From: "Laszlo Ersek" <lersek@redhat.com>
To: Tom Lendacky <thomas.lendacky@amd.com>, devel@edk2.groups.io
Cc: Brijesh Singh <brijesh.singh@amd.com>,
James Bottomley <jejb@linux.ibm.com>,
Ard Biesheuvel <ard.biesheuvel@arm.com>,
Rebecca Cran <rebecca@bsdio.com>, Julien Grall <julien@xen.org>,
Peter Grehan <grehan@freebsd.org>,
Jordan Justen <jordan.l.justen@intel.com>,
Anthony Perard <anthony.perard@citrix.com>
Subject: Re: [PATCH 00/12] SEV-ES security mitigations
Date: Thu, 17 Dec 2020 15:23:37 +0100 [thread overview]
Message-ID: <fde04488-8511-2ccc-f9ec-82a8b8129949@redhat.com> (raw)
In-Reply-To: <cover.1608065471.git.thomas.lendacky@amd.com>
Hi Tom,
On 12/15/20 21:50, Tom Lendacky wrote:
> From: Tom Lendacky <thomas.lendacky@amd.com>
>
> This patch series provides security mitigations for SEV-ES to protect
> against some attacks identified in the paper titled "Exploiting Interfaces
> of Secure Encrypted Virtual Machines" at:
> https://arxiv.org/pdf/2010.07094.pdf
>
> The mitigations include:
>
> - Validating the encryption bit position provided by the hypervisor.
> Additionally, once validated use the validated value throughout the
> code.
>
> - Validating that SEV-ES has been advertised to the guest if a #VC has
> been taken to prevent the hypervisor from pretending that SEV-ES is
> not enabled.
>
> - Validate that MMIO is performed to/from unencrypted memory addresses
> to prevent the hypervisor try to inject data or expose secrets within
> the guest.
>
> And a change separate from the above paper:
>
> - When checking #VC related per-vCPU values, make checks for explicit
> values vs non-zero values so that a hypervisor can't write random data
> to the location to alter guest processing behavior.
>
> Also, as part of creating these mitigations:
> - MemEncryptSevLib is updated to now be available during SEC
> - #VC now supports a single nested invocation
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108
>
> ---
>
> These patches are based on commit:
> 5c3cdebf95bf ("MdePkg/include: Add DMAR SATC Table Definition")
I plan to review this series next year (and then after the VCPU
hot-unplug stuff that's already been in my review queue for a bit...)
Thanks,
Laszlo
>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Rebecca Cran <rebecca@bsdio.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Julien Grall <julien@xen.org>
> Cc: Peter Grehan <grehan@freebsd.org>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Anthony Perard <anthony.perard@citrix.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
>
> Tom Lendacky (12):
> Ovmf/ResetVector: Simplify and consolidate the SEV features checks
> OvmfPkg/Sec: Move SEV-ES SEC workarea definition to common header file
> OvmfPkg/ResetVector: Validate the encryption bit position for
> SEV/SEV-ES
> OvmfPkg/ResetVector: Perform a simple SEV-ES sanity check
> OvmfPkg/MemEncryptSevLib: Add an interface to retrieve the encryption
> mask
> OvmfPkg/AmdSevDxe: Clear encryption bit on PCIe MMCONFIG range
> OvmfPkg/VmgExitLib: Check for an explicit DR7 cached value
> OvmfPkg/MemEncryptSevLib: Make the MemEncryptSevLib available for SEC
> OvmfPkg/MemEncryptSevLib: Address range encryption state interface
> OvmfPkg/VmgExitLib: Support nested #VCs
> OvmfPkg/PlatformPei: Reserve GHCB backup pages if S3 is supported
> OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory
>
> OvmfPkg/OvmfPkg.dec | 2 +
> OvmfPkg/AmdSev/AmdSevX64.dsc | 6 +-
> OvmfPkg/Bhyve/BhyveX64.dsc | 4 +-
> OvmfPkg/OvmfPkgIa32.dsc | 4 +-
> OvmfPkg/OvmfPkgIa32X64.dsc | 4 +-
> OvmfPkg/OvmfPkgX64.dsc | 6 +-
> OvmfPkg/OvmfXen.dsc | 3 +-
> OvmfPkg/AmdSev/AmdSevX64.fdf | 3 +
> OvmfPkg/OvmfPkgX64.fdf | 3 +
> OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 8 +-
> ...SevLib.inf => DxeBaseMemEncryptSevLib.inf} | 14 +-
> .../PeiBaseMemEncryptSevLib.inf | 57 ++
> .../SecBaseMemEncryptSevLib.inf | 55 +
> OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf | 44 +
> OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 6 +-
> OvmfPkg/PlatformPei/PlatformPei.inf | 2 +
> OvmfPkg/Include/Library/MemEncryptSevLib.h | 90 +-
> .../BaseMemEncryptSevLib/X64/VirtualMemory.h | 35 +-
> OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.h | 53 +
> OvmfPkg/AmdSevDxe/AmdSevDxe.c | 20 +-
> OvmfPkg/Bhyve/PlatformPei/AmdSev.c | 12 +-
> .../DxeMemEncryptSevLibInternal.c | 145 +++
> .../Ia32/MemEncryptSevLib.c | 31 +-
> .../MemEncryptSevLibInternal.c | 91 +-
> .../PeiMemEncryptSevLibInternal.c | 159 +++
> .../SecMemEncryptSevLibInternal.c | 130 +++
> .../X64/MemEncryptSevLib.c | 32 +-
> .../X64/PeiDxeVirtualMemory.c | 893 ++++++++++++++++
> .../X64/SecVirtualMemory.c | 100 ++
> .../BaseMemEncryptSevLib/X64/VirtualMemory.c | 954 +++---------------
> .../VmgExitLib/PeiDxeVmgExitVcHandler.c | 103 ++
> .../Library/VmgExitLib/SecVmgExitVcHandler.c | 109 ++
> OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 130 ++-
> OvmfPkg/PlatformPei/AmdSev.c | 50 +-
> OvmfPkg/PlatformPei/MemDetect.c | 5 +
> OvmfPkg/Sec/SecMain.c | 6 +-
> OvmfPkg/XenPlatformPei/AmdSev.c | 12 +-
> OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm | 116 +++
> OvmfPkg/ResetVector/Ia32/PageTables64.asm | 108 +-
> OvmfPkg/ResetVector/ResetVector.nasmb | 5 +-
> 40 files changed, 2590 insertions(+), 1020 deletions(-)
> rename OvmfPkg/Library/BaseMemEncryptSevLib/{BaseMemEncryptSevLib.inf => DxeBaseMemEncryptSevLib.inf} (66%)
> create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/PeiBaseMemEncryptSevLib.inf
> create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/SecBaseMemEncryptSevLib.inf
> create mode 100644 OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
> create mode 100644 OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.h
> create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
> create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
> create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
> create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
> create mode 100644 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c
> create mode 100644 OvmfPkg/Library/VmgExitLib/PeiDxeVmgExitVcHandler.c
> create mode 100644 OvmfPkg/Library/VmgExitLib/SecVmgExitVcHandler.c
> create mode 100644 OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm
>
next prev parent reply other threads:[~2020-12-17 14:23 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-15 20:50 [PATCH 00/12] SEV-ES security mitigations Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 01/12] Ovmf/ResetVector: Simplify and consolidate the SEV features checks Lendacky, Thomas
2021-01-04 18:58 ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 02/12] OvmfPkg/Sec: Move SEV-ES SEC workarea definition to common header file Lendacky, Thomas
2021-01-04 19:02 ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 03/12] OvmfPkg/ResetVector: Validate the encryption bit position for SEV/SEV-ES Lendacky, Thomas
2021-01-04 19:59 ` [edk2-devel] " Laszlo Ersek
2021-01-04 20:45 ` Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 04/12] OvmfPkg/ResetVector: Perform a simple SEV-ES sanity check Lendacky, Thomas
2021-01-04 20:00 ` [edk2-devel] " Laszlo Ersek
2021-01-04 20:48 ` Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 05/12] OvmfPkg/MemEncryptSevLib: Add an interface to retrieve the encryption mask Lendacky, Thomas
2021-01-04 20:34 ` [edk2-devel] " Laszlo Ersek
2021-01-04 21:09 ` Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 06/12] OvmfPkg/AmdSevDxe: Clear encryption bit on PCIe MMCONFIG range Lendacky, Thomas
2021-01-04 21:04 ` [edk2-devel] " Laszlo Ersek
2021-01-05 22:48 ` Lendacky, Thomas
2021-01-06 15:38 ` Laszlo Ersek
2020-12-15 20:51 ` [PATCH 07/12] OvmfPkg/VmgExitLib: Check for an explicit DR7 cached value Lendacky, Thomas
2021-01-04 21:05 ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 08/12] OvmfPkg/MemEncryptSevLib: Make the MemEncryptSevLib available for SEC Lendacky, Thomas
2021-01-05 9:40 ` [edk2-devel] " Laszlo Ersek
2021-01-05 14:34 ` Lendacky, Thomas
2021-01-05 15:38 ` Lendacky, Thomas
2021-01-06 14:22 ` Laszlo Ersek
2021-01-06 14:21 ` Laszlo Ersek
2020-12-15 20:51 ` [PATCH 09/12] OvmfPkg/MemEncryptSevLib: Address range encryption state interface Lendacky, Thomas
2021-01-05 9:48 ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 10/12] OvmfPkg/VmgExitLib: Support nested #VCs Lendacky, Thomas
2021-01-05 10:08 ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 11/12] OvmfPkg/PlatformPei: Reserve GHCB backup pages if S3 is supported Lendacky, Thomas
2021-01-05 10:13 ` [edk2-devel] " Laszlo Ersek
2021-01-05 14:40 ` Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 12/12] OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory Lendacky, Thomas
2021-01-05 10:28 ` [edk2-devel] " Laszlo Ersek
2021-01-05 14:45 ` Lendacky, Thomas
2020-12-17 14:23 ` Laszlo Ersek [this message]
2020-12-21 15:02 ` [edk2-devel] [PATCH 00/12] SEV-ES security mitigations Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fde04488-8511-2ccc-f9ec-82a8b8129949@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox