Re: [PATCH 2/2] x86: don't append setup_data to cmdline for SEV guests

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] x86: don't append setup_data to cmdline for SEV guests

From:	Tom Lendacky
Subject:	Re: [PATCH 2/2] x86: don't append setup_data to cmdline for SEV guests
Date:	Wed, 8 Feb 2023 09:38:19 -0600
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1

On 2/7/23 16:48, Jason A. Donenfeld wrote:

From: Dov Murik <dovmurik@linux.ibm.com>

Modifying the cmdline by appending setup_data breaks measured boot with
SEV and OVMF, and possibly signed boot. Previously this was disabled
when appending to the kernel image, but with eac7a7791bb6 ("x86: don't
let decompressed kernel image clobber setup_data"), this was changed to
the cmdline file instead, with the sev_enabled() check left out.

Fixes: eac7a7791bb6 ("x86: don't let decompressed kernel image clobber 
setup_data")
Reported-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
  hw/i386/x86.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index c6d7bf6db2..80a1678acd 100644
--- a/hw/i386/x86.c
+++ b/hw/i386/x86.c
@@ -1079,7 +1079,7 @@ void x86_load_linux(X86MachineState *x86ms,
      fclose(f);

/* append dtb to kernel */

-    if (dtb_filename) {
+    if (dtb_filename && !sev_enabled()) {

Is this change necessary? From an SEV point of view, the DTB file shouldbe "constant" and so a guest owner will be able to use that to correctlyverify the SEV LAUNCH measurement. Additionally, it won't change from thetime it was measured to the time OVMF validates everything. Of course, Idon't really anticipate that a DTB file would be used with an SEV guest,anyway.


@Dov, does that make sense?

Thanks,
Tom

          if (protocol < 0x209) {
              fprintf(stderr, "qemu: Linux kernel too old to load a dtb\n");
              exit(1);
@@ -1103,7 +1103,7 @@ void x86_load_linux(X86MachineState *x86ms,
          load_image_size(dtb_filename, setup_data->data, dtb_size);
      }

- if (!legacy_no_rng_seed && protocol >= 0x209) {

+    if (!legacy_no_rng_seed && protocol >= 0x209 && !sev_enabled()) {
          setup_data_offset = cmdline_size;
          cmdline_size += sizeof(SetupData) + RNG_SEED_LENGTH;
          kernel_cmdline = g_realloc(kernel_cmdline, cmdline_size);

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/2] x86: fix fallout from switching setup_data from kernel image to cmdline, Jason A. Donenfeld, 2023/02/07
- [PATCH 1/2] x86: reset rng seed when reading cmdline, not kernel image, Jason A. Donenfeld, 2023/02/07
- [PATCH 2/2] x86: don't append setup_data to cmdline for SEV guests, Jason A. Donenfeld, 2023/02/07
  - Re: [PATCH 2/2] x86: don't append setup_data to cmdline for SEV guests, Tom Lendacky <=
    - Re: [PATCH 2/2] x86: don't append setup_data to cmdline for SEV guests, Jason A. Donenfeld, 2023/02/08

Prev by Date: Re: [PATCH] x86: Don't add RNG seed to Linux cmdline for SEV guests
Next by Date: Re: [PATCH] x86: Don't add RNG seed to Linux cmdline for SEV guests
Previous by thread: [PATCH 2/2] x86: don't append setup_data to cmdline for SEV guests
Next by thread: Re: [PATCH 2/2] x86: don't append setup_data to cmdline for SEV guests
Index(es):
- Date
- Thread