[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for
|
From: |
Tom Lendacky |
|
Subject: |
Re: [PATCH v4 1/2] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot |
|
Date: |
Wed, 20 Oct 2021 10:26:50 -0500 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 |
On 10/19/21 1:18 AM, Dov Murik wrote:
On 18/10/2021 21:02, Tom Lendacky wrote:
On 9/30/21 12:49 AM, Dov Murik wrote:
...
+/*
+ * Add the hashes of the linux kernel/initrd/cmdline to an encrypted
guest page
+ * which is included in SEV's initial memory measurement.
+ */
+bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error
**errp)
+{
+ uint8_t *data;
+ SevHashTableDescriptor *area;
+ SevHashTable *ht;
+ uint8_t cmdline_hash[HASH_SIZE];
+ uint8_t initrd_hash[HASH_SIZE];
+ uint8_t kernel_hash[HASH_SIZE];
+ uint8_t *hashp;
+ size_t hash_len = HASH_SIZE;
+ int aligned_len;
+
+ if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data,
NULL)) {
+ error_setg(errp, "SEV: kernel specified but OVMF has no hash
table guid");
+ return false;
+ }
This breaks backwards compatibility with an older OVMF image. Any older
OVMF image with SEV support that doesn't have the hash table GUID will
now fail to boot using -kernel/-initrd/-append, where it used to be able
to boot before.
Thanks Tom for noticing this.
Just so we're on the same page: this patch is already merged.
Right, just not in a release, yet.
We're dealing with a scenario of launching a guest with SEV enabled and
with -kernel. The behaviours are:
A. With current QEMU:
A1. New AmdSev OVMF build: OVMF will verify the hashes and boot correctly.
A2. New Generic OvmfPkgX64 build: No verification but will boot correctly.
A3. Old AmdSev OVMF build: QEMU aborts the launch because there's no
hash table GUID.
A4. Old Generic OvmfPkgX64 build: QEMU aborts the launch because there's
no hash table GUID.
B. With older QEMU (before this patch was merged):
B1. New AmdSev OVMF build: OVMF will try to verify the hashes but they
are not populated; boot aborted.
B2. New Generic OvmfPkgX64 build: No verification but will boot correctly.
B3. Old AmdSev OVMF build: OVMF aborts the launch because -kernel is not
supported at all.
B4. Old Generic OvmfPkgX64 build: No verification but will boot correctly.
So the problem you are raising is scenario A4 (as opposed to previous
behaviour B4).
Correct, scenario A4.
Is that anything we need to be concerned about?
Possible solutions:
1. Do nothing. For users that encounter this: tell them to upgrade OVMF.
2. Modify the code: remove the line: error_setg(errp, "SEV: kernel
specified but OVMF has no hash table guid")
I think that option 2 will not degrade security *if* the Guest Owner
verifies the measurement (which is mandatory anyway; otherwise the
untrusted host can replace OVMF with a "malicious" version that doesn't
verify the hashes). Skipping silently might make debugging a bit harder.
Maybe we can print a warning and return, and then the guest launch will
continue?
That sounds like it might be the best approach if there are no security
concerns. I agree with printing a message, either informational or warning
is ok by me.
Lets see if anyone else has some thoughts/ideas.
Thanks,
Tom
Other ideas?
-Dov