[v2] OvmfPkg: Enable measured direct boot on AMD SEV-SNP

[edk2-devel] [PATCH v2 0/2] OvmfPkg: Enable measured direct boot on AMD SEV-SNP

Posted by Dov Murik 1 year, 2 months ago

(Note: This is a new version of this one-year-old patch series; the v1
series [1] got a few Acked-by but it's been so long that I don't
consider them relevant anymore.)

AMD SEV and SEV-ES support measured direct boot with
kernel/initrd/cmdline hashes injected by QEMU and verified by OVMF
during boot.

To enable the same approach for AMD SEV-SNP we make sure the page in
which QEMU inserts the hashes of kernel/initrd/cmdline is not already
pre-validated, as SNP doesn't allow validating a page twice.

The first patch rearranges the pages in AmdSevX64's MEMFD so they are in
the same order both as in the main target (OvmfPkgX64), with the
exception of the SEV Launch Secret page which isn't defined in
OvmfPkgX64.

The second patch modifies the SNP metadata structure such that on
AmdSev target the SEV Launch Secret page is not included in the ranges
that are pre-validated (zero pages) by the VMM; instead the VMM will
insert content into this page (the hashes table), or mark it explicitly
as a zero page if no hashes are added.

A corresponding RFC patch to QEMU will be published soon in qemu-devel.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Mario Smarduch <mario.smarduch@amd.com>
Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>

---

v2 changes:
* Rebased on master
* Updated AmdSev MEMFD size to match OvmfX64

v1:
[1] https://edk2.groups.io/g/devel/message/88137


Dov Murik (2):
  OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in
    OvmfPkgX64.fdf
  OvmfPkg/ResetVector: Exclude SEV launch secrets page from
    pre-validation

 OvmfPkg/AmdSev/AmdSevX64.fdf          | 27 ++++++++++----------
 OvmfPkg/ResetVector/ResetVector.nasmb | 14 +++++++++-
 2 files changed, 27 insertions(+), 14 deletions(-)

-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#100286): https://edk2.groups.io/g/devel/message/100286
Mute This Topic: https://groups.io/mt/97001961/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 0/2] OvmfPkg: Enable measured direct boot on AMD SEV-SNP

Posted by Dov Murik 1 year, 2 months ago


On 16/02/2023 10:06, Dov Murik wrote:
> (Note: This is a new version of this one-year-old patch series; the v1
> series [1] got a few Acked-by but it's been so long that I don't
> consider them relevant anymore.)
> 
> AMD SEV and SEV-ES support measured direct boot with
> kernel/initrd/cmdline hashes injected by QEMU and verified by OVMF
> during boot.
> 
> To enable the same approach for AMD SEV-SNP we make sure the page in
> which QEMU inserts the hashes of kernel/initrd/cmdline is not already
> pre-validated, as SNP doesn't allow validating a page twice.
> 
> The first patch rearranges the pages in AmdSevX64's MEMFD so they are in
> the same order both as in the main target (OvmfPkgX64), with the
> exception of the SEV Launch Secret page which isn't defined in
> OvmfPkgX64.
> 
> The second patch modifies the SNP metadata structure such that on
> AmdSev target the SEV Launch Secret page is not included in the ranges
> that are pre-validated (zero pages) by the VMM; instead the VMM will
> insert content into this page (the hashes table), or mark it explicitly
> as a zero page if no hashes are added.
> 
> A corresponding RFC patch to QEMU will be published soon in qemu-devel.

The corresponding QEMU RFC patch series is at:

  https://lore.kernel.org/qemu-devel/20230216084913.2148508-1-dovmurik@linux.ibm.com/

and the QEMU tree can be fetched from:

  https://github.com/confidential-containers-demo/qemu/tree/snp-kernel-hashes-v2

This edk2 series is also published at:

  https://github.com/confidential-containers-demo/edk2/tree/snp-kernel-hashes-v2



-Dov


> 
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Cc: Ashish Kalra <ashish.kalra@amd.com>
> Cc: Mario Smarduch <mario.smarduch@amd.com>
> Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
> 
> ---
> 
> v2 changes:
> * Rebased on master
> * Updated AmdSev MEMFD size to match OvmfX64
> 
> v1:
> [1] https://edk2.groups.io/g/devel/message/88137
> 
> 
> Dov Murik (2):
>   OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in
>     OvmfPkgX64.fdf
>   OvmfPkg/ResetVector: Exclude SEV launch secrets page from
>     pre-validation
> 
>  OvmfPkg/AmdSev/AmdSevX64.fdf          | 27 ++++++++++----------
>  OvmfPkg/ResetVector/ResetVector.nasmb | 14 +++++++++-
>  2 files changed, 27 insertions(+), 14 deletions(-)
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#100288): https://edk2.groups.io/g/devel/message/100288
Mute This Topic: https://groups.io/mt/97001961/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-