summaryrefslogtreecommitdiffstats
path: root/OvmfPkg/AmdSev
diff options
context:
space:
mode:
authorTobin Feldman-Fitzthum <tobin@linux.ibm.com>2024-04-19 14:35:54 -0400
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2024-06-25 15:27:42 +0000
commit56059941ec8c2f4d8fb126227b1154f8a869ac2b (patch)
treee06cb6ef42ef956c221517f0f8a03200c958edd8 /OvmfPkg/AmdSev
parentbe38c01da2dd949e0a6f8bceeb88d2e19c8c65f7 (diff)
downloadedk2-56059941ec8c2f4d8fb126227b1154f8a869ac2b.tar.gz
edk2-56059941ec8c2f4d8fb126227b1154f8a869ac2b.tar.bz2
edk2-56059941ec8c2f4d8fb126227b1154f8a869ac2b.zip
AmdSev: Rework Blob Verifier
The Blob Verifier checks boot artifacts against a hash table injected by the hypervisor and measured by hardware. Update the Blob Verifier to enter a dead loop if the artifacts do not match. The verifier still returns ACCESS_DENIED in some cases, but this is considered non-fatal. These non-fatal cases occur when the artifact cannot be verified because the hashes table makes no claims about the artifiact (e.g. if the hashes table is not present or if there is no entry for the blob in question). Since the hash table is reflected in the launch measurement, it is okay to continue the boot in these cases. If the hash table does contain expected hash values, the boot cannot continue if the provided blobs do not match. In these cases we enter a dead loop to make sure no guest can boot with a TCB that does not reflect the launch measurement. Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Diffstat (limited to 'OvmfPkg/AmdSev')
-rw-r--r--OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c35
1 files changed, 28 insertions, 7 deletions
diff --git a/OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c b/OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c
index 2e58794c3c..37c38e9e98 100644
--- a/OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c
+++ b/OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c
@@ -77,13 +77,17 @@ FindBlobEntryGuid (
/**
Verify blob from an external source.
+ If a non-secure configuration is detected this function will enter a
+ dead loop to prevent a boot.
+
@param[in] BlobName The name of the blob
@param[in] Buf The data of the blob
@param[in] BufSize The size of the blob in bytes
- @retval EFI_SUCCESS The blob was verified successfully.
- @retval EFI_ACCESS_DENIED The blob could not be verified, and therefore
- should be considered non-secure.
+ @retval EFI_SUCCESS The blob was verified successfully or was not
+ found in the hash table.
+ @retval EFI_ACCESS_DENIED Kernel hashes not supported, but the boot
+ can continue safely.
**/
EFI_STATUS
EFIAPI
@@ -99,7 +103,7 @@ VerifyBlob (
if ((mHashesTable == NULL) || (mHashesTableSize == 0)) {
DEBUG ((
- DEBUG_ERROR,
+ DEBUG_WARN,
"%a: Verifier called but no hashes table discoverd in MEMFD\n",
__func__
));
@@ -114,7 +118,8 @@ VerifyBlob (
__func__,
BlobName
));
- return EFI_ACCESS_DENIED;
+
+ CpuDeadLoop ();
}
//
@@ -136,10 +141,20 @@ VerifyBlob (
DEBUG ((DEBUG_INFO, "%a: Found GUID %g in table\n", __func__, Guid));
+ if (BufSize == 0) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: Blob Specified in Hash Table was not Provided",
+ __func__
+ ));
+
+ CpuDeadLoop ();
+ }
+
EntrySize = Entry->Len - sizeof Entry->Guid - sizeof Entry->Len;
if (EntrySize != SHA256_DIGEST_SIZE) {
DEBUG ((
- DEBUG_ERROR,
+ DEBUG_WARN,
"%a: Hash has the wrong size %d != %d\n",
__func__,
EntrySize,
@@ -170,18 +185,24 @@ VerifyBlob (
__func__,
BlobName
));
+
+ CpuDeadLoop ();
}
return Status;
}
+ //
+ // If the GUID is not in the hash table, execution can still continue.
+ // This blob will not be measured, but at least one blob must be.
+ //
DEBUG ((
DEBUG_ERROR,
"%a: Hash GUID %g not found in table\n",
__func__,
Guid
));
- return EFI_ACCESS_DENIED;
+ return EFI_SUCCESS;
}
/**