diff options
author | Tobin Feldman-Fitzthum <tobin@linux.ibm.com> | 2024-04-19 14:35:54 -0400 |
---|---|---|
committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-06-25 15:27:42 +0000 |
commit | 56059941ec8c2f4d8fb126227b1154f8a869ac2b (patch) | |
tree | e06cb6ef42ef956c221517f0f8a03200c958edd8 /OvmfPkg/AmdSev | |
parent | be38c01da2dd949e0a6f8bceeb88d2e19c8c65f7 (diff) | |
download | edk2-56059941ec8c2f4d8fb126227b1154f8a869ac2b.tar.gz edk2-56059941ec8c2f4d8fb126227b1154f8a869ac2b.tar.bz2 edk2-56059941ec8c2f4d8fb126227b1154f8a869ac2b.zip |
AmdSev: Rework Blob Verifier
The Blob Verifier checks boot artifacts against a hash table
injected by the hypervisor and measured by hardware.
Update the Blob Verifier to enter a dead loop if the artifacts
do not match.
The verifier still returns ACCESS_DENIED in some cases, but this
is considered non-fatal. These non-fatal cases occur when the
artifact cannot be verified because the hashes table makes no
claims about the artifiact (e.g. if the hashes table is not present
or if there is no entry for the blob in question).
Since the hash table is reflected in the launch measurement,
it is okay to continue the boot in these cases.
If the hash table does contain expected hash values, the boot cannot
continue if the provided blobs do not match.
In these cases we enter a dead loop to make sure no guest can boot
with a TCB that does not reflect the launch measurement.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Diffstat (limited to 'OvmfPkg/AmdSev')
-rw-r--r-- | OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c | 35 |
1 files changed, 28 insertions, 7 deletions
diff --git a/OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c b/OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c index 2e58794c3c..37c38e9e98 100644 --- a/OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c +++ b/OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c @@ -77,13 +77,17 @@ FindBlobEntryGuid ( /**
Verify blob from an external source.
+ If a non-secure configuration is detected this function will enter a
+ dead loop to prevent a boot.
+
@param[in] BlobName The name of the blob
@param[in] Buf The data of the blob
@param[in] BufSize The size of the blob in bytes
- @retval EFI_SUCCESS The blob was verified successfully.
- @retval EFI_ACCESS_DENIED The blob could not be verified, and therefore
- should be considered non-secure.
+ @retval EFI_SUCCESS The blob was verified successfully or was not
+ found in the hash table.
+ @retval EFI_ACCESS_DENIED Kernel hashes not supported, but the boot
+ can continue safely.
**/
EFI_STATUS
EFIAPI
@@ -99,7 +103,7 @@ VerifyBlob ( if ((mHashesTable == NULL) || (mHashesTableSize == 0)) {
DEBUG ((
- DEBUG_ERROR,
+ DEBUG_WARN,
"%a: Verifier called but no hashes table discoverd in MEMFD\n",
__func__
));
@@ -114,7 +118,8 @@ VerifyBlob ( __func__,
BlobName
));
- return EFI_ACCESS_DENIED;
+
+ CpuDeadLoop ();
}
//
@@ -136,10 +141,20 @@ VerifyBlob ( DEBUG ((DEBUG_INFO, "%a: Found GUID %g in table\n", __func__, Guid));
+ if (BufSize == 0) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: Blob Specified in Hash Table was not Provided",
+ __func__
+ ));
+
+ CpuDeadLoop ();
+ }
+
EntrySize = Entry->Len - sizeof Entry->Guid - sizeof Entry->Len;
if (EntrySize != SHA256_DIGEST_SIZE) {
DEBUG ((
- DEBUG_ERROR,
+ DEBUG_WARN,
"%a: Hash has the wrong size %d != %d\n",
__func__,
EntrySize,
@@ -170,18 +185,24 @@ VerifyBlob ( __func__,
BlobName
));
+
+ CpuDeadLoop ();
}
return Status;
}
+ //
+ // If the GUID is not in the hash table, execution can still continue.
+ // This blob will not be measured, but at least one blob must be.
+ //
DEBUG ((
DEBUG_ERROR,
"%a: Hash GUID %g not found in table\n",
__func__,
Guid
));
- return EFI_ACCESS_DENIED;
+ return EFI_SUCCESS;
}
/**
|