edk2 icon indicating copy to clipboard operation
edk2 copied to clipboard

Published 20 hours ago verified publisher icon tianocore

OvmfPkg: Move kernel hashes section to end

Open deeglaze opened this issue 1 year ago • 3 comments

When launching a SEV-SNP VM, the ROM is not all that must be measured. The OvmfSevMetadata sections describe ranges of memory that must be measured with different types than PAGE_TYPE_NORMAL, except one. The SevSnpKernelHashes page is also PAGE_TYPE_NORMAL, but is populated by the VMM from configuration data that is separate from the OVMF build itself. To more compactly provide reference values for the measurement of the firmware separately from the kernel hashes, it's advantageous to measure as much known information as possible first.

Whereas VMMs are permitted to measure these sections in any order they prefer, the normative order of how they appear in the .fd is easiest to follow. This change is semantics-preserving. Measurement calculation tools that do not follow the normative ordering would need updating to accommodate, but I don't know of any. The accounting for EC2 moving the CPUID page to the end of measurement would be unchanged.

This change is to improve performance of a proposed launch update event log to separate responsibility for initially measured data before VM launch, application/vnd.amd.sevsnp.launch-updates+cbor:

https://github.com/deeglaze/draft-deeglaze-amd-sev-snp-corim-profile

  • [ ] Breaking change?
  • [ ] Impacts security?
  • [ ] Includes tests?

How This Was Tested

Built and launched a SEV-SNP VM with the changed firmware.

Integration Instructions

N/A

deeglaze avatar Aug 06 '24 16:08 deeglaze

WARNING: Cannot add some reviewers: A user specified as a reviewer for this PR is not a collaborator of the repository. Please add them as a collaborator to the repository so they can be requested in the future.

Non-collaborators requested:

  • @mdroth

Attn Admins:

  • @jljusten
  • @lgao4
  • @mdkinney
  • @vincent-j-zimmer
  • @jkmathews
  • @miki-intel-work

Admin Instructions:

  • Add the non-collaborators as collaborators to the appropriate team(s) listed in teams
  • If they are no longer needed as reviewers, remove them from Maintainers.txt

tianocore-assign-reviewers[bot] avatar Aug 06 '24 16:08 tianocore-assign-reviewers[bot]

Is the idea to still do an SNP_LAUNCH_UPDATE of the kernel hashes, but just as the last metadata update, or no longer do the SNP_LAUNCH_UPDATE? Because looking at the patch, the kernel hashes information is now outside of the SNP metadata GUIDed struct and so the area containing the hashes will be not be measured anymore. I guess I'm just a bit confused...

tlendacky avatar Aug 06 '24 17:08 tlendacky

Oh crumbs, good catch. No, the idea is still to measure it.

deeglaze avatar Aug 06 '24 19:08 deeglaze

@mergify rebase

mdkinney avatar Aug 29 '24 16:08 mdkinney

rebase

✅ Branch has been successfully rebased

mergify[bot] avatar Aug 29 '24 16:08 mergify[bot]

@mergify rebase

ardbiesheuvel avatar Aug 30 '24 11:08 ardbiesheuvel

rebase

✅ Branch has been successfully rebased

mergify[bot] avatar Aug 30 '24 11:08 mergify[bot]