On 7/6/21 3:54 AM, Dov Murik wrote: > From: James Bottomley <j...@linux.ibm.com> > > Split the existing 4KB page reserved for SEV launch secrets into two > parts: first 3KB for SEV launch secrets and last 1KB for firmware > config hashes. > > The area of the firmware config hashes will be attested (measured) by > the PSP and thus the untrusted VMM can't pass in different files from > what the guest owner allows. > > Declare this in the Reset Vector table using GUID > 7255371f-3a3b-4b04-927b-1da6efa8d454 and a uint32_t table of a base > and size value (similar to the structure used to declare the launch > secret block). > > Cc: Laszlo Ersek <ler...@redhat.com> > Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org> > Cc: Jordan Justen <jordan.l.jus...@intel.com> > Cc: Ashish Kalra <ashish.ka...@amd.com> > Cc: Brijesh Singh <brijesh.si...@amd.com> > Cc: Erdem Aktas <erdemak...@google.com> > Cc: James Bottomley <j...@linux.ibm.com> > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Min Xu <min.m...@intel.com> > Cc: Tom Lendacky <thomas.lenda...@amd.com> > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 > Co-developed-by: Dov Murik <dovmu...@linux.ibm.com> > Signed-off-by: Dov Murik <dovmu...@linux.ibm.com> > Signed-off-by: James Bottomley <j...@linux.ibm.com>
Reviewed by: Tom Lendacky <thomas.lenda...@amd.com> > --- > OvmfPkg/OvmfPkg.dec | 6 ++++++ > OvmfPkg/AmdSev/AmdSevX64.fdf | 5 ++++- > OvmfPkg/ResetVector/ResetVector.inf | 2 ++ > OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 20 ++++++++++++++++++++ > OvmfPkg/ResetVector/ResetVector.nasmb | 2 ++ > 5 files changed, 34 insertions(+), 1 deletion(-) > > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec > index f82228d69cc2..2ab27f0c73c2 100644 > --- a/OvmfPkg/OvmfPkg.dec > +++ b/OvmfPkg/OvmfPkg.dec > @@ -324,6 +324,12 @@ [PcdsFixedAtBuild] > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42 > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43 > > + ## The base address and size of a hash table confirming allowed > + # parameters to be passed in via the Qemu firmware configuration > + # device > + gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|0x0|UINT32|0x47 > + gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize|0x0|UINT32|0x48 > + > [PcdsDynamic, PcdsDynamicEx] > gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 > diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf > index 9977b0f00a18..0a89749700c3 100644 > --- a/OvmfPkg/AmdSev/AmdSevX64.fdf > +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf > @@ -59,9 +59,12 @@ [FD.MEMFD] > 0x00B000|0x001000 > > gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize > > -0x00C000|0x001000 > +0x00C000|0x000C00 > > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize > > +0x00CC00|0x000400 > +gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize > + > 0x00D000|0x001000 > > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize > > diff --git a/OvmfPkg/ResetVector/ResetVector.inf > b/OvmfPkg/ResetVector/ResetVector.inf > index dc38f68919cd..d028c92d8cfa 100644 > --- a/OvmfPkg/ResetVector/ResetVector.inf > +++ b/OvmfPkg/ResetVector/ResetVector.inf > @@ -47,3 +47,5 @@ [Pcd] > [FixedPcd] > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize > + gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase > + gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize > diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > index 9c0b5853a46f..7ec3c6e980c3 100644 > --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > @@ -47,7 +47,27 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart + > 15) % 16)) DB 0 > ; > guidedStructureStart: > > +; SEV Hash Table Block > ; > +; This describes the guest ram area where the hypervisor should > +; install a table describing the hashes of certain firmware configuration > +; device files that would otherwise be passed in unchecked. The current > +; use is for the kernel, initrd and command line values, but others may be > +; added. The data format is: > +; > +; base physical address (32 bit word) > +; table length (32 bit word) > +; > +; GUID (SEV FW config hash block): 7255371f-3a3b-4b04-927b-1da6efa8d454 > +; > +sevFwHashBlockStart: > + DD SEV_FW_HASH_BLOCK_BASE > + DD SEV_FW_HASH_BLOCK_SIZE > + DW sevFwHashBlockEnd - sevFwHashBlockStart > + DB 0x1f, 0x37, 0x55, 0x72, 0x3b, 0x3a, 0x04, 0x4b > + DB 0x92, 0x7b, 0x1d, 0xa6, 0xef, 0xa8, 0xd4, 0x54 > +sevFwHashBlockEnd: > + > ; SEV Secret block > ; > ; This describes the guest ram area where the hypervisor should > diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb > b/OvmfPkg/ResetVector/ResetVector.nasmb > index 5fbacaed5f9d..8d0bab02f8cb 100644 > --- a/OvmfPkg/ResetVector/ResetVector.nasmb > +++ b/OvmfPkg/ResetVector/ResetVector.nasmb > @@ -88,5 +88,7 @@ > %define SEV_ES_AP_RESET_IP FixedPcdGet32 (PcdSevEsWorkAreaBase) > %define SEV_LAUNCH_SECRET_BASE FixedPcdGet32 (PcdSevLaunchSecretBase) > %define SEV_LAUNCH_SECRET_SIZE FixedPcdGet32 (PcdSevLaunchSecretSize) > + %define SEV_FW_HASH_BLOCK_BASE FixedPcdGet32 (PcdQemuHashTableBase) > + %define SEV_FW_HASH_BLOCK_SIZE FixedPcdGet32 (PcdQemuHashTableSize) > %include "Ia16/ResetVectorVtf0.asm" > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77909): https://edk2.groups.io/g/devel/message/77909 Mute This Topic: https://groups.io/mt/84016363/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-