From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web11.5278.1626943513945436699 for ; Thu, 22 Jul 2021 01:45:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=QPcmI76f; spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: dovmurik@linux.ibm.com) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16M8Xb0A007989; Thu, 22 Jul 2021 04:45:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=subject : to : cc : references : from : message-id : date : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pp1; bh=rvdV0m7rlwFsZpV+SzKsQQ+b7hYWL3PrUl+hWA4wA4I=; b=QPcmI76f+VuLauiWQlv+DPY9cxaqe1Z9m8pUXU/4++wv3pcKng9Eedc7jejszvbrdb6g a4amIoQT1VyOzKLBO0rKv4dLq4hqkh4HEHr8RunKB0RFi3/ZTcB2kQK5RWG9P5vfTlsF MiFZQSAEt453UmaLyndzwM6HdFwKQ+Dqse5w3kW7v9mjOnXA21PzOcYCABOQhC7na8ym FWR1i5EYJWZqBntSL36yHD7ZfJzyav2jRlOzV4rvSYscvkVgePgyGIRH38hKTVZEvna/ bMLlFgxlFeHvcj9AXELXo1oxpKn8DVHultDe5QNQMWP5nPOKntvH6Jlrrv7gcDfyetbi DQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 39y4ca9pga-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 22 Jul 2021 04:45:12 -0400 Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 16M8Y9gv010045; Thu, 22 Jul 2021 04:45:12 -0400 Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com with ESMTP id 39y4ca9pg1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 22 Jul 2021 04:45:11 -0400 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 16M8hKl7001179; Thu, 22 Jul 2021 08:45:11 GMT Received: from b01cxnp23033.gho.pok.ibm.com (b01cxnp23033.gho.pok.ibm.com [9.57.198.28]) by ppma03dal.us.ibm.com with ESMTP id 39y0bms7xm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 22 Jul 2021 08:45:11 +0000 Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp23033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 16M8j9d638339032 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 22 Jul 2021 08:45:09 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E075FAC066; Thu, 22 Jul 2021 08:45:08 +0000 (GMT) Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E620FAC05F; Thu, 22 Jul 2021 08:45:05 +0000 (GMT) Received: from [9.160.123.143] (unknown [9.160.123.143]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP; Thu, 22 Jul 2021 08:45:05 +0000 (GMT) Subject: Re: [PATCH v4 10/11] OvmfPkg: add BlobVerifierLibSevHashes To: devel@edk2.groups.io Cc: Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , Jim Cadden , James Bottomley , Hubertus Franke , Ard Biesheuvel , Jordan Justen , Ashish Kalra , Brijesh Singh , Erdem Aktas , Jiewen Yao , Min Xu , Tom Lendacky , Dov Murik References: <20210722084307.2890952-1-dovmurik@linux.ibm.com> <20210722084307.2890952-11-dovmurik@linux.ibm.com> From: "Dov Murik" Message-ID: Date: Thu, 22 Jul 2021 11:45:04 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 In-Reply-To: <20210722084307.2890952-11-dovmurik@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: IacBGz2HOJuQK0DZAqL_2-PxgNxoY9pn X-Proofpoint-GUID: TgDwDNSfDV-T-patOXKaMN4gs8UM3nQl X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.790 definitions=2021-07-22_03:2021-07-22,2021-07-22 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 suspectscore=0 phishscore=0 impostorscore=0 bulkscore=0 clxscore=1015 malwarescore=0 adultscore=0 mlxlogscore=999 lowpriorityscore=0 mlxscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107220055 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Here's the diff from the v3 of this patch. It's supposed to catch more cases of bad length fields overflowing the reserved MEMFD space or the declared length of the table. diff --git a/OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c b/OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c index 797d63d18067..372ae6f469e7 100644 --- a/OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c +++ b/OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c @@ -94,7 +94,7 @@ VerifyBlob ( ) { CONST GUID *Guid; - INT32 Len; + INT32 Remaining; HASH_TABLE *Entry; if (mHashesTable == NULL || mHashesTableSize == 0) { @@ -111,9 +111,13 @@ VerifyBlob ( return EFI_ACCESS_DENIED; } - for (Entry = mHashesTable, Len = 0; - Len < (INT32)mHashesTableSize; - Len += Entry->Len, + // + // Remaining is INT32 to catch underflow in case Entry->Len has a + // very high UINT16 value + // + for (Entry = mHashesTable, Remaining = mHashesTableSize; + Remaining >= sizeof *Entry && Remaining >= Entry->Len; + Remaining -= Entry->Len, Entry = (HASH_TABLE *)((UINT8 *)Entry + Entry->Len)) { UINTN EntrySize; EFI_STATUS Status; @@ -125,7 +129,7 @@ VerifyBlob ( DEBUG ((DEBUG_INFO, "%a: Found GUID %g in table\n", __FUNCTION__, Guid)); - EntrySize = Entry->Len - sizeof (Entry->Guid) - sizeof (Entry->Len); + EntrySize = Entry->Len - sizeof Entry->Guid - sizeof Entry->Len; if (EntrySize != SHA256_DIGEST_SIZE) { DEBUG ((DEBUG_ERROR, "%a: Hash has the wrong size %d != %d\n", __FUNCTION__, EntrySize, SHA256_DIGEST_SIZE)); @@ -161,7 +165,8 @@ VerifyBlob ( This function always returns success, even if the table can't be found. The subsequent VerifyBlob calls will fail if no table was found. - @retval RETURN_SUCCESS The verifier tables were set up correctly + @retval RETURN_SUCCESS The hashes table is set up correctly, or there is no + hashes table **/ RETURN_STATUS EFIAPI @@ -175,15 +180,9 @@ BlobVerifierLibSevHashesConstructor ( mHashesTable = NULL; mHashesTableSize = 0; - if (Ptr == NULL || Size == 0) { - return RETURN_SUCCESS; - } - - if (!CompareGuid (&Ptr->Guid, &SEV_HASH_TABLE_GUID)) { - return RETURN_SUCCESS; - } - - if (Ptr->Len < (sizeof Ptr->Guid + sizeof Ptr->Len)) { + if (Ptr == NULL || Size < sizeof *Ptr || + !CompareGuid (&Ptr->Guid, &SEV_HASH_TABLE_GUID) || + Ptr->Len < sizeof *Ptr || Ptr->Len > Size) { return RETURN_SUCCESS; } On 22/07/2021 11:43, Dov Murik wrote: > Add an implementation for BlobVerifierLib that locates the SEV hashes > table and verifies that the calculated hashes of the kernel, initrd, and > cmdline blobs indeed match the expected hashes stated in the hashes > table. > > If there's a missing hash or a hash mismatch then EFI_ACCESS_DENIED is > returned which will cause a failure to load a kernel image. > > Cc: Ard Biesheuvel > Cc: Jordan Justen > Cc: Ashish Kalra > Cc: Brijesh Singh > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Min Xu > Cc: Tom Lendacky > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 > Co-developed-by: James Bottomley > Signed-off-by: James Bottomley > Signed-off-by: Dov Murik > --- > OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibSevHashes.inf | 37 ++++ > OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c | 199 ++++++++++++++++++++ > 2 files changed, 236 insertions(+) > > diff --git a/OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibSevHashes.inf b/OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibSevHashes.inf > new file mode 100644 > index 000000000000..76ca0b8154ce > --- /dev/null > +++ b/OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibSevHashes.inf > @@ -0,0 +1,37 @@ > +## @file > > +# > > +# Blob verifier library that uses SEV hashes table. The hashes table holds the > > +# allowed hashes of the kernel, initrd, and cmdline blobs. > > +# > > +# Copyright (C) 2021, IBM Corp > > +# > > +# SPDX-License-Identifier: BSD-2-Clause-Patent > > +# > > +## > > + > > +[Defines] > > + INF_VERSION = 1.29 > > + BASE_NAME = BlobVerifierLibSevHashes > > + FILE_GUID = 59e713b5-eff3-46a7-8d8b-46f4c004ad7b > > + MODULE_TYPE = BASE > > + VERSION_STRING = 1.0 > > + LIBRARY_CLASS = BlobVerifierLib > > + CONSTRUCTOR = BlobVerifierLibSevHashesConstructor > > + > > +[Sources] > > + BlobVerifierSevHashes.c > > + > > +[Packages] > > + CryptoPkg/CryptoPkg.dec > > + MdePkg/MdePkg.dec > > + OvmfPkg/OvmfPkg.dec > > + > > +[LibraryClasses] > > + BaseCryptLib > > + BaseMemoryLib > > + DebugLib > > + PcdLib > > + > > +[FixedPcd] > > + gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase > > + gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize > > diff --git a/OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c b/OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c > new file mode 100644 > index 000000000000..372ae6f469e7 > --- /dev/null > +++ b/OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c > @@ -0,0 +1,199 @@ > +/** @file > > + > > + Blob verifier library that uses SEV hashes table. The hashes table holds the > > + allowed hashes of the kernel, initrd, and cmdline blobs. > > + > > + Copyright (C) 2021, IBM Corporation > > + > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > +**/ > > + > > +#include > > +#include > > +#include > > +#include > > +#include > > + > > +/** > > + The SEV Hashes table must be in encrypted memory and has the table > > + and its entries described by > > + > > + |UINT16 | > > + > > + With the whole table GUID being 9438d606-4f22-4cc9-b479-a793d411fd21 > > + > > + The current possible table entries are for the kernel, the initrd > > + and the cmdline: > > + > > + 4de79437-abd2-427f-b835-d5b172d2045b kernel > > + 44baf731-3a2f-4bd7-9af1-41e29169781d initrd > > + 97d02dd8-bd20-4c94-aa78-e7714d36ab2a cmdline > > + > > + The size of the entry is used to identify the hash, but the > > + expectation is that it will be 32 bytes of SHA-256. > > +**/ > > + > > +#define SEV_HASH_TABLE_GUID \ > > + (GUID) { 0x9438d606, 0x4f22, 0x4cc9, { 0xb4, 0x79, 0xa7, 0x93, 0xd4, 0x11, 0xfd, 0x21 } } > > +#define SEV_KERNEL_HASH_GUID \ > > + (GUID) { 0x4de79437, 0xabd2, 0x427f, { 0xb8, 0x35, 0xd5, 0xb1, 0x72, 0xd2, 0x04, 0x5b } } > > +#define SEV_INITRD_HASH_GUID \ > > + (GUID) { 0x44baf731, 0x3a2f, 0x4bd7, { 0x9a, 0xf1, 0x41, 0xe2, 0x91, 0x69, 0x78, 0x1d } } > > +#define SEV_CMDLINE_HASH_GUID \ > > + (GUID) { 0x97d02dd8, 0xbd20, 0x4c94, { 0xaa, 0x78, 0xe7, 0x71, 0x4d, 0x36, 0xab, 0x2a } } > > + > > +STATIC CONST EFI_GUID mSevKernelHashGuid = SEV_KERNEL_HASH_GUID; > > +STATIC CONST EFI_GUID mSevInitrdHashGuid = SEV_INITRD_HASH_GUID; > > +STATIC CONST EFI_GUID mSevCmdlineHashGuid = SEV_CMDLINE_HASH_GUID; > > + > > +#pragma pack (1) > > +typedef struct { > > + GUID Guid; > > + UINT16 Len; > > + UINT8 Data[]; > > +} HASH_TABLE; > > +#pragma pack () > > + > > +STATIC HASH_TABLE *mHashesTable; > > +STATIC UINT16 mHashesTableSize; > > + > > +STATIC > > +CONST GUID* > > +FindBlobEntryGuid ( > > + IN CONST CHAR16 *BlobName > > + ) > > +{ > > + if (StrCmp (BlobName, L"kernel") == 0) { > > + return &mSevKernelHashGuid; > > + } else if (StrCmp (BlobName, L"initrd") == 0) { > > + return &mSevInitrdHashGuid; > > + } else if (StrCmp (BlobName, L"cmdline") == 0) { > > + return &mSevCmdlineHashGuid; > > + } else { > > + return NULL; > > + } > > +} > > + > > +/** > > + Verify blob from an external source. > > + > > + @param[in] BlobName The name of the blob > > + @param[in] Buf The data of the blob > > + @param[in] BufSize The size of the blob in bytes > > + > > + @retval EFI_SUCCESS The blob was verified successfully. > > + @retval EFI_ACCESS_DENIED The blob could not be verified, and therefore > > + should be considered non-secure. > > +**/ > > +EFI_STATUS > > +EFIAPI > > +VerifyBlob ( > > + IN CONST CHAR16 *BlobName, > > + IN CONST VOID *Buf, > > + IN UINT32 BufSize > > + ) > > +{ > > + CONST GUID *Guid; > > + INT32 Remaining; > > + HASH_TABLE *Entry; > > + > > + if (mHashesTable == NULL || mHashesTableSize == 0) { > > + DEBUG ((DEBUG_ERROR, > > + "%a: Verifier called but no hashes table discoverd in MEMFD\n", > > + __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + Guid = FindBlobEntryGuid (BlobName); > > + if (Guid == NULL) { > > + DEBUG ((DEBUG_ERROR, "%a: Unknown blob name \"%s\"\n", __FUNCTION__, > > + BlobName)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + // > > + // Remaining is INT32 to catch underflow in case Entry->Len has a > > + // very high UINT16 value > > + // > > + for (Entry = mHashesTable, Remaining = mHashesTableSize; > > + Remaining >= sizeof *Entry && Remaining >= Entry->Len; > > + Remaining -= Entry->Len, > > + Entry = (HASH_TABLE *)((UINT8 *)Entry + Entry->Len)) { > > + UINTN EntrySize; > > + EFI_STATUS Status; > > + UINT8 Hash[SHA256_DIGEST_SIZE]; > > + > > + if (!CompareGuid (&Entry->Guid, Guid)) { > > + continue; > > + } > > + > > + DEBUG ((DEBUG_INFO, "%a: Found GUID %g in table\n", __FUNCTION__, Guid)); > > + > > + EntrySize = Entry->Len - sizeof Entry->Guid - sizeof Entry->Len; > > + if (EntrySize != SHA256_DIGEST_SIZE) { > > + DEBUG ((DEBUG_ERROR, "%a: Hash has the wrong size %d != %d\n", > > + __FUNCTION__, EntrySize, SHA256_DIGEST_SIZE)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + // > > + // Calculate the buffer's hash and verify that it is identical to the > > + // expected hash table entry > > + // > > + Sha256HashAll (Buf, BufSize, Hash); > > + > > + if (CompareMem (Entry->Data, Hash, EntrySize) == 0) { > > + Status = EFI_SUCCESS; > > + DEBUG ((DEBUG_INFO, "%a: Hash comparison succeeded for \"%s\"\n", > > + __FUNCTION__, BlobName)); > > + } else { > > + Status = EFI_ACCESS_DENIED; > > + DEBUG ((DEBUG_ERROR, "%a: Hash comparison failed for \"%s\"\n", > > + __FUNCTION__, BlobName)); > > + } > > + return Status; > > + } > > + > > + DEBUG ((DEBUG_ERROR, "%a: Hash GUID %g not found in table\n", __FUNCTION__, > > + Guid)); > > + return EFI_ACCESS_DENIED; > > +} > > + > > +/** > > + Locate the SEV hashes table. > > + > > + This function always returns success, even if the table can't be found. The > > + subsequent VerifyBlob calls will fail if no table was found. > > + > > + @retval RETURN_SUCCESS The hashes table is set up correctly, or there is no > > + hashes table > > +**/ > > +RETURN_STATUS > > +EFIAPI > > +BlobVerifierLibSevHashesConstructor ( > > + VOID > > + ) > > +{ > > + HASH_TABLE *Ptr = (void *)(UINTN)FixedPcdGet64 (PcdQemuHashTableBase); > > + UINT32 Size = FixedPcdGet32 (PcdQemuHashTableSize); > > + > > + mHashesTable = NULL; > > + mHashesTableSize = 0; > > + > > + if (Ptr == NULL || Size < sizeof *Ptr || > > + !CompareGuid (&Ptr->Guid, &SEV_HASH_TABLE_GUID) || > > + Ptr->Len < sizeof *Ptr || Ptr->Len > Size) { > > + return RETURN_SUCCESS; > > + } > > + > > + DEBUG ((DEBUG_INFO, "%a: Found injected hashes table in secure location\n", > > + __FUNCTION__)); > > + > > + mHashesTable = (HASH_TABLE *)Ptr->Data; > > + mHashesTableSize = Ptr->Len - sizeof Ptr->Guid - sizeof Ptr->Len; > > + > > + DEBUG ((DEBUG_VERBOSE, "%a: mHashesTable=0x%p, Size=%u\n", __FUNCTION__, > > + mHashesTable, mHashesTableSize)); > > + > > + return RETURN_SUCCESS; > > +} >