On 7/6/21 3:54 AM, Dov Murik wrote: > From: James Bottomley <[email protected]> > > Split the existing 4KB page reserved for SEV launch secrets into two > parts: first 3KB for SEV launch secrets and last 1KB for firmware > config hashes. > > The area of the firmware config hashes will be attested (measured) by > the PSP and thus the untrusted VMM can't pass in different files from > what the guest owner allows. > > Declare this in the Reset Vector table using GUID > 7255371f-3a3b-4b04-927b-1da6efa8d454 and a uint32_t table of a base > and size value (similar to the structure used to declare the launch > secret block). > > Cc: Laszlo Ersek <[email protected]> > Cc: Ard Biesheuvel <[email protected]> > Cc: Jordan Justen <[email protected]> > Cc: Ashish Kalra <[email protected]> > Cc: Brijesh Singh <[email protected]> > Cc: Erdem Aktas <[email protected]> > Cc: James Bottomley <[email protected]> > Cc: Jiewen Yao <[email protected]> > Cc: Min Xu <[email protected]> > Cc: Tom Lendacky <[email protected]> > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 > Co-developed-by: Dov Murik <[email protected]> > Signed-off-by: Dov Murik <[email protected]> > Signed-off-by: James Bottomley <[email protected]>
Reviewed by: Tom Lendacky <[email protected]> > --- > OvmfPkg/OvmfPkg.dec | 6 ++++++ > OvmfPkg/AmdSev/AmdSevX64.fdf | 5 ++++- > OvmfPkg/ResetVector/ResetVector.inf | 2 ++ > OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 20 ++++++++++++++++++++ > OvmfPkg/ResetVector/ResetVector.nasmb | 2 ++ > 5 files changed, 34 insertions(+), 1 deletion(-) > > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec > index f82228d69cc2..2ab27f0c73c2 100644 > --- a/OvmfPkg/OvmfPkg.dec > +++ b/OvmfPkg/OvmfPkg.dec > @@ -324,6 +324,12 @@ [PcdsFixedAtBuild] > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42 > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43 > > + ## The base address and size of a hash table confirming allowed > + # parameters to be passed in via the Qemu firmware configuration > + # device > + gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|0x0|UINT32|0x47 > + gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize|0x0|UINT32|0x48 > + > [PcdsDynamic, PcdsDynamicEx] > gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 > diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf > index 9977b0f00a18..0a89749700c3 100644 > --- a/OvmfPkg/AmdSev/AmdSevX64.fdf > +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf > @@ -59,9 +59,12 @@ [FD.MEMFD] > 0x00B000|0x001000 > > gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize > > -0x00C000|0x001000 > +0x00C000|0x000C00 > > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize > > +0x00CC00|0x000400 > +gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize > + > 0x00D000|0x001000 > > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize > > diff --git a/OvmfPkg/ResetVector/ResetVector.inf > b/OvmfPkg/ResetVector/ResetVector.inf > index dc38f68919cd..d028c92d8cfa 100644 > --- a/OvmfPkg/ResetVector/ResetVector.inf > +++ b/OvmfPkg/ResetVector/ResetVector.inf > @@ -47,3 +47,5 @@ [Pcd] > [FixedPcd] > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize > + gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase > + gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize > diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > index 9c0b5853a46f..7ec3c6e980c3 100644 > --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > @@ -47,7 +47,27 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart + > 15) % 16)) DB 0 > ; > guidedStructureStart: > > +; SEV Hash Table Block > ; > +; This describes the guest ram area where the hypervisor should > +; install a table describing the hashes of certain firmware configuration > +; device files that would otherwise be passed in unchecked. The current > +; use is for the kernel, initrd and command line values, but others may be > +; added. The data format is: > +; > +; base physical address (32 bit word) > +; table length (32 bit word) > +; > +; GUID (SEV FW config hash block): 7255371f-3a3b-4b04-927b-1da6efa8d454 > +; > +sevFwHashBlockStart: > + DD SEV_FW_HASH_BLOCK_BASE > + DD SEV_FW_HASH_BLOCK_SIZE > + DW sevFwHashBlockEnd - sevFwHashBlockStart > + DB 0x1f, 0x37, 0x55, 0x72, 0x3b, 0x3a, 0x04, 0x4b > + DB 0x92, 0x7b, 0x1d, 0xa6, 0xef, 0xa8, 0xd4, 0x54 > +sevFwHashBlockEnd: > + > ; SEV Secret block > ; > ; This describes the guest ram area where the hypervisor should > diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb > b/OvmfPkg/ResetVector/ResetVector.nasmb > index 5fbacaed5f9d..8d0bab02f8cb 100644 > --- a/OvmfPkg/ResetVector/ResetVector.nasmb > +++ b/OvmfPkg/ResetVector/ResetVector.nasmb > @@ -88,5 +88,7 @@ > %define SEV_ES_AP_RESET_IP FixedPcdGet32 (PcdSevEsWorkAreaBase) > %define SEV_LAUNCH_SECRET_BASE FixedPcdGet32 (PcdSevLaunchSecretBase) > %define SEV_LAUNCH_SECRET_SIZE FixedPcdGet32 (PcdSevLaunchSecretSize) > + %define SEV_FW_HASH_BLOCK_BASE FixedPcdGet32 (PcdQemuHashTableBase) > + %define SEV_FW_HASH_BLOCK_SIZE FixedPcdGet32 (PcdQemuHashTableSize) > %include "Ia16/ResetVectorVtf0.asm" > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77909): https://edk2.groups.io/g/devel/message/77909 Mute This Topic: https://groups.io/mt/84016363/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
