From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.64]) by mx.groups.io with SMTP id smtpd.web10.2971.1677523816074014244 for ; Mon, 27 Feb 2023 10:50:16 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=poYuF6NR; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.64, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mKjDm+g5tY/upoDxWSH86y4r2TdanaZfxKjVqVQ46YwxJ15V3NXK8Ix9o0Cd9GuTUBZ/YVKPdkPL0gG6wVgfkGTnDQfhwvxlK/8nPtJlWuCkSiCvbRSxi39hE9jEEyEKbP46u66XL3s+/LlWKvibpmTYnrp6QGgrpy29gl/5dWDzXR3YnFCDmBNEBkvX+RyG2MtJCTzBsuN6+YCIkb+32n3kl04XcSkm186JQp5u6Tn0cLqv2kzLAJu81JabO1np6d2He7HWUjRK3buwXNs/+aF0dZHEDJF9r0CLQsOiYuvhyS+rW1lpcjwLFmINxjCf92MDCnV06/aPsIcsxH7WqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VRd87aUeVW17jbPnruYpttYdElkPZnFJIXHJLsCP52I=; b=c5Zi7DpmVczFa7YJQ/zhJMT9l6bVRJp7sX4epnZ9yarkJUmcPrR2l/ZxvplLNl+cgA8OBtJI7Q9X5CF3JgAgyhNJV5jaEuJ22XF8tHYf/VWKGeGYrpsbU8QXDwHsNTPPehtnt6x8AreqPDBnRd+dCHvrLJxjjOcq+foRUbFDstxDUYSu7vEQ4L1t1YOhdXSSWokHZ+2YuxOJIc+fB4olHsRVWWKc7GbeW9JzYGtLLhxXDlJEWD+F/gvndoDwJIccDzlf+BM5oiafUfVMYDpRdd7XDEJ4E6+GFvha8pBIbW69qRQQcxkFASiTE7zzm9kKhF4ToFV7JFJuxQ9P20wbNQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VRd87aUeVW17jbPnruYpttYdElkPZnFJIXHJLsCP52I=; b=poYuF6NRUk2j26XzhpI94aURFbm8rq3RCnh0hmPxD6AhLIhMcWLlbwHfW6OPEAPLgRrLJO5qh4nvLyV+L8NLFaOBRDfl9Edlcdi5J6OVaSdClOzv4vidUc3CEI9TnNUOi5vZVPerAiaQKDLBDgiLQzqfbY2ggcrvhu85hIQTv7A= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by CY8PR12MB7489.namprd12.prod.outlook.com (2603:10b6:930:90::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.29; Mon, 27 Feb 2023 18:50:13 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::6cc0:9c7a:bd00:441c]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::6cc0:9c7a:bd00:441c%5]) with mapi id 15.20.6134.029; Mon, 27 Feb 2023 18:50:13 +0000 Message-ID: Date: Mon, 27 Feb 2023 12:50:10 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 Subject: Re: [RESEND] [PATCH v2 2/2] OvmfPkg/ResetVector: Exclude SEV launch secrets page from pre-validation To: Dov Murik , Gerd Hoffmann Cc: devel@edk2.groups.io, Ard Biesheuvel , Jiewen Yao , Jordan Justen , Erdem Aktas , James Bottomley , Min Xu , Michael Roth , Ashish Kalra , Mario Smarduch , Tobin Feldman-Fitzthum References: <20230220084942.1292756-1-dovmurik@linux.ibm.com> <20230220084942.1292756-3-dovmurik@linux.ibm.com> <67f06585-b9e6-a450-04fe-ad6b1105d3b6@amd.com> <20230221093820.amj4t2jhzrya7r5k@sirius.home.kraxel.org> <532bb5b0-952b-c830-8de8-fe31f9aa6283@linux.ibm.com> From: "Lendacky, Thomas" In-Reply-To: <532bb5b0-952b-c830-8de8-fe31f9aa6283@linux.ibm.com> X-ClientProxiedBy: CH2PR12CA0023.namprd12.prod.outlook.com (2603:10b6:610:57::33) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|CY8PR12MB7489:EE_ X-MS-Office365-Filtering-Correlation-Id: 031b3b0e-37e5-47da-9a1a-08db18f37594 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: AAVhljqFyNZWszbyBSoIJ+Y8Qm/ZUnDroVhrQNs0hM0DK2I5EGrLNCmrHk0sbbAa+8R6oU0IZyU1z62A4f+pxATuMGf2dro8nVQt9dmWTHP4PGQG5eJAWTXChrwVoU+U3jbhvX/DCO0clir9xaJC08nsVcZZuc/EMmUNQfDfNehi9AKEwPP/vbJ/iLM+M+AlfAXgFOSwKM+YtJnCI32E1ZYpm3wYanF0bMBDQ1D7ycm4el326tAmICDuNCp0m/NFEcskA7hHPlud6VbPnYdN52zF5pX4cCsFsNe2ry6AWbXTsDiv/LJYqYQx3eEaFg4RvVEdmN0JfJV6yVfu91CX2VPb1qPonjiDGGNPSBK0bcH9TV3O2i/ARGqtzCsY/sx1CeVjE31G+7vaWuTi/YJcNgbGBhszz6D1ApHdUylSaJZcd5BUC5umq7IEyntkM4CNvTrOpjD7UXKKDt45P/BhJ2jHpq3kMslOBNmTLskkkyEre7DVWeu7rg9RadhMN8rHqdjcGKUyTkxbbnau15jRKBBwfYadW3yu1xuYo/4OUz27JThkD3mivOSUz9z3NyxLoM8+DQrj/qxrWctUh9Ag6PnYBKBaGekLT9v3i49qawrWNbZ7tyvFxBfw6AGmwunufy1z578a1JX3j6M6pgYAjhbYoBdixKE3aUD7kOin9xUeeO9s5RIxluHLleYLEGZxV7WqOTwrWVmv+Ji02eF5vqyD/JQsng7hM8lS0Bwh6Jg= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(39860400002)(396003)(376002)(346002)(366004)(136003)(451199018)(36756003)(54906003)(316002)(110136005)(6486002)(478600001)(8936002)(5660300002)(7416002)(2906002)(8676002)(66946007)(66556008)(66476007)(4326008)(41300700001)(26005)(86362001)(31696002)(38100700002)(186003)(2616005)(83380400001)(6512007)(6506007)(53546011)(31686004)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?TjBEUzRZZVhqU2I0c0JMdlNVUXVuYS8zdTJLY2hnU2JlY04waHlQWmU2KzNU?= =?utf-8?B?akJ5VUxoTW15cVFieXJTbWNQVG5wSGZtcU1LdnZDcEs2UUFGYlRJalpzb0lY?= =?utf-8?B?NTd4bkREM3plQVlSa2pBM1F5VUtBbStvR2lYSXNUQUlDZnF5eVFScGZCUFNB?= =?utf-8?B?cEU4RzArV0dyU3JmcGdUcTJHd01ua3laUERGWTIzSnRJVmdOZGhkUERYaDVW?= =?utf-8?B?NG9CMk1xSnlIa3J2K1lzOWdGam9zanFNeUlESTMycDdDWVZDZEFCd2FiVkh6?= =?utf-8?B?c3lQUG5NVXdRZ0JjSTNROHl6cXJxN2QrbFF5UW1wM1RER1hwNUdPMFN2cHN5?= =?utf-8?B?YUFGeGhWbkVkUWUrREhJcGhYeFhORW9FeGo4bmZMS2tFM1dabm5QVnI0Umgv?= =?utf-8?B?TkJUWDJLU2lOSWR1ck5MMzBMdFEyS2FHMml4c1pWbU94eGxFVkVyNzFhcXhS?= =?utf-8?B?L3gya3cwQWZtd1FrMDQ0OU5CZFdobWFYSWh6RGJxK2I1emNweGw1NVlsN3hJ?= =?utf-8?B?ZE5sR3p0dGpFckp1YUZrWkpmcEhWUTNsa1o5cE1xTUp5ZzEvRjl6c2c4cjVu?= =?utf-8?B?TU1CREJTQkJOelR2OFVYZEdiejNhSGFpbFFtOWdwKzFWMVhjeEdjMjRSTkVJ?= =?utf-8?B?UWltR2dqeHNFWnB6ejErVjhlRllSRTJSc3RQaFc2OWt3YzQwcE9PWGM0M1lI?= =?utf-8?B?NVVGTlczMmpKLzNpNDBabXBQRDdUT3hheUZzdFFWNW9lSmc4a3N1NUZYZWZk?= =?utf-8?B?NWFudGVOMGdNdksrYnU1a0t0bU1jWGhBQ1RoZGNvQXVxTVVoVGtCYUppWEVD?= =?utf-8?B?ZzJJUm4zcm9FSWx4YlNPaXRheUd3QS9JTHI1S2VsaFVwT09qd016bUY0bFdT?= =?utf-8?B?MEsvQzFhUHhhOG9PVTk0YnZqV3JMVmo4eG9HR2JQQ3hNUjNzdG43QnFlamEx?= =?utf-8?B?dnlndzVPdEoxaFU4bkFaaE1Cem9XRjJrdGtpOFBHRnE5QSs4VW9ieGxFRmxR?= =?utf-8?B?eEdFOFpaYlZ0L3FNbE9XWllERlM3VHVhbnREeGdNU2c1T1hJTDNVc1F1aEZF?= =?utf-8?B?b0lZUlhjR3VDQzdrS2J2WFBTdk5sck9uQ0VsSTZlZndLMWIzRUZacHN5MFV4?= =?utf-8?B?M0NpWGIrcURXdjkvQjRDYmtKQmhES0FHUzlnNGt4dkxuejNpUlhFQm9tbG9U?= =?utf-8?B?VDY0T0lUMmIzNEFIN1A0Szlqb0t6blBtdE5rRnM5bnc1UVlkc1hrM2hjOWFv?= =?utf-8?B?Tk9PNnZjenNMUC9La1A5R1JFR0NaWGFxUm5PSllhdnJFWVArc0NjT3FXb2d5?= =?utf-8?B?UVlxRDkvVnR3bG93N1lmODQvMEZ3ZC9vcTQ3Q1R1SFJ0Z1hqN0dpbnp2Y0xt?= =?utf-8?B?Kzh6UmZLQU4wSVVIUjhoTjUrSzJEL1RUVGFyeGVzaWpxbUxGK3lJZFhOWlhD?= =?utf-8?B?cWp6akZjUmlRUGpIVzg4c2ZhMmhSdytyUGw4OUYrcHZNTlNjNm8zY0dFVm8x?= =?utf-8?B?NHBQS2JkQ1BuQ1M0NHdvQ1V1TmdQU1lTRDRBazRwZkpybTV1M1VoUDQ1cVA4?= =?utf-8?B?SEZBbjlJMzBBSlZzTmcrSFhRcXVRNEZ6b3lkRExMVUcra21zaHdZaUUyMmVJ?= =?utf-8?B?MEFJUnJrUG5TK0pmcGh5d0hSeDFYT3RUR0pRclJoaURrUzhxU1JsdCs5MjFa?= =?utf-8?B?SitEQUdBRGhKN2hFS2RSdkJKdDErcXFVcmtIZHNMWkFEZ3owRjMyZmdYbkkz?= =?utf-8?B?QTF6MWQ5QWhDMEFkWVc2S2VRbDkyYi8xQnI5ZzZQYkNPY3oyb3BUUWZZVXZs?= =?utf-8?B?WFh2RUgvdnBKR3JrWWhKMElwcUZ1c0pFcFRoeEl0OHFrMmF6bmhndEZNdVB5?= =?utf-8?B?a3MwTldraTR0TEtGRTBteGhQSEk3bzNhWDFnMUVscWhKNGJFOHI5elY1bEhw?= =?utf-8?B?M2YrQVVnVGZnS2xsRndGbXI0N2svb0lYZnZVd3VjdHVyb2JNYUFFYSsxZk8r?= =?utf-8?B?Z3NlY3ZVVDF2MVRhdk9oTUdTQlBKL3ZrcG1LME5Ic1NRcDQ4MGYza3hoNkZs?= =?utf-8?B?SUZWTFZMQ2wyQmFmTjd6bkxDaDJUR1hQVmJXTHNQTkdtek9IdktYam54WVJO?= =?utf-8?Q?2+tEdUUV+lwgZiekiNFllhJMJ?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 031b3b0e-37e5-47da-9a1a-08db18f37594 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Feb 2023 18:50:13.3568 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: YlpuPAVOMf8fp+Yvn7z0b/WG6sXx1zW6UUQ9161pqKDbuq70LtwOz63hGpIn75BYtJ9hOXHUFUUTYHgmspCgMQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB7489 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 2/23/23 09:04, Dov Murik wrote: > > > On 23/02/2023 16:58, Dov Murik wrote: >> >> >> On 21/02/2023 11:38, Gerd Hoffmann wrote: >>> On Mon, Feb 20, 2023 at 08:44:23AM -0600, Tom Lendacky wrote: >>>> On 2/20/23 02:49, Dov Murik wrote: >>>>> In order to allow the VMM (such as QEMU) to add a page with hashes of >>>>> kernel/initrd/cmdline for measured direct boot on SNP, this page must >>>>> not be part of the SNP metadata list reported to the VMM. >>>>> >>>>> Check if that page is defined; if it is, skip it in the metadata list. >>>>> In such case, VMM should fill the page with the hashes content, or >>>>> explicitly update it as a zero page (if kernel hashes are not used). >>>> >>>> Would it be better to define a new section type (similar to what I did in >>>> the SVSM PoC)? This way, it remains listed in the metadata and allows the >>>> VMM to detect it and decide how to handle it. >>> >>> Explicitly describing things sounds better to me too. >>> >> >> Thanks for the feedback Tom and Gerd. >> >> >> I can define a new section type OVMF_SECTION_TYPE_KERNEL_HASHES. In the AmdSev >> target it'll cover the single MEMFD page at 00F000 (after the CPUID page). >> Now there's a question for the QEMU side -- should QEMU then fill the page >> and encrypt it (launch_update type=NORMAL)? (currently the whole hashes table >> creation and encryption is done elsewhere there) Yes, I think that is the way to go. Allocate a page in Qemu, zero it out, fill in the hash values at the proper location and then do a launch update for type NORMAL page. You can use the section type to identify the data you need to retrieve and encrypt. >> >> And on regular OvmfX64 builds - should that area should be with type >> OVMF_SECTION_TYPE_SNP_SEC_MEM which is accepted as a type=ZERO page ? >> >> >> Playing with this idea, the metadata list will add: >> >> >> ; Kernel hashes section for measured direct boot >> %define OVMF_SECTION_TYPE_KERNEL_HASHES 0x5 >> >> ... >> >> ; Kernel hashes for measured direct boot, or zero page if >> ; there are no kernel hashes / SEV secrets >> SevSnpKernelHashes: >> DD SEV_SNP_KERNEL_HASHES_BASE >> DD SEV_SNP_KERNEL_HASHES_SIZE >> DD SEV_SNP_KERNEL_HASHES_TYPE >> > > Or maybe this metadata section ^^^^^ should be added only if the Pcd for > secrets+hashes page is defined? That would be optimal if you could do that. Thanks, Tom > > -Dov > >> >> >> and the base/size/type of that region are defined in an >> %if statement in ResetVector.nasmb: >> >> >> %if (FixedPcdGet32 (PcdSevLaunchSecretBase) > 0) >> ; There's a reserved page for SEV secrets and hashes; the VMM will fill and >> ; validate the page >> %define SEV_SNP_KERNEL_HASHES_TYPE OVMF_SECTION_TYPE_KERNEL_HASHES >> %define SEV_SNP_KERNEL_HASHES_BASE (FixedPcdGet32 (PcdSevLaunchSecretBase)) >> %else >> ; No SEV secrets and hashes page; the VMM will validate it as another zero page >> %define SEV_SNP_KERNEL_HASHES_TYPE OVMF_SECTION_TYPE_SNP_SEC_MEM >> %define SEV_SNP_KERNEL_HASHES_BASE (CPUID_BASE + CPUID_SIZE) >> %endif >> %define SEV_SNP_KERNEL_HASHES_SIZE (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) - SEV_SNP_KERNEL_HASHES_BASE) >> >> >> (I still need to figure out the point about QEMU above.) >> >> >> Is that what you had in mind? >> >> -Dov