=1015 impostorscore=0 adultscore=0 lowpriorityscore=0 priorityscore=1501 mlxlogscore=999 phishscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2111230078 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit On Tue, 2021-11-23 at 14:36 +0000, Yao, Jiewen wrote: > > This strict isolation between DXE and PEI means that once we're in > > DXE, any bugs in PEI can't be exploited to attack the DXE > > environment. > > [jiewen] I would disagree the statement above. > There is not strict isolation. Actually no isolation at all. > The DXE is loaded by PEI. Not in OVMF ... DXE and PEI are actually loaded by SEC. PEI eventually jumps to execute DXE but that's after all its own tasks are completed. > A bug in PEI has global impact and it can definitely be used to > attack the DXE. Only if it can be exploited. Moving things to PEI is mitigating the exploitability not the bugs. The point about exploitability and PEI is that it doesn't read any config files, it can't execute any EFI binaries and it has no Human Interface modules so can't be influenced even by a physically present attacker. No ability to influence is what removes the ability to exploit. James