[edk2-devel] [PATCH 1/1] OvmfPkg/AmdSev/SecretDxe: Allocate CC secret location as runtime memory

Dov Murik dovmurik at linux.ibm.com
Fri Dec 9 06:42:06 UTC 2022 

Thanks Ard for reviewing this patch.

On 09/12/2022 1:02, Ard Biesheuvel wrote:
> On Thu, 8 Dec 2022 at 09:08, Dov Murik <dovmurik at linux.ibm.com> wrote:
>>
>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4186
>>
>> Commit 079a58276b98 ("OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret
>> area as reserved") marked the launch secret area itself (1 page) as
>> reserved so it the guest OS can use it during the lifetime of the OS.
>> However, the address and size of the secret area held in the
>> CONFIDENTIAL_COMPUTING_SECRET_LOCATION struct are declared as STATIC in
>> OVMF (in AmdSev/SecretDxe); therefore there's no guarantee that it will
>> not be written over by OS data.
>>
>> Fix this by allocating the memory for the
>> CONFIDENTIAL_COMPUTING_SECRET_LOCATION struct with AllocateRuntimePool
>> to ensure the guest OS will not reuse this memory.
>>
> 
> This memory type is mapped into the EFI page tables, and omitted from
> the linear map in Linux on arm64, so it is generally not the right
> type for data that only has significance to the OS. In spite of the
> name, EfiAcpiReclaimMemory is more suitable here - the OS is free to
> preserve it or treat it as ordinary memory.

Just making sure -- this data might be useful in grub (if we embed grub
into OVMF to boot encrypted disk from an SEV injected launch secret)
and/or in Linux (module efi_secret will try to access this same area).

Both need access to this small table and to the secret page itself.


> 
> I realise that this is not of great importance here given that the
> table is only 8 bytes in size, but if we can, I'd prefer it if we use
> ACPI reclaim memory here.
> 

I assume I need to use gBS->AllocatePool() in order to specify this
special memory type.

I'll try it and see if it solves the issue I'm experiencing.


Thanks,
-Dov

>> Fixes: 079a58276b98 ("OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved")
>> Cc: Ard Biesheuvel <ardb+tianocore at kernel.org>
>> Cc: Erdem Aktas <erdemaktas at google.com>
>> Cc: Gerd Hoffmann <kraxel at redhat.com>
>> Cc: James Bottomley <jejb at linux.ibm.com>
>> Cc: Jiewen Yao <Jiewen.Yao at intel.com>
>> Cc: Jordan Justen <jordan.l.justen at intel.com>
>> Cc: Min Xu <min.m.xu at intel.com>
>> Cc: Tobin Feldman-Fitzthum <tobin at linux.ibm.com>
>> Cc: Tom Lendacky <thomas.lendacky at amd.com>
>> Signed-off-by: Dov Murik <dovmurik at linux.ibm.com>
>> ---
>>  OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf |  2 ++
>>  OvmfPkg/AmdSev/SecretDxe/SecretDxe.c   | 17 +++++++++++------
>>  2 files changed, 13 insertions(+), 6 deletions(-)
>>
>> diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
>> index 40bda7ff846c..67d35f19b063 100644
>> --- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
>> +++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
>> @@ -23,6 +23,8 @@ [Packages]
>>    MdePkg/MdePkg.dec
>>
>>  [LibraryClasses]
>> +  DebugLib
>> +  MemoryAllocationLib
>>    UefiBootServicesTableLib
>>    UefiDriverEntryPoint
>>
>> diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c
>> index 3d84b2545052..615dff6cbf59 100644
>> --- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c
>> +++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c
>> @@ -5,14 +5,11 @@
>>    SPDX-License-Identifier: BSD-2-Clause-Patent
>>  **/
>>  #include <PiDxe.h>
>> +#include <Library/DebugLib.h>
>>  #include <Library/UefiBootServicesTableLib.h>
>> +#include <Library/MemoryAllocationLib.h> // AllocateRuntimePool()
>>  #include <Guid/ConfidentialComputingSecret.h>
>>
>> -STATIC CONFIDENTIAL_COMPUTING_SECRET_LOCATION  mSecretDxeTable = {
>> -  FixedPcdGet32 (PcdSevLaunchSecretBase),
>> -  FixedPcdGet32 (PcdSevLaunchSecretSize),
>> -};
>> -
>>  EFI_STATUS
>>  EFIAPI
>>  InitializeSecretDxe (
>> @@ -20,8 +17,16 @@ InitializeSecretDxe (
>>    IN EFI_SYSTEM_TABLE  *SystemTable
>>    )
>>  {
>> +  CONFIDENTIAL_COMPUTING_SECRET_LOCATION *SecretDxeTable;
>> +
>> +  SecretDxeTable = AllocateRuntimePool (sizeof (CONFIDENTIAL_COMPUTING_SECRET_LOCATION));
>> +  ASSERT (SecretDxeTable != NULL);
>> +
>> +  SecretDxeTable->Base = FixedPcdGet32 (PcdSevLaunchSecretBase);
>> +  SecretDxeTable->Size = FixedPcdGet32 (PcdSevLaunchSecretSize);
>> +
>>    return gBS->InstallConfigurationTable (
>>                  &gConfidentialComputingSecretGuid,
>> -                &mSecretDxeTable
>> +                SecretDxeTable
>>                  );
>>  }
>> --
>> 2.25.1
>>


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97160): https://edk2.groups.io/g/devel/message/97160
Mute This Topic: https://groups.io/mt/95533916/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list