From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.69])
 by mx.groups.io with SMTP id smtpd.web09.29788.1626710231068725585
 for <devel@edk2.groups.io>;
 Mon, 19 Jul 2021 08:57:11 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@amd.com header.s=selector1 header.b=ZPSmau/R;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.69, mailfrom: thomas.lendacky@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=dGdCxOZyElEEUpddwV7Nl2YyjPsJjGUeEIP5tVkQrPVr7VxjnppsmlFP0gLyo0o0ZXq+hA0QRVSJQt1g4CxvBycSM6bjPKaEIHMD1bEqMlfNlnkPIQUKMfFJhHJOsjEmelbVhzROyXrWobVHCe490LkyIaEf+85vvaa+aAk2jzYaBjdCNcYtZWoxFiYO7EYQXotjWzpBq53C1/cTaltwh8ejxOHTh42DCLfwAoM++CtjvkM4HhyARHi/xlNi7XIfTIn9jcROqxXKJOia+8QRYM8M+VYIJ592GSf/oWkf6cWS6rg+zJYurE8o1X3njT/HMgRTNdZV10aAqIxfnHFiPQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=UVXOLHrv4mHqRalCRA9k6qYaiv2M9Q/qWU7NjDAjOMg=;
 b=QyEX2Iji27KZREYysfBeDPkISPj+w7Zur4wXueSgD2mbIQCVCB+f1uxYEIes/0aeO796DRbEEwq5OptaSbvXkPLfQgicaIjdbfMi+v4KhJKJ5l+2RLWJw9x0XPEavMHgOcn2q66eh5YIWussqvhgzVJxTSr0gmg7XUHZRdZ76P7N8616l0v2dMkUygssmfZR0wEW2IbqB6v8l/HtMF/5p633rsdPmsyAQ6E4MUjGYWFRiF+ROQe/kGUkCV0l59ylJubKLF6j3vo5oWSL5l3njZm/kLLMPqnskNMNjMZkXbsxgSKI9E21hCQ9tjGFGkKbSWJJ/LRtEfUy8t+xL6OSFg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=UVXOLHrv4mHqRalCRA9k6qYaiv2M9Q/qWU7NjDAjOMg=;
 b=ZPSmau/RNF/okluisWYxSVrTtflrXh2/L1vxy0LNpFKzqO6BUl7RpTlF/3v+vTVGlsLVChnNN4lySBJq0yZTxDrnj5WJTiXBH2vAmy0HIPxoMOLN9r7koIrdZYtekGC1aNAwew3Hb7VEh6G4uZD2SQ/jQTqWLYmixPnABVjQyPM=
Authentication-Results: intel.com; dkim=none (message not signed)
 header.d=none;intel.com; dmarc=none action=none header.from=amd.com;
Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12)
 by DM4PR12MB5278.namprd12.prod.outlook.com (2603:10b6:5:39e::17) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.23; Mon, 19 Jul
 2021 15:57:09 +0000
Received: from DM4PR12MB5229.namprd12.prod.outlook.com
 ([fe80::73:2581:970b:3208]) by DM4PR12MB5229.namprd12.prod.outlook.com
 ([fe80::73:2581:970b:3208%3]) with mapi id 15.20.4331.032; Mon, 19 Jul 2021
 15:57:09 +0000
Subject: Re: [PATCH v2 07/11] OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg
To: Dov Murik <dovmurik@linux.ibm.com>, devel@edk2.groups.io
Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
 Tobin Feldman-Fitzthum <tobin@ibm.com>, Jim Cadden <jcadden@ibm.com>,
 James Bottomley <jejb@linux.ibm.com>, Hubertus Franke <frankeh@us.ibm.com>,
 Laszlo Ersek <lersek@redhat.com>, Ard Biesheuvel
 <ardb+tianocore@kernel.org>, Jordan Justen <jordan.l.justen@intel.com>,
 Ashish Kalra <ashish.kalra@amd.com>, Brijesh Singh <brijesh.singh@amd.com>,
 Erdem Aktas <erdemaktas@google.com>, Jiewen Yao <jiewen.yao@intel.com>,
 Min Xu <min.m.xu@intel.com>
References: <20210706085501.1260662-1-dovmurik@linux.ibm.com>
 <20210706085501.1260662-8-dovmurik@linux.ibm.com>
From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
Message-ID: <f73ef644-507d-6472-0abe-9f8d4a39eea7@amd.com>
Date: Mon, 19 Jul 2021 10:57:06 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.11.0
In-Reply-To: <20210706085501.1260662-8-dovmurik@linux.ibm.com>
X-ClientProxiedBy: SN4PR0701CA0047.namprd07.prod.outlook.com
 (2603:10b6:803:2d::20) To DM4PR12MB5229.namprd12.prod.outlook.com
 (2603:10b6:5:398::12)
Return-Path: thomas.lendacky@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.236.30.241] (165.204.77.1) by SN4PR0701CA0047.namprd07.prod.outlook.com (2603:10b6:803:2d::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21 via Frontend Transport; Mon, 19 Jul 2021 15:57:08 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 59ab3e46-d717-47a0-6144-08d94acddd2a
X-MS-TrafficTypeDiagnostic: DM4PR12MB5278:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<DM4PR12MB52782C1A0B45220C46FB3D28ECE19@DM4PR12MB5278.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7219;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	xFaZ1blXM9dyoFTVz51nFo/2mxdvSKtpHxSD//ZPPSFI16FPIxQvqqTwoYaOn81YbqiiPKpl59FlbbMVoeUDzHK8Ic9rXgHKCVkpH4p3tIqS/1YRP9ueQ+MWgtbdRMdL2nHNaTO0gENr9iGODuSc24ttsM2ZMzGTIxM8Td4WMmc0fDo+oIpG7APnrv/e/fTIXkWaWKfe8MRsGWv3cY44lTlRug0aLKYmqGrOmnRf2Ju0QSzvTA0VZ0uNZWUIb5Qiu5VaqM9+YMdSWJSdToF+WG04hzuX2v+ZiY/3/kWX9p0FIOVLPXR0VCljwHsXVmR8iTeymVP2zuzDRUKlp8k6HI3MXVn/8+Ppe/+5rnBVsHuHJ3Gq52gGBNop6nMzn9sYcu44Cqj1yODEyZcj0zWesI36baSZPTOXJGYQtKU4S/kRPxZWq+gVcJihLV8gJmUWEJEK0ByRA4p/6lZpNrgitkCLQAg2XzrBYS2WHrOR4qUuL89kYr+yvfThoj3sWohO/QpOnoLCOPc3MMajjiO/UQvHyFPVJSxkaqyBhZsUDfWXexhMKrLNMohk0+fKX7Mdr3d1DJZ0gkOTkKMx3wX6oPjKyTLQw2vyeS4Qh6nCwS3kg31c1W7o205PUfGtMfMmlVnmhJdhxlWdfyOlkDvk8I6mGBXdZAhEyruQIZE+KcBfnDQYWSMnqHSruj7bhD4ayDFPixOxI5cGup1WqSCFsfAR7qhiZZxxQLEewBfi9+iNutQbXpM20M0gxll64B/4mHDWFXeAZqEHFPM6+AxruoQGIgk5y0v4XKA3Zgk14WaVdEImRDSktx+IFrgPYc6n
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(396003)(366004)(39860400002)(136003)(376002)(346002)(7416002)(15650500001)(4326008)(38100700002)(83380400001)(966005)(2616005)(956004)(86362001)(31686004)(66946007)(36756003)(31696002)(66556008)(66476007)(54906003)(478600001)(8936002)(6486002)(8676002)(316002)(5660300002)(26005)(16576012)(53546011)(186003)(2906002)(45980500001)(43740500002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?utf-8?B?K2J3NGFZQjc1dVg2ODZVQXNPeWx1ZEtXM21tWmRoVzdjRnlsZ1A0MGgyMGND?=
 =?utf-8?B?ZGJUSXBZczBadFNNUG02TXc0Q2FrK1FoeXU2RzhYQjArYTYwR080RXdwbm1V?=
 =?utf-8?B?aXk5M25KemdrV2FyRlJmclllU0k3NmZKVWNydnI0cGJpN2gzbU9odmhOK0Yy?=
 =?utf-8?B?bkVweG5Kb3hSYVhhd2FRUHI4cW5UU3JOZEJLUk91MXNmNW1PU2M5SkR5WFRj?=
 =?utf-8?B?dEY5bkM1R2VtQVQvM3ZVdC9uRDFCQjlNeVFPY0JubWhRZ2ROdGVsaC9vYytD?=
 =?utf-8?B?cHEwK3QraW5Fc0lxN21Vcm52NmhWQXJlOEhwanFXS2NNWktsNHRWZjN5bFlC?=
 =?utf-8?B?bVlPRXdMT0xjaytObkpMTDNWWTYzNVBmcHdIQnEra0Myek16OWpPcW5jbWdP?=
 =?utf-8?B?RnNIY2xkczRwNjg3R1lmVEhtaTVMNEt2QjY0WG5lSHY2blJxeHlDeDNLTEVT?=
 =?utf-8?B?QWNVVGdsdHRVcVBNRWhLYzBST3FINUcwNmFxR2xyT1BjTFRBZzRXQWpvT3Np?=
 =?utf-8?B?aFIvUVh1TzRSNk16RW5oYVhVZmtGeFhwb3l6U3JGV2lKUnNVdjN2bXN0SHZa?=
 =?utf-8?B?N3NoY0pXOUZSRTZpQ1FOR1ZQNXlnQkYwMDlXQk1IMDBHb1dqaWtSeFZ5N1d0?=
 =?utf-8?B?TU14dXo4NUpQK2V6cFBodUlYTXVxUlRqR0FoQkRNWDc5aVBQS2YrMGhwQ0xX?=
 =?utf-8?B?bnNWUXcwbGU2aExyWmF2MktTTStkY0dPQWJvbm1YeHkxVVZ1T28zaDdLMmV0?=
 =?utf-8?B?ek0vaEduY3A0M3liN0EyaCtYcTRXRjJDZDVGTGJMNHhDempuQjZZeEdVOWxn?=
 =?utf-8?B?aUJyN0RDRy9xRkRFdkU4akVXSXE3QWJzWnYzSjZUR1Fiei85bjNYbzZLd1FH?=
 =?utf-8?B?NVRNelU0ME94YWdyTEt3dkVzcThuRDFIUmV6NE5wWkpVWGdXWm4vZVZmcHMx?=
 =?utf-8?B?NjBheFA4ZFBZVjRiME9FUENBbmhvSUdJUkx5WEdHRzAxN3pNY09nTlY5c0Rv?=
 =?utf-8?B?c1pjLzlxeWo5YW5QN2dQbHNleXZGUVZyYkR6MkZYd1hzZVBSb3VDZTh6VXJR?=
 =?utf-8?B?VDZ3azc2eWpGOFVYMGNHSTFBaGZPLzJiTW5VYXhEVDJJOHNWdVBiTVJjUFdY?=
 =?utf-8?B?ZlR2ak0yQy81aU1hT29Nb3BueTkxbnA4S3RtM211SXNpTWNlaHZaRWo5bzMy?=
 =?utf-8?B?Wnp4OWxwZFhEWGVGL3FtdUhTZTVlY202UVJMNDhWMk1uZHVkSkRxM3FRQmNn?=
 =?utf-8?B?aE83eDhQMHB0TlNmRFcrbW05ZndPbmFvcGQzRHlucDRQcC9tWU02L3BIRXV1?=
 =?utf-8?B?NjhXaGJPWVlhMVBkR01tNXk3cFB2Tlc4YkVva1cycWRqVjJ0KzlLT0ZmQ01u?=
 =?utf-8?B?ejdoSXJtR2JkNUFKamZOVllDenp4bWNXVVJ6eHVDNzJ0bWZaUjlYWWtYL2dK?=
 =?utf-8?B?OVRVUUk1WFJ5SFZJSWw4Y1pvNmN0cFZPNTloVkRxdFZNaWt4VDBrdXVIV2p3?=
 =?utf-8?B?cHZaNnZCM1VibGl1T2NhcVNzWkFIdDFZR3dCQmtwN2wxc085Qng3UmpUWmkz?=
 =?utf-8?B?Q2MxMEgreFhIOXp4d0FON1dFdS9kL29WTEE2alFQTmxTSTJPSDBqSk1WNTY3?=
 =?utf-8?B?Ry84TUVLWTlQTjRJclp3VVVtSWZQWUR3Tlp1a1lmamZqajNSL1Brc2JTRzRN?=
 =?utf-8?B?NWIyVGx5TUR4OFJLODU2SGVDNE40M2VRaTh0RXZLRVpaRWFkWXFFSkgzbVBM?=
 =?utf-8?Q?r0Utd4gCAU4KqyKRW6edANtzht3kXf98vvP+eeJ?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 59ab3e46-d717-47a0-6144-08d94acddd2a
X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jul 2021 15:57:09.0074
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 2XI3cj6eKVAZdp+qBc7DZu1M1HilU0cxhdvE/ajg0P+rMv+phfV5Wu9CEmJ0jYmrSgJWeMQzf4zBWOpYfvbGPA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5278
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 7/6/21 3:54 AM, Dov Murik wrote:
> In QemuKernelLoaderFsDxeEntrypoint we use FetchBlob to read the content
> of the kernel/initrd/cmdline from the QEMU fw_cfg interface.  Insert a
> call to VerifyBlob after fetching to allow BlobVerifierLib
> implementations to add a verification step for these blobs.
> 
> This will allow confidential computing OVMF builds to add verification
> mechanisms for these blobs that originate from an untrusted source
> (QEMU).
> 
> The null implementation of BlobVerifierLib does nothing in VerifyBlob,
> and therefore no functional change is expected.
> 
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Ashish Kalra <ashish.kalra@amd.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457
> Co-developed-by: James Bottomley <jejb@linux.ibm.com>
> Signed-off-by: James Bottomley <jejb@linux.ibm.com>
> Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
> ---
>  OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
> index c7ddd86f5c75..b43330d23b80 100644
> --- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
> +++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
> @@ -17,6 +17,7 @@
>  #include <Guid/QemuKernelLoaderFsMedia.h>
>  #include <Library/BaseLib.h>
>  #include <Library/BaseMemoryLib.h>
> +#include <Library/BlobVerifierLib.h>
>  #include <Library/DebugLib.h>
>  #include <Library/DevicePathLib.h>
>  #include <Library/MemoryAllocationLib.h>
> @@ -1039,6 +1040,14 @@ QemuKernelLoaderFsDxeEntrypoint (
>      if (EFI_ERROR (Status)) {
>        goto FreeBlobs;
>      }
> +    Status = VerifyBlob (
> +               CurrentBlob->Name,
> +               CurrentBlob->Data,
> +               CurrentBlob->Size
> +             );

Just a nit, but the ");" should be under the "C" in CurrentBlob.

Thanks,
Tom

> +    if (EFI_ERROR (Status)) {
> +      goto FreeBlobs;
> +    }
>      mTotalBlobBytes += CurrentBlob->Size;
>    }
>    KernelBlob      = &mKernelBlob[KernelBlobTypeKernel];
>