On 18/10/2021 21:02, Tom Lendacky wrote:
> On 9/30/21 12:49 AM, Dov Murik wrote:
>
> ...
>
>> +/*
>> + * Add the hashes of the linux kernel/initrd/cmdline to an encrypted
>> guest page
>> + * which is included in SEV's initial memory measurement.
>> + */
>> +bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error
>> **errp)
>> +{
>> + uint8_t *data;
>> + SevHashTableDescriptor *area;
>> + SevHashTable *ht;
>> + uint8_t cmdline_hash[HASH_SIZE];
>> + uint8_t initrd_hash[HASH_SIZE];
>> + uint8_t kernel_hash[HASH_SIZE];
>> + uint8_t *hashp;
>> + size_t hash_len = HASH_SIZE;
>> + int aligned_len;
>> +
>> + if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data,
>> NULL)) {
>> + error_setg(errp, "SEV: kernel specified but OVMF has no hash
>> table guid");
>> + return false;
>> + }
>
> This breaks backwards compatibility with an older OVMF image. Any older
> OVMF image with SEV support that doesn't have the hash table GUID will
> now fail to boot using -kernel/-initrd/-append, where it used to be able
> to boot before.
>
Thanks Tom for noticing this.
Just so we're on the same page: this patch is already merged.
We're dealing with a scenario of launching a guest with SEV enabled and
with -kernel. The behaviours are:
A. With current QEMU:
A1. New AmdSev OVMF build: OVMF will verify the hashes and boot correctly.
A2. New Generic OvmfPkgX64 build: No verification but will boot correctly.
A3. Old AmdSev OVMF build: QEMU aborts the launch because there's no
hash table GUID.
A4. Old Generic OvmfPkgX64 build: QEMU aborts the launch because there's
no hash table GUID.
B. With older QEMU (before this patch was merged):
B1. New AmdSev OVMF build: OVMF will try to verify the hashes but they
are not populated; boot aborted.
B2. New Generic OvmfPkgX64 build: No verification but will boot correctly.
B3. Old AmdSev OVMF build: OVMF aborts the launch because -kernel is not
supported at all.
B4. Old Generic OvmfPkgX64 build: No verification but will boot correctly.
So the problem you are raising is scenario A4 (as opposed to previous
behaviour B4).
> Is that anything we need to be concerned about?
>
Possible solutions:
1. Do nothing. For users that encounter this: tell them to upgrade OVMF.
2. Modify the code: remove the line: error_setg(errp, "SEV: kernel
specified but OVMF has no hash table guid")
I think that option 2 will not degrade security *if* the Guest Owner
verifies the measurement (which is mandatory anyway; otherwise the
untrusted host can replace OVMF with a "malicious" version that doesn't
verify the hashes). Skipping silently might make debugging a bit harder.
Maybe we can print a warning and return, and then the guest launch will
continue?
Other ideas?
-Dov
