|
| From: | Tom Lendacky |
| Subject: | Re: [PATCH] x86: Don't add RNG seed to Linux cmdline for SEV guests |
| Date: | Wed, 8 Feb 2023 09:26:28 -0600 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 |
On 2/7/23 17:24, Jason A. Donenfeld wrote:
Hi Tom, On Tue, Feb 7, 2023 at 8:21 PM Tom Lendacky <thomas.lendacky@amd.com> wrote:On 2/7/23 15:45, Michael S. Tsirkin wrote:On Tue, Feb 07, 2023 at 08:41:16AM +0000, Dov Murik wrote:Recent feature to supply RNG seed to the guest kernel modifies the kernel command-line by adding extra data at its end; this breaks measured boot with SEV and OVMF, and possibly signed boot. Specifically SEV doesn't miss this feature because it uses UEFI/OVMF which has its own way of getting random seed (not to mention that getting the random seed from the untrusted host breaks the confidential computing trust model).Nope - getting a random seed from an untrusted source should not break anything assuming you also have some other randomness source. If you don't then you have other problems.Disable the RNG seed feature in SEV guests. Fixes: eac7a7791bb6 ("x86: don't let decompressed kernel image clobber setup_data") Reported-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Dov Murik <dovmurik@linux.ibm.com> --- There might be a need for a wider change to the ways setup_data entries are handled in x86_load_linux(); here I just try to restore the situation for SEV guests prior to the addition of the SETUP_RNG_SEED entry. Recent discussions on other (safer?) ways to pass this setup_data entry: [1] da39abab9785aea2a2e7652ed6403b6268aeb31f.camel@linux.ibm.com/">https://lore.kernel.org/qemu-devel/da39abab9785aea2a2e7652ed6403b6268aeb31f.camel@linux.ibm.com/ Note that in qemu 7.2.0 this is broken as well -- there the SETUP_RNG_SEED entry is appended to the Linux kernel data (and therefore modifies and breaks the measurement of the kernel in SEV measured boot). A similar fix will be needed there (but I fear this patch cannot be applied as-is).So it's not a regression, is it?SEV kernel hash comparison succeeded with Qemu v7.1.0, but fails with v7.2.0, so I think that is a regression.Please let me know if this series fixes it: 20230207224847.94429-1-Jason@zx2c4.com/">https://lore.kernel.org/all/20230207224847.94429-1-Jason@zx2c4.com/
I applied this series and it did fix the problem. For SEV, there were two problems associated with the RNG seed support:- The first is that it becomes part of the SEV LAUNCH measurement and therefore makes it impossible for the guest owner to be able to validate the measurement because the guest owner won't know the value of the RNG seed that was included in the LAUNCH measurement.
- The second problem is that the RNG is set and measured as part of the kernel-hashes support in x86_load_linux(), but it is changed via reset_rng_seed() before actually booting the first time. So the measurement taken in x86_load_linux() will never be the same when measured by, for example, OVMF.
So the addition of the !sev_enabled() check is definitely appropriate for the RNG seed support check for SEV.
However, is the change to the DTB check appropriate? Does the DTB vary / get updated before booting? If the DTB file is "constant" then the above two problems that face the RNG seed support shouldn't affect SEV. @Dov, does that make sense?
In any case, you'll need a version of the patch(es) that can be applied to the Qemu v7.2.0 tree to fix the regression.
Thanks, Tom
Jason
| [Prev in Thread] | Current Thread | [Next in Thread] |