From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 132F5C38145 for ; Thu, 8 Sep 2022 12:56:32 +0000 (UTC) Received: from localhost ([::1]:39138 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oWH55-0004Yg-5d for qemu-devel@archiver.kernel.org; Thu, 08 Sep 2022 08:56:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50634) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oWGrl-0005NK-AZ for qemu-devel@nongnu.org; Thu, 08 Sep 2022 08:42:45 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:33446) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oWGrZ-0002Rp-Jg for qemu-devel@nongnu.org; Thu, 08 Sep 2022 08:42:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1662640951; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iS7l4aGeRLiRI2IDW+HQoJt/jDK4fRXomXRYfq/+2/o=; b=dKWmoy95GjRJLb7aklkSmpJUp6+0Cg0TfjnwWE2fZaLHkp2gtJ5SJ04J53dsDa0FWuf21T vYEjg1YQP9wGB9guXzlVRiOKQxL7LBJrhGvrhvqfET5wfUhShxwqy94qkf8W5X8UL4hRlz SAS4BDjv30Glj3eV1sRl8X6nLHtpTSc= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-136-KyKfJ_PONWiQCz3CEorO6w-1; Thu, 08 Sep 2022 08:42:28 -0400 X-MC-Unique: KyKfJ_PONWiQCz3CEorO6w-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E16FA296A608; Thu, 8 Sep 2022 12:42:27 +0000 (UTC) Received: from redhat.com (unknown [10.33.36.74]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 286F9400E88E; Thu, 8 Sep 2022 12:42:25 +0000 (UTC) Date: Thu, 8 Sep 2022 13:42:23 +0100 From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= To: Ard Biesheuvel Cc: Laszlo Ersek , "Michael S. Tsirkin" , "Jason A. Donenfeld" , Gerd Hoffmann , Laurent Vivier , Paolo Bonzini , Peter Maydell , Philippe =?utf-8?Q?Mathieu-Daud=C3=A9?= , Richard Henderson , QEMU Developers Subject: Re: [PATCH v2 1/2] x86: only modify setup_data if the boot protocol indicates safety Message-ID: References: <20220906103657.282785-1-Jason@zx2c4.com> <20220906063954-mutt-send-email-mst@kernel.org> <20220906064500-mutt-send-email-mst@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/2.2.6 (2022-06-05) X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1 Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" On Thu, Sep 08, 2022 at 02:28:29PM +0200, Ard Biesheuvel wrote: > On Thu, 8 Sept 2022 at 13:30, Laszlo Ersek wrote: > > > > On 09/06/22 13:33, Daniel P. Berrangé wrote: > > > On Tue, Sep 06, 2022 at 01:14:50PM +0200, Ard Biesheuvel wrote: > > >> (cc Laszlo) > > >> > > >> On Tue, 6 Sept 2022 at 12:45, Michael S. Tsirkin wrote: > > >>> > > >>> On Tue, Sep 06, 2022 at 12:43:55PM +0200, Jason A. Donenfeld wrote: > > >>>> On Tue, Sep 6, 2022 at 12:40 PM Michael S. Tsirkin wrote: > > >>>>> > > >>>>> On Tue, Sep 06, 2022 at 12:36:56PM +0200, Jason A. Donenfeld wrote: > > >>>>>> It's only safe to modify the setup_data pointer on newer kernels where > > >>>>>> the EFI stub loader will ignore it. So condition setting that offset on > > >>>>>> the newer boot protocol version. While we're at it, gate this on SEV too. > > >>>>>> This depends on the kernel commit linked below going upstream. > > >>>>>> > > >>>>>> Cc: Gerd Hoffmann > > >>>>>> Cc: Laurent Vivier > > >>>>>> Cc: Michael S. Tsirkin > > >>>>>> Cc: Paolo Bonzini > > >>>>>> Cc: Peter Maydell > > >>>>>> Cc: Philippe Mathieu-Daudé > > >>>>>> Cc: Richard Henderson > > >>>>>> Cc: Ard Biesheuvel > > >>>>>> Link: https://lore.kernel.org/linux-efi/20220904165321.1140894-1-Jason@zx2c4.com/ > > >>>>>> Signed-off-by: Jason A. Donenfeld > > >>>>> > > >>>>> BTW what does it have to do with SEV? > > >>>>> Is this because SEV is not going to trust the data to be random anyway? > > >>>> > > >>>> Daniel (now CC'd) pointed out in one of the previous threads that this > > >>>> breaks SEV, because the image hash changes. > > >>>> > > >>>> Jason > > >>> > > >>> Oh I see. I'd add a comment maybe and definitely mention this > > >>> in the commit log. > > >>> > > >> > > >> This does raise the question (as I mentioned before) how things like > > >> secure boot and measured boot are affected when combined with direct > > >> kernel boot: AIUI, libvirt uses direct kernel boot at guest > > >> installation time, and modifying setup_data will corrupt the image > > >> signature. > > > > > > IIUC, qemu already modifies setup_data when using direct kernel boot. > > > > > > It put in logic to skip this if SEV is enabled, to avoid interfering > > > with SEV hashes over the kernel, but there's nothing doing this more > > > generally for non-SEV cases using UEFI. So potentially use of SecureBoot > > > may already be impacted when using direct kernel boot. > > > > Yes, > > > > https://github.com/tianocore/edk2/commit/82808b422617 > > > > Ah yes, thanks for jogging my memory. > > So virt-install --network already ignores secure boot failures on > direct kernel boot, so this is not going to make it any worse. And in a cloud world this isn't too much of a problem to start with. The cloud disks images will be built offline in trusted infrastructure, so lack of SecureBoot isn't a show stopper. When later deployed to the public cloud, SecureBoot (and/or Confidential Boot) will be fully operational, where it matters most. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|