From: Joerg Roedel <joro@8bytes.org>
To: Arvind Sankar <nivedita@alum.mit.edu>
Cc: x86@kernel.org, Joerg Roedel <jroedel@suse.de>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
"H. Peter Anvin" <hpa@zytor.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Kees Cook <keescook@chromium.org>,
Martin Radev <martin.b.radev@gmail.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/5] x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path
Date: Mon, 19 Oct 2020 22:39:35 +0200 [thread overview]
Message-ID: <20201019203935.GG3635@8bytes.org> (raw)
In-Reply-To: <20201019175447.GA2720155@rani.riverdale.lan>
On Mon, Oct 19, 2020 at 01:54:47PM -0400, Arvind Sankar wrote:
> Also, isn't it possible that the initial page tables we're running on
> have already been messed with and have the C-bit in the wrong location,
> so that this write happens decrypted?
The code assumes that the page-table it is running on has the correct C
bit position set and that the code which set it up verified that it is
correct. For the kernel itself this is true, at least, but when booting
via UEFI the check also needs to happen in the firmware.
Note that the possibilies are limited when the hypervisor reports the
wrong C bit position because code fetches always assume encryption, even
when the C bit is cleared in the page-table. So a wrong C bit position
in the decompression stub would write the kernel image to memory
unencrypted and executing it would not be possible.
Regards,
Joerg
next prev parent reply other threads:[~2020-10-19 20:39 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-19 15:11 [PATCH 0/5] x86/sev-es: Mitigate some HV attack vectors Joerg Roedel
2020-10-19 15:11 ` [PATCH 1/5] x86/boot/compressed/64: Introduce sev_status Joerg Roedel
2020-10-20 0:59 ` Sean Christopherson
2020-10-20 1:08 ` Sean Christopherson
2020-10-20 9:55 ` Joerg Roedel
2020-10-19 15:11 ` [PATCH 2/5] x86/boot/compressed/64: Add CPUID sanity check to early #VC handler Joerg Roedel
2020-10-19 15:11 ` [PATCH 3/5] x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path Joerg Roedel
2020-10-19 17:00 ` Arvind Sankar
2020-10-19 17:54 ` Arvind Sankar
2020-10-19 20:39 ` Joerg Roedel [this message]
2020-10-19 21:31 ` Arvind Sankar
2020-10-20 8:59 ` Joerg Roedel
2020-10-20 14:33 ` Arvind Sankar
2020-10-20 15:44 ` Joerg Roedel
2020-10-19 20:33 ` Joerg Roedel
2020-10-19 21:22 ` Arvind Sankar
2020-10-20 9:41 ` Joerg Roedel
2020-10-19 15:11 ` [PATCH 4/5] x86/head/64: Check SEV encryption before switching to kernel page-table Joerg Roedel
2020-10-19 15:11 ` [PATCH 5/5] x86/sev-es: Do not support MMIO to/from encrypted memory Joerg Roedel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201019203935.GG3635@8bytes.org \
--to=joro@8bytes.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jroedel@suse.de \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=martin.b.radev@gmail.com \
--cc=mingo@redhat.com \
--cc=nivedita@alum.mit.edu \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.