From: Laszlo Ersek <lersek@redhat.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>,
"Ard Biesheuvel" <ardb@kernel.org>
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Laurent Vivier" <laurent@vivier.eu>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Peter Maydell" <peter.maydell@linaro.org>,
"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
"Richard Henderson" <richard.henderson@linaro.org>,
"QEMU Developers" <qemu-devel@nongnu.org>
Subject: Re: [PATCH v2 1/2] x86: only modify setup_data if the boot protocol indicates safety
Date: Thu, 8 Sep 2022 13:30:17 +0200 [thread overview]
Message-ID: <d45be9dc-b6e7-293a-7033-f2ca84fa387d@redhat.com> (raw)
In-Reply-To: <YxcwCQ0vymro0vbu@redhat.com>
On 09/06/22 13:33, Daniel P. Berrangé wrote:
> On Tue, Sep 06, 2022 at 01:14:50PM +0200, Ard Biesheuvel wrote:
>> (cc Laszlo)
>>
>> On Tue, 6 Sept 2022 at 12:45, Michael S. Tsirkin <mst@redhat.com> wrote:
>>>
>>> On Tue, Sep 06, 2022 at 12:43:55PM +0200, Jason A. Donenfeld wrote:
>>>> On Tue, Sep 6, 2022 at 12:40 PM Michael S. Tsirkin <mst@redhat.com> wrote:
>>>>>
>>>>> On Tue, Sep 06, 2022 at 12:36:56PM +0200, Jason A. Donenfeld wrote:
>>>>>> It's only safe to modify the setup_data pointer on newer kernels where
>>>>>> the EFI stub loader will ignore it. So condition setting that offset on
>>>>>> the newer boot protocol version. While we're at it, gate this on SEV too.
>>>>>> This depends on the kernel commit linked below going upstream.
>>>>>>
>>>>>> Cc: Gerd Hoffmann <kraxel@redhat.com>
>>>>>> Cc: Laurent Vivier <laurent@vivier.eu>
>>>>>> Cc: Michael S. Tsirkin <mst@redhat.com>
>>>>>> Cc: Paolo Bonzini <pbonzini@redhat.com>
>>>>>> Cc: Peter Maydell <peter.maydell@linaro.org>
>>>>>> Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
>>>>>> Cc: Richard Henderson <richard.henderson@linaro.org>
>>>>>> Cc: Ard Biesheuvel <ardb@kernel.org>
>>>>>> Link: https://lore.kernel.org/linux-efi/20220904165321.1140894-1-Jason@zx2c4.com/
>>>>>> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
>>>>>
>>>>> BTW what does it have to do with SEV?
>>>>> Is this because SEV is not going to trust the data to be random anyway?
>>>>
>>>> Daniel (now CC'd) pointed out in one of the previous threads that this
>>>> breaks SEV, because the image hash changes.
>>>>
>>>> Jason
>>>
>>> Oh I see. I'd add a comment maybe and definitely mention this
>>> in the commit log.
>>>
>>
>> This does raise the question (as I mentioned before) how things like
>> secure boot and measured boot are affected when combined with direct
>> kernel boot: AIUI, libvirt uses direct kernel boot at guest
>> installation time, and modifying setup_data will corrupt the image
>> signature.
>
> IIUC, qemu already modifies setup_data when using direct kernel boot.
>
> It put in logic to skip this if SEV is enabled, to avoid interfering
> with SEV hashes over the kernel, but there's nothing doing this more
> generally for non-SEV cases using UEFI. So potentially use of SecureBoot
> may already be impacted when using direct kernel boot.
Yes,
https://github.com/tianocore/edk2/commit/82808b422617
Laszlo
> I haven't formally
> tested this myself though. I just saw that earlier versions of this
> RNG patch broke SEV hashes and later versions addressed that problem
> for SEV when the code was re-arranged.
>
> With regards,
> Daniel
>
next prev parent reply other threads:[~2022-09-08 11:33 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20220906103657.282785-1-Jason@zx2c4.com>
2022-09-06 10:40 ` [PATCH v2 1/2] x86: only modify setup_data if the boot protocol indicates safety Michael S. Tsirkin via
2022-09-06 10:43 ` Jason A. Donenfeld
2022-09-06 10:45 ` Michael S. Tsirkin
2022-09-06 10:46 ` Jason A. Donenfeld
2022-09-06 10:51 ` Jason A. Donenfeld
2022-09-06 11:27 ` [PATCH v3 " Jason A. Donenfeld
2022-09-06 11:27 ` [PATCH v3 2/2] x86: re-enable rng seeding via setup_data Jason A. Donenfeld
2022-09-07 7:59 ` Gerd Hoffmann
2022-09-06 11:14 ` [PATCH v2 1/2] x86: only modify setup_data if the boot protocol indicates safety Ard Biesheuvel
2022-09-06 11:33 ` Daniel P. Berrangé
2022-09-08 11:30 ` Laszlo Ersek [this message]
2022-09-08 12:28 ` Ard Biesheuvel
2022-09-08 12:42 ` Daniel P. Berrangé
2022-09-06 10:46 ` Gerd Hoffmann via
2022-09-06 10:48 ` Jason A. Donenfeld
2022-09-06 10:27 [PATCH] " Jason A. Donenfeld
2022-09-06 10:37 ` [PATCH v2 1/2] " Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d45be9dc-b6e7-293a-7033-f2ca84fa387d@redhat.com \
--to=lersek@redhat.com \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=berrange@redhat.com \
--cc=f4bug@amsat.org \
--cc=kraxel@redhat.com \
--cc=laurent@vivier.eu \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).