OvmfPkg/AmdSev/AmdSevX64.fdf | 27 ++++++++++---------- OvmfPkg/ResetVector/ResetVector.nasmb | 11 +++++++- OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 11 ++++++++ 3 files changed, 35 insertions(+), 14 deletions(-)
AMD SEV and SEV-ES support measured direct boot with kernel/initrd/cmdline hashes injected by QEMU and verified by OVMF during boot. To enable the same approach for AMD SEV-SNP, we declare the kernel hashes page in the SNP metadata list as a new region type. When QEMU encounters that region in the list, it will insert the hashes of kernel/initrd/cmdline and encrypt the page (or, if the user turned off kernel hashes, it will validate the page as a zero page). The first patch rearranges the pages in AmdSevX64's MEMFD so they are in the same order both as in the main target (OvmfPkgX64), with the exception of the SEV Launch Secret page which isn't defined in OvmfPkgX64. The second patch modifies the SNP metadata structure such that on AmdSev target the SEV Launch Secret page is explicitly defined in SNP metadata list, and therefore it is not included in the ranges that are pre-validated (zero pages) by the VMM; instead the VMM will insert content into this page (the hashes table), or mark it explicitly as a zero page if no hashes are added. This series is available at: https://github.com/confidential-containers-demo/edk2/tree/snp-kernel-hashes-v3 A corresponding QEMU RFC series will be published soon in qemu-devel, or use this tree: https://github.com/confidential-containers-demo/qemu/tree/snp-kernel-hashes-v3 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Michael Roth <michael.roth@amd.com> Cc: Ashish Kalra <ashish.kalra@amd.com> Cc: Mario Smarduch <mario.smarduch@amd.com> Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com> --- v3 changes: * Define the kernel hashes page in the SNP metadata table (thanks Tom) v2: https://edk2.groups.io/g/devel/message/100362 v2 changes: * Rebased on master * Updated AmdSev MEMFD size to match OvmfX64 v1: https://edk2.groups.io/g/devel/message/88137 Dov Murik (2): OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in OvmfPkgX64.fdf OvmfPkg/ResetVector: Define SNP metadata for kernel hashes OvmfPkg/AmdSev/AmdSevX64.fdf | 27 ++++++++++---------- OvmfPkg/ResetVector/ResetVector.nasmb | 11 +++++++- OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 11 ++++++++ 3 files changed, 35 insertions(+), 14 deletions(-) -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100625): https://edk2.groups.io/g/devel/message/100625 Mute This Topic: https://groups.io/mt/97335488/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On Thu, Mar 02, 2023 at 09:15:30AM +0000, Dov Murik wrote: > AMD SEV and SEV-ES support measured direct boot with > kernel/initrd/cmdline hashes injected by QEMU and verified by OVMF > during boot. > > To enable the same approach for AMD SEV-SNP, we declare the kernel > hashes page in the SNP metadata list as a new region type. When QEMU > encounters that region in the list, it will insert the hashes of > kernel/initrd/cmdline and encrypt the page (or, if the user turned off > kernel hashes, it will validate the page as a zero page). > > The first patch rearranges the pages in AmdSevX64's MEMFD so they are in > the same order both as in the main target (OvmfPkgX64), with the > exception of the SEV Launch Secret page which isn't defined in > OvmfPkgX64. > > The second patch modifies the SNP metadata structure such that on > AmdSev target the SEV Launch Secret page is explicitly defined in SNP > metadata list, and therefore it is not included in the ranges that are > pre-validated (zero pages) by the VMM; instead the VMM will insert > content into this page (the hashes table), or mark it explicitly as a > zero page if no hashes are added. > > This series is available at: > https://github.com/confidential-containers-demo/edk2/tree/snp-kernel-hashes-v3 > > A corresponding QEMU RFC series will be published soon in qemu-devel, or > use this tree: > https://github.com/confidential-containers-demo/qemu/tree/snp-kernel-hashes-v3 For the series: Acked-by: Gerd Hoffmann <kraxel@redhat.com> -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101429): https://edk2.groups.io/g/devel/message/101429 Mute This Topic: https://groups.io/mt/97335488/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On 3/20/23 05:06, Gerd Hoffmann wrote: > On Thu, Mar 02, 2023 at 09:15:30AM +0000, Dov Murik wrote: >> AMD SEV and SEV-ES support measured direct boot with >> kernel/initrd/cmdline hashes injected by QEMU and verified by OVMF >> during boot. >> >> To enable the same approach for AMD SEV-SNP, we declare the kernel >> hashes page in the SNP metadata list as a new region type. When QEMU >> encounters that region in the list, it will insert the hashes of >> kernel/initrd/cmdline and encrypt the page (or, if the user turned off >> kernel hashes, it will validate the page as a zero page). >> >> The first patch rearranges the pages in AmdSevX64's MEMFD so they are in >> the same order both as in the main target (OvmfPkgX64), with the >> exception of the SEV Launch Secret page which isn't defined in >> OvmfPkgX64. >> >> The second patch modifies the SNP metadata structure such that on >> AmdSev target the SEV Launch Secret page is explicitly defined in SNP >> metadata list, and therefore it is not included in the ranges that are >> pre-validated (zero pages) by the VMM; instead the VMM will insert >> content into this page (the hashes table), or mark it explicitly as a >> zero page if no hashes are added. >> >> This series is available at: >> https://github.com/confidential-containers-demo/edk2/tree/snp-kernel-hashes-v3 >> >> A corresponding QEMU RFC series will be published soon in qemu-devel, or >> use this tree: >> https://github.com/confidential-containers-demo/qemu/tree/snp-kernel-hashes-v3 > > For the series: > Acked-by: Gerd Hoffmann <kraxel@redhat.com> I've noticed that series was never picked up. Any chance that this can be merged? Thanks, Tom > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111760): https://edk2.groups.io/g/devel/message/111760 Mute This Topic: https://groups.io/mt/97335488/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On Mon, 27 Nov 2023 at 21:04, Tom Lendacky <thomas.lendacky@amd.com> wrote: > > On 3/20/23 05:06, Gerd Hoffmann wrote: > > On Thu, Mar 02, 2023 at 09:15:30AM +0000, Dov Murik wrote: > >> AMD SEV and SEV-ES support measured direct boot with > >> kernel/initrd/cmdline hashes injected by QEMU and verified by OVMF > >> during boot. > >> > >> To enable the same approach for AMD SEV-SNP, we declare the kernel > >> hashes page in the SNP metadata list as a new region type. When QEMU > >> encounters that region in the list, it will insert the hashes of > >> kernel/initrd/cmdline and encrypt the page (or, if the user turned off > >> kernel hashes, it will validate the page as a zero page). > >> > >> The first patch rearranges the pages in AmdSevX64's MEMFD so they are in > >> the same order both as in the main target (OvmfPkgX64), with the > >> exception of the SEV Launch Secret page which isn't defined in > >> OvmfPkgX64. > >> > >> The second patch modifies the SNP metadata structure such that on > >> AmdSev target the SEV Launch Secret page is explicitly defined in SNP > >> metadata list, and therefore it is not included in the ranges that are > >> pre-validated (zero pages) by the VMM; instead the VMM will insert > >> content into this page (the hashes table), or mark it explicitly as a > >> zero page if no hashes are added. > >> > >> This series is available at: > >> https://github.com/confidential-containers-demo/edk2/tree/snp-kernel-hashes-v3 > >> > >> A corresponding QEMU RFC series will be published soon in qemu-devel, or > >> use this tree: > >> https://github.com/confidential-containers-demo/qemu/tree/snp-kernel-hashes-v3 > > > > For the series: > > Acked-by: Gerd Hoffmann <kraxel@redhat.com> > > I've noticed that series was never picked up. Any chance that this can be > merged? > Queued up now Apologies for the delay. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111808): https://edk2.groups.io/g/devel/message/111808 Mute This Topic: https://groups.io/mt/97335488/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On 3/2/23 03:15, Dov Murik wrote: > AMD SEV and SEV-ES support measured direct boot with > kernel/initrd/cmdline hashes injected by QEMU and verified by OVMF > during boot. > > To enable the same approach for AMD SEV-SNP, we declare the kernel > hashes page in the SNP metadata list as a new region type. When QEMU > encounters that region in the list, it will insert the hashes of > kernel/initrd/cmdline and encrypt the page (or, if the user turned off > kernel hashes, it will validate the page as a zero page). > > The first patch rearranges the pages in AmdSevX64's MEMFD so they are in > the same order both as in the main target (OvmfPkgX64), with the > exception of the SEV Launch Secret page which isn't defined in > OvmfPkgX64. > > The second patch modifies the SNP metadata structure such that on > AmdSev target the SEV Launch Secret page is explicitly defined in SNP > metadata list, and therefore it is not included in the ranges that are > pre-validated (zero pages) by the VMM; instead the VMM will insert > content into this page (the hashes table), or mark it explicitly as a > zero page if no hashes are added. > > This series is available at: > https://github.com/confidential-containers-demo/edk2/tree/snp-kernel-hashes-v3 > > A corresponding QEMU RFC series will be published soon in qemu-devel, or > use this tree: > https://github.com/confidential-containers-demo/qemu/tree/snp-kernel-hashes-v3 > > Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Jordan Justen <jordan.l.justen@intel.com> > Cc: Gerd Hoffmann <kraxel@redhat.com> > Cc: Erdem Aktas <erdemaktas@google.com> > Cc: James Bottomley <jejb@linux.ibm.com> > Cc: Min Xu <min.m.xu@intel.com> > Cc: Tom Lendacky <thomas.lendacky@amd.com> > Cc: Michael Roth <michael.roth@amd.com> > Cc: Ashish Kalra <ashish.kalra@amd.com> > Cc: Mario Smarduch <mario.smarduch@amd.com> > Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com> For the series: Acked-by: Tom Lendacky <thomas.lendacky@amd.com> > > --- > > v3 changes: > * Define the kernel hashes page in the SNP metadata table (thanks Tom) > > v2: https://edk2.groups.io/g/devel/message/100362 > v2 changes: > * Rebased on master > * Updated AmdSev MEMFD size to match OvmfX64 > > v1: https://edk2.groups.io/g/devel/message/88137 > > Dov Murik (2): > OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in > OvmfPkgX64.fdf > OvmfPkg/ResetVector: Define SNP metadata for kernel hashes > > OvmfPkg/AmdSev/AmdSevX64.fdf | 27 ++++++++++---------- > OvmfPkg/ResetVector/ResetVector.nasmb | 11 +++++++- > OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 11 ++++++++ > 3 files changed, 35 insertions(+), 14 deletions(-) > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100641): https://edk2.groups.io/g/devel/message/100641 Mute This Topic: https://groups.io/mt/97335488/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.