From nobody Mon May 6 01:15:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+83100+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+83100+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1635841519; cv=none; d=zohomail.com; s=zohoarc; b=SUaAjw97UA25WSZcwheSdUUc4BT3zr9Gya5C6aZi03+MXugrxIYBk055unHjcbAxwLqVouX8z9gbiKjAcWCm9+k2GyobErXf8HQ1PGEZam9wbxwdXF9C+c/hNj9m5n1nHTFTpq3NmiuaWvMwIOd8sDSF5UEuXuvbFPrAXl/ur+s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1635841519; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=6LN9QSIA3fY+60HAO0BHGAJMCVhX9RjJqn5q6B3UHnw=; b=DYGpRQxAzdRkPqNG+IAO1/VCHdEsEz73iTyv9+JIxbUMe+QVOIPOEiEDvKNca0t5XMqaCn+Ck2XNHJNf9oDX/kRmqzPg8azB190A5VIo1zJwO3Ba0n2KkWLDmbuuMBDM6RzlwKpl/aEWzCDZq32FUcpKBpTGzMh1NdlfEyqKzQQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+83100+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 163584151951025.21769394031503; Tue, 2 Nov 2021 01:25:19 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 9b8yYY1788612xd5Q3nlUGau; Tue, 02 Nov 2021 01:25:19 -0700 X-Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web10.6489.1635841517567100130 for ; Tue, 02 Nov 2021 01:25:18 -0700 X-Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1A266hQk026866; Tue, 2 Nov 2021 08:25:13 GMT X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3c2mvmeuw8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Nov 2021 08:25:13 +0000 X-Received: from m0098417.ppops.net (m0098417.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 1A28M5ng015792; Tue, 2 Nov 2021 08:25:13 GMT X-Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com with ESMTP id 3c2mvmeuvt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Nov 2021 08:25:13 +0000 X-Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 1A28COAp019008; Tue, 2 Nov 2021 08:25:12 GMT X-Received: from b03cxnp08025.gho.boulder.ibm.com (b03cxnp08025.gho.boulder.ibm.com [9.17.130.17]) by ppma03dal.us.ibm.com with ESMTP id 3c0wpasaua-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Nov 2021 08:25:12 +0000 X-Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 1A28PAPg33948142 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Nov 2021 08:25:10 GMT X-Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4F895C605D; Tue, 2 Nov 2021 08:25:10 +0000 (GMT) X-Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4FD3CC606D; Tue, 2 Nov 2021 08:25:09 +0000 (GMT) X-Received: from amdrome3.watson.ibm.com (unknown [9.2.130.16]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Tue, 2 Nov 2021 08:25:09 +0000 (GMT) From: "Dov Murik" To: devel@edk2.groups.io Cc: Dov Murik , Ard Biesheuvel , Jordan Justen , Gerd Hoffmann , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Min Xu , Tom Lendacky , Tobin Feldman-Fitzthum Subject: [edk2-devel] [PATCH] OvmfPkg/AmdSev: Erase secret area content on ExitBootServices Date: Tue, 2 Nov 2021 08:25:06 +0000 Message-Id: <20211102082506.366921-1-dovmurik@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-GUID: g8N9B_4ldXglr4pWIiB2JuYYRMiulTHn X-Proofpoint-ORIG-GUID: 7Ez2OZ6w-n3auT9KHkigbtggNCd1HS5u X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dovmurik@linux.ibm.com X-Gm-Message-State: XGAM5YiFbd6x4RpPlYlvGSF9x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1635841519; bh=ByhRt1QmmIGuAKuexi2yDxMcXnJ4HDRI/y1ImLPGnG0=; h=Cc:Date:From:Reply-To:Subject:To; b=jYBfJrzAkaMtcxFa4Q0hjEzYbJ/l3O2bMb2lXxwimgL5sIezPb/acq3l7+KUDuARxiu Imgxzwa783fiFJBqE0nI+hbUR+47ZbLPQcJRUCcqHs61ylNvNJxsbfUJPbnqbPlJJ2KnE DxXlltNR9Q9i/1kYulB7BcKbOgoWnEbiCS0= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1635841520127100001 Content-Type: text/plain; charset="utf-8" The confidential computing secrets area is marked as EfiBootServicesData region, which means it is released for the OS use when the OS EFI stub calls ExitBootServices. However, its content is not erased, and therefore the OS might unintentionally reuse this sensitive memory area and expose the injected secrets. Erase the content of the secret area on ExitBootServices so that the memory released to the OS contains zeros. If the OS needs to keep the secrets for its own use, it must copy the secrets area to another memory area before calling ExitBootServices (for example in efi/libstub in Linux). Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Gerd Hoffmann Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Cc: Tobin Feldman-Fitzthum Signed-off-by: Dov Murik Acked-by: Gerd Hoffmann --- Code is in: https://github.com/confidential-containers-demo/edk2/tree/erase= -secret-area --- OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf | 2 + OvmfPkg/AmdSev/SecretDxe/SecretDxe.c | 47 ++++++++++++++++++-- 2 files changed, 45 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf b/OvmfPkg/AmdSev/Secret= Dxe/SecretDxe.inf index 40bda7ff846c..ff831afaeb66 100644 --- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf +++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf @@ -23,6 +23,8 @@ [Packages] MdePkg/MdePkg.dec =20 [LibraryClasses] + BaseMemoryLib + DebugLib UefiBootServicesTableLib UefiDriverEntryPoint =20 diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c b/OvmfPkg/AmdSev/SecretDx= e/SecretDxe.c index 934ad207632b..085759f0e523 100644 --- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c +++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c @@ -5,6 +5,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ #include +#include +#include #include #include =20 @@ -13,6 +15,35 @@ STATIC CONFIDENTIAL_COMPUTING_SECRET_LOCATION mSecretDxe= Table =3D { FixedPcdGet32 (PcdSevLaunchSecretSize), }; =20 +STATIC EFI_EVENT mSecretDxeExitBootEvent; + +/** + ExitBootServices event notification function for the secret table. + + This function erases the content of the secret area so the secrets don't= leak + via released BootServices memory. If the OS wants to keep the secrets f= or + its own use, it must copy the secrets area to another memory area before + calling ExitBootServices (for example in efi/libstub in Linux). + + @param[in] Event The ExitBoot event that has been signaled. + + @param[in] Context Unused. +**/ +STATIC +VOID +EFIAPI +SecretDxeExitBoot ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + ASSERT(mSecretDxeTable.Base !=3D 0); + ASSERT(mSecretDxeTable.Size > 0); + + ZeroMem ((VOID *) ((UINTN) mSecretDxeTable.Base), mSecretDxeTable.Size); +} + + EFI_STATUS EFIAPI InitializeSecretDxe( @@ -20,8 +51,16 @@ InitializeSecretDxe( IN EFI_SYSTEM_TABLE *SystemTable ) { - return gBS->InstallConfigurationTable ( - &gConfidentialComputingSecretGuid, - &mSecretDxeTable - ); + EFI_STATUS Status; + + Status =3D gBS->InstallConfigurationTable ( + &gConfidentialComputingSecretGuid, + &mSecretDxeTable + ); + if (EFI_ERROR (Status)) { + return Status; + } + + return gBS->CreateEvent (EVT_SIGNAL_EXIT_BOOT_SERVICES, TPL_CALLBACK, + SecretDxeExitBoot, NULL, &mSecretDxeExitBootEvent); } --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#83100): https://edk2.groups.io/g/devel/message/83100 Mute This Topic: https://groups.io/mt/86761563/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-