From nobody Mon Feb  9 12:09:42 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+77509+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+77509+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=linux.ibm.com
ARC-Seal: i=1; a=rsa-sha256; t=1625561722; cv=none;
	d=zohomail.com; s=zohoarc;
	b=mbwv4KIyRif3XcD3bVlUz1TVvKSFe2MeZer6nJv2C3fB+s1JY7O2+u8qS/oh3rtSLaQu4UX9rbriAWaukPYvu2YZhTnNXKadG8fK4CVvz7COHGDXalc1EvPnmCtJotIO91t9Uup9s8zF76sYnWPiYHoZYOImA0ixtVf27Tg+MBg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1625561722;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=W8lBWGgytbRon1Kc4AsRXPC34bh1B56HayEG8EaQkJ4=;
	b=ZIt8n5+mIRxbeDAkk0YIjQzHLKz0Viq4PHAlJlHZNpzPUE+nflgslfR3aO/u+5yMV/eXui+PUQpFab0W/bbRajd3ubHznG0BZv19bRTB+yD4gWgQj/SSfRgHn/c8oqzDQ0RyDDdq4eLCBGVVN9YJi5WnZNjhVQ2jOGeQB5zBPns=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+77509+1787277+3901457@groups.io;
	dmarc=fail header.from=<dovmurik@linux.ibm.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1625561722401839.1153493075273;
 Tue, 6 Jul 2021 01:55:22 -0700 (PDT)
Return-Path: <bounce+27952+77509+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id brDMYY1788612x7LUrszBDGg;
 Tue, 06 Jul 2021 01:55:22 -0700
X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
 [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web08.3621.1625561721535317083
 for <devel@edk2.groups.io>;
 Tue, 06 Jul 2021 01:55:21 -0700
X-Received: from pps.filterd (m0098410.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id
 1668XZmi121993;
	Tue, 6 Jul 2021 04:55:20 -0400
X-Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 39mjuwj207-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 06 Jul 2021 04:55:20 -0400
X-Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 1668Xk86122520;
	Tue, 6 Jul 2021 04:55:19 -0400
X-Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com
 [169.55.85.253])
	by mx0a-001b2d01.pphosted.com with ESMTP id 39mjuwj1yh-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 06 Jul 2021 04:55:19 -0400
X-Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1])
	by ppma01wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 1668r072006631;
	Tue, 6 Jul 2021 08:55:17 GMT
X-Received: from b03cxnp07028.gho.boulder.ibm.com
 (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15])
	by ppma01wdc.us.ibm.com with ESMTP id 39jfhafw2x-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 06 Jul 2021 08:55:17 +0000
X-Received: from b03ledav003.gho.boulder.ibm.com
 (b03ledav003.gho.boulder.ibm.com [9.17.130.234])
	by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 1668tF4D45744420
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Tue, 6 Jul 2021 08:55:16 GMT
X-Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id DC2566A04D;
	Tue,  6 Jul 2021 08:55:15 +0000 (GMT)
X-Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id CB4216A051;
	Tue,  6 Jul 2021 08:55:14 +0000 (GMT)
X-Received: from localhost.localdomain (unknown [9.2.130.16])
	by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP;
	Tue,  6 Jul 2021 08:55:14 +0000 (GMT)
From: "Dov Murik" <dovmurik@linux.ibm.com>
To: devel@edk2.groups.io
Cc: Dov Murik <dovmurik@linux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@ibm.com>, Jim Cadden <jcadden@ibm.com>,
        James Bottomley <jejb@linux.ibm.com>,
        Hubertus Franke <frankeh@us.ibm.com>,
 Laszlo Ersek <lersek@redhat.com>,
        Ard Biesheuvel <ardb+tianocore@kernel.org>,
        Jordan Justen <jordan.l.justen@intel.com>,
        Ashish Kalra <ashish.kalra@amd.com>,
        Brijesh Singh <brijesh.singh@amd.com>,
        Erdem Aktas <erdemaktas@google.com>,
 Jiewen Yao <jiewen.yao@intel.com>,
        Min Xu <min.m.xu@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>
Subject: [edk2-devel] [PATCH v2 07/11] OvmfPkg/QemuKernelLoaderFsDxe: call
 VerifyBlob after fetch from fw_cfg
Date: Tue,  6 Jul 2021 08:54:57 +0000
Message-Id: <20210706085501.1260662-8-dovmurik@linux.ibm.com>
In-Reply-To: <20210706085501.1260662-1-dovmurik@linux.ibm.com>
References: <20210706085501.1260662-1-dovmurik@linux.ibm.com>
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: f0CUQH9tVrBTNymy9wZUnq6IGlHBlCsO
X-Proofpoint-GUID: Ft21CewkqBzoV-kf46ywSn6EQPnr1_DZ
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,dovmurik@linux.ibm.com
X-Gm-Message-State: g6drTsSptSTFXaZ0mnyp4iWYx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1625561722;
 bh=AhJf5GDWfgDKZD2jbCHunq1miBVS4oei0aDN+uIPeOo=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=lT65t7sewQ74nI0xVTVwhxIkFILMeYPxttyqSA7ZDPpbupZ442c3XMuBDYcrt3zp+h5
 l4tLE5ONx8x1duNRCSWhUk8zRFTSOgaBWCaraSUFB9TQ7/HuktOUHw86vNWdJE6XGPuoL
 1rvQ/Zn/9fplNr3M8RlpEiEb+jzxbeG2GVw=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1625561728258100006
Content-Type: text/plain; charset="utf-8"

In QemuKernelLoaderFsDxeEntrypoint we use FetchBlob to read the content
of the kernel/initrd/cmdline from the QEMU fw_cfg interface.  Insert a
call to VerifyBlob after fetching to allow BlobVerifierLib
implementations to add a verification step for these blobs.

This will allow confidential computing OVMF builds to add verification
mechanisms for these blobs that originate from an untrusted source
(QEMU).

The null implementation of BlobVerifierLib does nothing in VerifyBlob,
and therefore no functional change is expected.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457
Co-developed-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPk=
g/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
index c7ddd86f5c75..b43330d23b80 100644
--- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
+++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
@@ -17,6 +17,7 @@
 #include <Guid/QemuKernelLoaderFsMedia.h>
 #include <Library/BaseLib.h>
 #include <Library/BaseMemoryLib.h>
+#include <Library/BlobVerifierLib.h>
 #include <Library/DebugLib.h>
 #include <Library/DevicePathLib.h>
 #include <Library/MemoryAllocationLib.h>
@@ -1039,6 +1040,14 @@ QemuKernelLoaderFsDxeEntrypoint (
     if (EFI_ERROR (Status)) {
       goto FreeBlobs;
     }
+    Status =3D VerifyBlob (
+               CurrentBlob->Name,
+               CurrentBlob->Data,
+               CurrentBlob->Size
+             );
+    if (EFI_ERROR (Status)) {
+      goto FreeBlobs;
+    }
     mTotalBlobBytes +=3D CurrentBlob->Size;
   }
   KernelBlob      =3D &mKernelBlob[KernelBlobTypeKernel];
--=20
2.25.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77509): https://edk2.groups.io/g/devel/message/77509
Mute This Topic: https://groups.io/mt/84016359/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-