public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Laszlo Ersek" <lersek@redhat.com>
To: Tom Lendacky <thomas.lendacky@amd.com>, devel@edk2.groups.io
Cc: Brijesh Singh <brijesh.singh@amd.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Ard Biesheuvel <ard.biesheuvel@arm.com>,
	Rebecca Cran <rebecca@bsdio.com>, Julien Grall <julien@xen.org>,
	Peter Grehan <grehan@freebsd.org>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Anthony Perard <anthony.perard@citrix.com>
Subject: Re: [PATCH 00/12] SEV-ES security mitigations
Date: Thu, 17 Dec 2020 15:23:37 +0100	[thread overview]
Message-ID: <fde04488-8511-2ccc-f9ec-82a8b8129949@redhat.com> (raw)
In-Reply-To: <cover.1608065471.git.thomas.lendacky@amd.com>

Hi Tom,

On 12/15/20 21:50, Tom Lendacky wrote:
> From: Tom Lendacky <thomas.lendacky@amd.com>
> 
> This patch series provides security mitigations for SEV-ES to protect
> against some attacks identified in the paper titled "Exploiting Interfaces
> of Secure Encrypted Virtual Machines" at:
>   https://arxiv.org/pdf/2010.07094.pdf
> 
> The mitigations include:
> 
> - Validating the encryption bit position provided by the hypervisor.
>   Additionally, once validated use the validated value throughout the
>   code.
> 
> - Validating that SEV-ES has been advertised to the guest if a #VC has
>   been taken to prevent the hypervisor from pretending that SEV-ES is
>   not enabled.
> 
> - Validate that MMIO is performed to/from unencrypted memory addresses
>   to prevent the hypervisor try to inject data or expose secrets within
>   the guest.
> 
> And a change separate from the above paper:
> 
> - When checking #VC related per-vCPU values, make checks for explicit
>   values vs non-zero values so that a hypervisor can't write random data
>   to the location to alter guest processing behavior.
> 
> Also, as part of creating these mitigations:
> - MemEncryptSevLib is updated to now be available during SEC
> - #VC now supports a single nested invocation
> 
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108
> 
> ---
> 
> These patches are based on commit:
> 5c3cdebf95bf ("MdePkg/include: Add DMAR SATC Table Definition")

I plan to review this series next year (and then after the VCPU
hot-unplug stuff that's already been in my review queue for a bit...)

Thanks,
Laszlo

> 
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Rebecca Cran <rebecca@bsdio.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Julien Grall <julien@xen.org>
> Cc: Peter Grehan <grehan@freebsd.org>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Anthony Perard <anthony.perard@citrix.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> 
> Tom Lendacky (12):
>   Ovmf/ResetVector: Simplify and consolidate the SEV features checks
>   OvmfPkg/Sec: Move SEV-ES SEC workarea definition to common header file
>   OvmfPkg/ResetVector: Validate the encryption bit position for
>     SEV/SEV-ES
>   OvmfPkg/ResetVector: Perform a simple SEV-ES sanity check
>   OvmfPkg/MemEncryptSevLib: Add an interface to retrieve the encryption
>     mask
>   OvmfPkg/AmdSevDxe: Clear encryption bit on PCIe MMCONFIG range
>   OvmfPkg/VmgExitLib: Check for an explicit DR7 cached value
>   OvmfPkg/MemEncryptSevLib: Make the MemEncryptSevLib available for SEC
>   OvmfPkg/MemEncryptSevLib: Address range encryption state interface
>   OvmfPkg/VmgExitLib: Support nested #VCs
>   OvmfPkg/PlatformPei: Reserve GHCB backup pages if S3 is supported
>   OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory
> 
>  OvmfPkg/OvmfPkg.dec                           |   2 +
>  OvmfPkg/AmdSev/AmdSevX64.dsc                  |   6 +-
>  OvmfPkg/Bhyve/BhyveX64.dsc                    |   4 +-
>  OvmfPkg/OvmfPkgIa32.dsc                       |   4 +-
>  OvmfPkg/OvmfPkgIa32X64.dsc                    |   4 +-
>  OvmfPkg/OvmfPkgX64.dsc                        |   6 +-
>  OvmfPkg/OvmfXen.dsc                           |   3 +-
>  OvmfPkg/AmdSev/AmdSevX64.fdf                  |   3 +
>  OvmfPkg/OvmfPkgX64.fdf                        |   3 +
>  OvmfPkg/AmdSevDxe/AmdSevDxe.inf               |   8 +-
>  ...SevLib.inf => DxeBaseMemEncryptSevLib.inf} |  14 +-
>  .../PeiBaseMemEncryptSevLib.inf               |  57 ++
>  .../SecBaseMemEncryptSevLib.inf               |  55 +
>  OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf  |  44 +
>  OvmfPkg/Library/VmgExitLib/VmgExitLib.inf     |   6 +-
>  OvmfPkg/PlatformPei/PlatformPei.inf           |   2 +
>  OvmfPkg/Include/Library/MemEncryptSevLib.h    |  90 +-
>  .../BaseMemEncryptSevLib/X64/VirtualMemory.h  |  35 +-
>  OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.h |  53 +
>  OvmfPkg/AmdSevDxe/AmdSevDxe.c                 |  20 +-
>  OvmfPkg/Bhyve/PlatformPei/AmdSev.c            |  12 +-
>  .../DxeMemEncryptSevLibInternal.c             | 145 +++
>  .../Ia32/MemEncryptSevLib.c                   |  31 +-
>  .../MemEncryptSevLibInternal.c                |  91 +-
>  .../PeiMemEncryptSevLibInternal.c             | 159 +++
>  .../SecMemEncryptSevLibInternal.c             | 130 +++
>  .../X64/MemEncryptSevLib.c                    |  32 +-
>  .../X64/PeiDxeVirtualMemory.c                 | 893 ++++++++++++++++
>  .../X64/SecVirtualMemory.c                    | 100 ++
>  .../BaseMemEncryptSevLib/X64/VirtualMemory.c  | 954 +++---------------
>  .../VmgExitLib/PeiDxeVmgExitVcHandler.c       | 103 ++
>  .../Library/VmgExitLib/SecVmgExitVcHandler.c  | 109 ++
>  OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 130 ++-
>  OvmfPkg/PlatformPei/AmdSev.c                  |  50 +-
>  OvmfPkg/PlatformPei/MemDetect.c               |   5 +
>  OvmfPkg/Sec/SecMain.c                         |   6 +-
>  OvmfPkg/XenPlatformPei/AmdSev.c               |  12 +-
>  OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm   | 116 +++
>  OvmfPkg/ResetVector/Ia32/PageTables64.asm     | 108 +-
>  OvmfPkg/ResetVector/ResetVector.nasmb         |   5 +-
>  40 files changed, 2590 insertions(+), 1020 deletions(-)
>  rename OvmfPkg/Library/BaseMemEncryptSevLib/{BaseMemEncryptSevLib.inf => DxeBaseMemEncryptSevLib.inf} (66%)
>  create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/PeiBaseMemEncryptSevLib.inf
>  create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/SecBaseMemEncryptSevLib.inf
>  create mode 100644 OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
>  create mode 100644 OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.h
>  create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
>  create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
>  create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
>  create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>  create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c
>  create mode 100644 OvmfPkg/Library/VmgExitLib/PeiDxeVmgExitVcHandler.c
>  create mode 100644 OvmfPkg/Library/VmgExitLib/SecVmgExitVcHandler.c
>  create mode 100644 OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm
> 


  parent reply	other threads:[~2020-12-17 14:23 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-15 20:50 [PATCH 00/12] SEV-ES security mitigations Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 01/12] Ovmf/ResetVector: Simplify and consolidate the SEV features checks Lendacky, Thomas
2021-01-04 18:58   ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 02/12] OvmfPkg/Sec: Move SEV-ES SEC workarea definition to common header file Lendacky, Thomas
2021-01-04 19:02   ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 03/12] OvmfPkg/ResetVector: Validate the encryption bit position for SEV/SEV-ES Lendacky, Thomas
2021-01-04 19:59   ` [edk2-devel] " Laszlo Ersek
2021-01-04 20:45     ` Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 04/12] OvmfPkg/ResetVector: Perform a simple SEV-ES sanity check Lendacky, Thomas
2021-01-04 20:00   ` [edk2-devel] " Laszlo Ersek
2021-01-04 20:48     ` Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 05/12] OvmfPkg/MemEncryptSevLib: Add an interface to retrieve the encryption mask Lendacky, Thomas
2021-01-04 20:34   ` [edk2-devel] " Laszlo Ersek
2021-01-04 21:09     ` Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 06/12] OvmfPkg/AmdSevDxe: Clear encryption bit on PCIe MMCONFIG range Lendacky, Thomas
2021-01-04 21:04   ` [edk2-devel] " Laszlo Ersek
2021-01-05 22:48     ` Lendacky, Thomas
2021-01-06 15:38       ` Laszlo Ersek
2020-12-15 20:51 ` [PATCH 07/12] OvmfPkg/VmgExitLib: Check for an explicit DR7 cached value Lendacky, Thomas
2021-01-04 21:05   ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 08/12] OvmfPkg/MemEncryptSevLib: Make the MemEncryptSevLib available for SEC Lendacky, Thomas
2021-01-05  9:40   ` [edk2-devel] " Laszlo Ersek
2021-01-05 14:34     ` Lendacky, Thomas
2021-01-05 15:38       ` Lendacky, Thomas
2021-01-06 14:22         ` Laszlo Ersek
2021-01-06 14:21       ` Laszlo Ersek
2020-12-15 20:51 ` [PATCH 09/12] OvmfPkg/MemEncryptSevLib: Address range encryption state interface Lendacky, Thomas
2021-01-05  9:48   ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 10/12] OvmfPkg/VmgExitLib: Support nested #VCs Lendacky, Thomas
2021-01-05 10:08   ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 11/12] OvmfPkg/PlatformPei: Reserve GHCB backup pages if S3 is supported Lendacky, Thomas
2021-01-05 10:13   ` [edk2-devel] " Laszlo Ersek
2021-01-05 14:40     ` Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 12/12] OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory Lendacky, Thomas
2021-01-05 10:28   ` [edk2-devel] " Laszlo Ersek
2021-01-05 14:45     ` Lendacky, Thomas
2020-12-17 14:23 ` Laszlo Ersek [this message]
2020-12-21 15:02 ` [edk2-devel] [PATCH 00/12] SEV-ES security mitigations Laszlo Ersek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fde04488-8511-2ccc-f9ec-82a8b8129949@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox