Re: [edk2-devel] Assistance Needed: ArmVirtPkg

2024-05-07 Thread Doug Flick via groups.io 
Thanks!

I figured out out what I was missing (a mistake on my end) and I now have it 
booting to shell! I'll make the required changes to OvmfPkg and ArmVirtPkg 
based on your suggestions and put the Patch Series on the mailing list.

The assert you were seeing was the patch attempting to use the EDK2 Nist 
algorithms where VirtioRngDxe doesn't supply them. In that case, I created a 
PCD to disable the attempt to use the Nist algorithms and just take whichever 
algorithm the Rng Producer provides. This allows a platform to implement 
however they deem fit and puts the responsibility of secure algorithms on the 
platform. 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118650): https://edk2.groups.io/g/devel/message/118650
Mute This Topic: https://groups.io/mt/105949609/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] Assistance Needed: ArmVirtPkg

2024-05-07 Thread Ard Biesheuvel 
There are no code changes, the only difference is adding the --pcd
PcdMonitorConduitHvc=TRUE option to the build.sh command line, and
running QEMU with -device virtio-rng-pci (which we should be doing in
any case, IMO)

The DEPEX might fix this, and this is actually the appropriate thing
to do if the driver cannot even be dispatched without the RNG protocol
available. However, I'm not convinced this is the right approach - I
think dispatching the driver but failing in the Supported() call on a
missing RNG protocol would be less disruptive, and give more
opportunity for a meaningful warning/error message to the actual user.

But I must admit I have only taken a very cursory look at the
underlying CVE and your proposed mitigation.



On Wed, 8 May 2024 at 00:28, Doug Flick via groups.io
 wrote:
>
> Thanks Ard for the explanation! Would you be able to tell me the exact 
> changes you made to get to this point and if that would be an acceptable 
> change to make to get these CVE patches on the mailing list? I'm happy adding 
> the depex but fundamentally I think the goal is get these patches into this 
> release. My attempts to rollback some of my changes and use VirtioRngDxe have 
> been unsuccessful so far.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118649): https://edk2.groups.io/g/devel/message/118649
Mute This Topic: https://groups.io/mt/105949609/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] Assistance Needed: ArmVirtPkg

2024-05-07 Thread Doug Flick via groups.io 
Thanks Ard for the explanation! 
Would you be able to tell me the exact changes you made to get to this point 
and if that would be an acceptable change to make to get these CVE patches on 
the mailing list? I'm happy adding the depex but fundamentally I think the goal 
is get these patches into this release. My attempts to rollback some of my 
changes and use VirtioRngDxe have been unsuccessful so far.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118647): https://edk2.groups.io/g/devel/message/118647
Mute This Topic: https://groups.io/mt/105949609/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] Assistance Needed: ArmVirtPkg

2024-05-07 Thread Ard Biesheuvel 
On Tue, 7 May 2024 at 00:22, Doug Flick  wrote:
>
> All,
>
> In order to patch Tianocore Bugzilla issues and CVEs:
>  4541 – Bug 08 - edk2/NetworkPkg: Predictable TCP ISNs (tianocore.org)
> and
> 4542 – Bug 09 - edk2/NetworkPkg: Use of a Weak PseudoRandom Number Generator 
> (tianocore.org)
>
> I've added as a dependency Hash2CryptoDxe and RngDxe lib to NetworkPkg. I've 
> been able to add the relevant libraries to the DSCs of OvmfPkg and 
> EmulatorPkg however I'm seeing odd behavior with ArmVirtPkg.
>
> Would someone more knowledgeable with ArmVirtPkg take a look this PR.
>
> PixieFail #8 and #9 TCBZ4541 and TCBZ4542 by Flickdm · Pull Request #5582 · 
> tianocore/edk2 (github.com)
>
> The issue was introduced in the commit "ArmVirtPkg: : Add RngDxe to 
> ArmVirtPkg"
>
> Right now PlatformCI_ArmVirtPkg_Ubuntu_GCC5_PR is crashing

You need to configure the TrngLib to use either secure monitor calls
or hypervisor calls, and this might be different depending on the
context:

- ordinary VMs running under proper virtualization will execute at EL1
under a hypervisor that implements the TRNG service, so it can only
use HVC (and SMC will trap, as you've experienced)

- QEMU itself does not implement the TRNG service (to my knowledge) so
running a VM under TCG emulation of EL1 will not have access to the
TRNG

- other emulation modes of QEMU may run the firmware in a different
way, where SMC is actually appropriate, and this could be either EL1
or EL2.

This makes it slightly awkward to decide whether or not to dispatch
RngDxe, and this is why nobody has gotten around to it (and I forgot
about this tbh)


TL;DR

building with --pcd PcdMonitorConduitHvc=TRUE will avoid the crash but
may not result in a usable RngDxe


It also seems to me that those network drivers will now need to DEPEX
on the RNG protocol, as they may get dispatched too early otherwise:

Failed to generate random data using secure algorithm 0: Unsupported
Failed to generate random data using secure algorithm 1: Unsupported
Failed to generate random data using secure algorithm 2: Unsupported

ASSERT_EFI_ERROR (Status = Unsupported)
ASSERT [Udp4Dxe] DxeNetLib.c(973): !(((INTN)(RETURN_STATUS)(Status)) < 0)
QEMU: Terminated

This is with -device virtio-rng-pci and the VirtioRngDxe driver (which
is already included in OVMF and ArmVirtQemu) but the driver dispatches
before the driver model can instantiate the protocol.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118646): https://edk2.groups.io/g/devel/message/118646
Mute This Topic: https://groups.io/mt/105949609/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] Assistance Needed: ArmVirtPkg

2024-05-07 Thread Gerd Hoffmann 
On Mon, May 06, 2024 at 10:22:07PM GMT, Doug Flick wrote:
> All,
> 
> In order to patch Tianocore Bugzilla issues and CVEs:
>  4541 – Bug 08 - edk2/NetworkPkg: Predictable TCP ISNs 
> (tianocore.org)
> and
> 4542 – Bug 09 - edk2/NetworkPkg: Use of a Weak PseudoRandom Number Generator 
> (tianocore.org)
> 
> I've added as a dependency Hash2CryptoDxe and RngDxe lib to NetworkPkg. I've 
> been able to add the relevant libraries to the DSCs of OvmfPkg and 
> EmulatorPkg however I'm seeing odd behavior with ArmVirtPkg.
> 
> Would someone more knowledgeable with ArmVirtPkg take a look this PR.

Both OVMF and ArmVirt use the virtio random number device as
source for random numbers.

Driver: OvmfPkg/VirtioRngDxe
Some Background: https://wiki.qemu.org/Features/VirtIORNG

Typically the virtio rng device is present in virtual machine
configurations.  It might be missing though.

I'd recommend:
  (1) Do *not* add RngDxe to OvmfPkg and ArmVirtPkg dsc files, instead
  continue to depend on VirtioRngDxe.
  (2) Keep the time-based not-really-random RNG generator as fallback in
  case EFI_RNG_PROTOCOL is not present (possibly requiring a PCD
  being set so the fallback option can be disabled at build time).

HTH & take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118642): https://edk2.groups.io/g/devel/message/118642
Mute This Topic: https://groups.io/mt/105949609/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] Assistance Needed: ArmVirtPkg

2024-05-06 Thread Doug Flick via groups.io 
All,

In order to patch Tianocore Bugzilla issues and CVEs:
 4541 – Bug 08 - edk2/NetworkPkg: Predictable TCP ISNs 
(tianocore.org)
and
4542 – Bug 09 - edk2/NetworkPkg: Use of a Weak PseudoRandom Number Generator 
(tianocore.org)

I've added as a dependency Hash2CryptoDxe and RngDxe lib to NetworkPkg. I've 
been able to add the relevant libraries to the DSCs of OvmfPkg and EmulatorPkg 
however I'm seeing odd behavior with ArmVirtPkg.

Would someone more knowledgeable with ArmVirtPkg take a look this PR.

PixieFail #8 and #9 TCBZ4541 and TCBZ4542 by Flickdm · Pull Request #5582 · 
tianocore/edk2 (github.com)

The issue was introduced in the commit "ArmVirtPkg: : Add RngDxe to 
ArmVirtPkg"

Right now PlatformCI_ArmVirtPkg_Ubuntu_GCC5_PR is crashing with

INFO - Synchronous Exception at 0x7FBE35BC
INFO - PC 0x7FBE35BC (0x7FBE+0x35BC) [ 0] RngDxe.dll
INFO - PC 0x7FBE2430 (0x7FBE+0x2430) [ 0] RngDxe.dll
INFO - PC 0x7FBE2E14 (0x7FBE+0x2E14) [ 0] RngDxe.dll
INFO - PC 0x4748CCFC (0x47485000+0x7CFC) [ 1] DxeCore.dll
INFO - PC 0x4749A6C4 (0x47485000+0x000156C4) [ 1] DxeCore.dll
INFO - PC 0x474904F0 (0x47485000+0xB4F0) [ 1] DxeCore.dll
INFO -
INFO - [ 0] 
/__w/1/s/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe/DEBUG/RngDxe.dll
INFO - [ 1] 
/__w/1/s/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
INFO -
INFO -   X0 0x8000   X1 0x   X2 0x  
 X3 0x
INFO -   X4 0x   X5 0x   X6 0x  
 X7 0x
INFO -   X8 0x7008   X9 0x0007  X10 0x7EA47000  
X11 0x7EA54FFF
INFO -  X12 0x  X13 0x0008  X14 0x  
X15 0x
INFO -  X16 0x47484D70  X17 0x474CC000  X18 0x  
X19 0x7FFD0018
INFO -  X20 0x0001  X21 0x7EA55D98  X22 0x7FBE5000  
X23 0x0030
INFO -  X24 0x  X25 0x7FBE5000  X26 0x  
X27 0x474B
INFO -  X28 0x0001   FP 0x47484C50   LR 0x7FBE2430
INFO -
INFO -   V0 0x    V1 0x 

INFO -   V2 0x    V3 0x 

INFO -   V4 0x    V5 0x 

INFO -   V6 0x    V7 0x 

INFO -   V8 0x    V9 0x 

INFO -  V10 0x   V11 0x 

INFO -  V12 0x   V13 0x 

INFO -  V14 0x   V15 0x 

INFO -  V16 0x   V17 0x 

INFO -  V18 0x   V19 0x 

INFO -  V20 0x   V21 0x 

INFO -  V22 0x   V23 0x 

INFO -  V24 0x   V25 0x 

INFO -  V26 0x   V27 0x 

INFO -  V28 0x   V29 0x 

INFO -  V30 0x   V31 0x 



Thanks!


  *
Doug



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118615): https://edk2.groups.io/g/devel/message/118615
Mute This Topic: https://groups.io/mt/105949609/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-