On 05/25/21 07:31, Dov Murik wrote: > Booting with SEV prevented the loading of kernel, initrd, and kernel > command-line via QEMU fw_cfg interface because they arrive from the VMM > which is untrusted in SEV. > > However, in some cases the kernel, initrd, and cmdline are not secret > but should not be modified by the host. In such a case, we want to > verify inside the trusted VM that the kernel, initrd, and cmdline are > indeed the ones expected by the Guest Owner, and only if that is the > case go on and boot them up (removing the need for grub inside OVMF in > that mode). > > This patch series declares a new page in MEMFD which will contain the > hashes of these three blobs (kernel, initrd, cmdline), each under its > own GUID entry. This tables of hashes is populated by QEMU before > launch, and encrypted as part of the initial VM memory; this makes sure > theses hashes are part of the SEV measurement (which has to be approved > by the Guest Owner for secret injection, for example). Note that this > requires a new QEMU patch which will be submitted soon. > > OVMF parses the table of hashes populated by QEMU (patch 5), and as it > reads the fw_cfg blobs from QEMU, it will verify each one against the > expected hash (kernel and initrd verifiers are introduced in patch 6, > and command-line verifier is introduced in patches 7+8). This is all > done inside the trusted VM context. If all the hashes are correct, boot > of the kernel is allowed to continue. > > Any attempt by QEMU to modify the kernel, initrd, cmdline (including > dropping one of them), or to modify the OVMF code that verifies those > hashes, will cause the initial SEV measurement to change and therefore > will be detectable by the Guest Owner during launch before secret > injection. > > Cc: Laszlo Ersek <ler...@redhat.com> > Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org> > Cc: Jordan Justen <jordan.l.jus...@intel.com> > Cc: Ashish Kalra <ashish.ka...@amd.com> > Cc: Brijesh Singh <brijesh.si...@amd.com> > Cc: Erdem Aktas <erdemak...@google.com> > Cc: James Bottomley <j...@linux.ibm.com> > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Min Xu <min.m...@intel.com> > Cc: Tom Lendacky <thomas.lenda...@amd.com> > > James Bottomley (8): > OvmfPkg/AmdSev/SecretDxe: fix header comment to generic naming > OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg > OvmfPkg/AmdSev: add a page to the MEMFD for firmware config hashes > OvmfPkg/QemuKernelLoaderFsDxe: Add ability to verify loaded items > OvmfPkg/AmdSev: Add library to find encrypted hashes for the FwCfg > device > OvmfPkg/AmdSev: Add firmware file plugin to verifier > OvmfPkg: GenericQemuLoadImageLib: Allow verifying fw_cfg command line > OvmfPkg/AmdSev: add SevQemuLoadImageLib > > OvmfPkg/OvmfPkg.dec | > 10 ++ > OvmfPkg/AmdSev/AmdSevX64.dsc | > 9 +- > OvmfPkg/AmdSev/AmdSevX64.fdf | > 3 + > OvmfPkg/AmdSev/Library/SevFwCfgVerifier/SevFwCfgVerifier.inf | > 30 +++++ > OvmfPkg/AmdSev/Library/SevHashFinderLib/SevHashFinderLib.inf | > 34 ++++++ > OvmfPkg/AmdSev/Library/SevQemuLoadImageLib/SevQemuLoadImageLib.inf | > 30 +++++ > OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManagerLibGrub.inf | > 2 + > OvmfPkg/ResetVector/ResetVector.inf | > 2 + > OvmfPkg/AmdSev/Include/Library/SevHashFinderLib.h | > 47 ++++++++ > OvmfPkg/Include/Library/QemuFwCfgLib.h | > 35 ++++++ > OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h | > 11 ++ > OvmfPkg/AmdSev/Library/SevFwCfgVerifier/SevFwCfgVerifier.c | > 60 ++++++++++ > OvmfPkg/AmdSev/Library/SevHashFinderLib/SevHashFinderLib.c | > 126 ++++++++++++++++++++ > OvmfPkg/AmdSev/Library/SevQemuLoadImageLib/SevQemuLoadImageLib.c | > 52 ++++++++ > OvmfPkg/AmdSev/SecretDxe/SecretDxe.c | > 2 +- > OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c | > 29 +++++ > OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c | > 5 + > OvmfPkg/Library/PlatformBootManagerLibGrub/QemuKernel.c | > 50 ++++++++ > OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c | > 31 +++++ > OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | > 20 ++++ > OvmfPkg/ResetVector/ResetVector.nasmb | > 2 + > 21 files changed, 587 insertions(+), 3 deletions(-) > create mode 100644 > OvmfPkg/AmdSev/Library/SevFwCfgVerifier/SevFwCfgVerifier.inf > create mode 100644 > OvmfPkg/AmdSev/Library/SevHashFinderLib/SevHashFinderLib.inf > create mode 100644 > OvmfPkg/AmdSev/Library/SevQemuLoadImageLib/SevQemuLoadImageLib.inf > create mode 100644 OvmfPkg/AmdSev/Include/Library/SevHashFinderLib.h > create mode 100644 OvmfPkg/AmdSev/Library/SevFwCfgVerifier/SevFwCfgVerifier.c > create mode 100644 OvmfPkg/AmdSev/Library/SevHashFinderLib/SevHashFinderLib.c > create mode 100644 > OvmfPkg/AmdSev/Library/SevQemuLoadImageLib/SevQemuLoadImageLib.c > create mode 100644 OvmfPkg/Library/PlatformBootManagerLibGrub/QemuKernel.c >
I'm confirming that this series is in my review queue. However, I may need unusually long time to get to it. Thanks for your patience. Thanks Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75792): https://edk2.groups.io/g/devel/message/75792 Mute This Topic: https://groups.io/mt/83074450/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
