lersek / edk2

Clone
Source Code
GIT

7cb96c4 OvmfPkg/ResetVector: Validate the encryption bit position for SEV/SEV-ES

4 files Authored by Tom Lendacky 3 years ago, Committed by mergify[bot] 3 years ago,
raw patch tree parent
4 files changed. 136 lines added. 3 lines removed.
OvmfPkg/Include/Library/MemEncryptSevLib.h
file modified
+4 -0
OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm
file added
+118
OvmfPkg/ResetVector/Ia32/PageTables64.asm
file modified
+11 -2
OvmfPkg/ResetVector/ResetVector.nasmb
file modified
+3 -1 
    OvmfPkg/ResetVector: Validate the encryption bit position for SEV/SEV-ES
    
    BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108
    
    To help mitigate against ROP attacks, add some checks to validate the
    encryption bit position that is reported by the hypervisor.
    
    The first check is to ensure that the hypervisor reports a bit position
    above bit 31. After extracting the encryption bit position from the CPUID
    information, the code checks that the value is above 31. If the value is
    not above 31, then the bit position is not valid, so the code enters a
    HLT loop.
    
    The second check is specific to SEV-ES guests and is a two step process.
    The first step will obtain random data using RDRAND and store that data to
    memory before paging is enabled. When paging is not enabled, all writes to
    memory are encrypted. The random data is maintained in registers, which
    are protected. The second step is that, after enabling paging, the random
    data in memory is compared to the register contents. If they don't match,
    then the reported bit position is not valid, so the code enters a HLT
    loop.
    
    The third check is after switching to 64-bit long mode. Use the fact that
    instruction fetches are automatically decrypted, while a memory fetch is
    decrypted only if the encryption bit is set in the page table. By
    comparing the bytes of an instruction fetch against a memory read of that
    same instruction, the encryption bit position can be validated. If the
    compare is not equal, then SEV/SEV-ES is active but the reported bit
    position is not valid, so the code enters a HLT loop.
    
    To keep the changes local to the OvmfPkg, an OvmfPkg version of the
    Flat32ToFlat64.asm file has been created based on the UefiCpuPkg file
    UefiCpuPkg/ResetVector/Vtf0/Ia32/Flat32ToFlat64.asm.
    
    Cc: Jordan Justen <jordan.l.justen@intel.com>
    Cc: Laszlo Ersek <lersek@redhat.com>
    Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
    Cc: Brijesh Singh <brijesh.singh@amd.com>
    Reviewed-by: Laszlo Ersek <lersek@redhat.com>
    Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
    Message-Id: <cb9c5ab23ab02096cd964ed64115046cc706ce67.1610045305.git.thomas.lendacky@amd.com>
file modified
+4 -0
file added
+118
file modified
+11 -2
file modified
+3 -1
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.