tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-24 22:24:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

AmdSev: Halt on failed blob allocation

Browse Source 
A malicious host may be able to undermine the fw_cfg
interface such that loading a blob fails.

In this case rather than continuing to the next boot
option, the blob verifier should halt.

For non-confidential guests, the error should be non-fatal.

Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
This commit is contained in:
Tobin Feldman-Fitzthum 2024-04-29 20:07:19 +00:00 committed by mergify[bot]
parent 56059941ec
commit 10b4bb8d6d
4 changed files with 35 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierSevHashes.c
View File

@ -83,6 +83,7 @@ FindBlobEntryGuid (
@param[in] BlobName The name of the blob @param[in] BlobName The name of the blob
@param[in] Buf The data of the blob @param[in] Buf The data of the blob
@param[in] BufSize The size of the blob in bytes @param[in] BufSize The size of the blob in bytes
@param[in] FetchStatus The status of the previous blob fetch
@retval EFI_SUCCESS The blob was verified successfully or was not @retval EFI_SUCCESS The blob was verified successfully or was not
found in the hash table. found in the hash table.
@ -94,13 +95,27 @@ EFIAPI
VerifyBlob ( VerifyBlob (
IN CONST CHAR16 *BlobName, IN CONST CHAR16 *BlobName,
IN CONST VOID *Buf, IN CONST VOID *Buf,
IN UINT32 BufSize IN UINT32 BufSize,
IN EFI_STATUS FetchStatus
) )
{ {
CONST GUID *Guid; CONST GUID *Guid;
INT32 Remaining; INT32 Remaining;
HASH_TABLE *Entry; HASH_TABLE *Entry;
// Enter a dead loop if the fetching of this blob
// failed. This prevents a malicious host from
// circumventing the following checks.
if (EFI_ERROR (FetchStatus)) {
DEBUG ((
DEBUG_ERROR,
"%a: Fetching blob failed.\n",
__func__
));
CpuDeadLoop ();
}
if ((mHashesTable == NULL) || (mHashesTableSize == 0)) { if ((mHashesTable == NULL) || (mHashesTableSize == 0)) {
DEBUG (( DEBUG ((
DEBUG_WARN, DEBUG_WARN,

11
OvmfPkg/Include/Library/BlobVerifierLib.h
View File

@ -22,17 +22,20 @@
@param[in] BlobName The name of the blob @param[in] BlobName The name of the blob
@param[in] Buf The data of the blob @param[in] Buf The data of the blob
@param[in] BufSize The size of the blob in bytes @param[in] BufSize The size of the blob in bytes
@param[in] FetchStatus The status of fetching this blob
@retval EFI_SUCCESS The blob was verified successfully. @retval EFI_SUCCESS The blob was verified successfully or was not
@retval EFI_ACCESS_DENIED The blob could not be verified, and therefore found in the hash table.
should be considered non-secure. @retval EFI_ACCESS_DENIED Kernel hashes not supported but the boot can
continue safely.
**/ **/
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
VerifyBlob ( VerifyBlob (
IN CONST CHAR16 *BlobName, IN CONST CHAR16 *BlobName,
IN CONST VOID *Buf, IN CONST VOID *Buf,
IN UINT32 BufSize IN UINT32 BufSize,
IN EFI_STATUS FetchStatus
); );
#endif #endif

13
OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierNull.c
View File

@ -16,18 +16,21 @@
@param[in] BlobName The name of the blob @param[in] BlobName The name of the blob
@param[in] Buf The data of the blob @param[in] Buf The data of the blob
@param[in] BufSize The size of the blob in bytes @param[in] BufSize The size of the blob in bytes
@param[in] FetchStatus The status of the fetch of this blob
@retval EFI_SUCCESS The blob was verified successfully. @retval EFI_SUCCESS The blob was verified successfully or was not
@retval EFI_ACCESS_DENIED The blob could not be verified, and therefore found in the hash table.
should be considered non-secure. @retval EFI_ACCESS_DENIED Kernel hashes not supported but the boot can
continue safely.
**/ **/
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
VerifyBlob ( VerifyBlob (
IN CONST CHAR16 *BlobName, IN CONST CHAR16 *BlobName,
IN CONST VOID *Buf, IN CONST VOID *Buf,
IN UINT32 BufSize IN UINT32 BufSize,
IN EFI_STATUS FetchStatus
) )
{ {
return EFI_SUCCESS; return FetchStatus;
} }

9
OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
View File

@ -1042,6 +1042,7 @@ QemuKernelLoaderFsDxeEntrypoint (
KERNEL_BLOB *CurrentBlob; KERNEL_BLOB *CurrentBlob;
KERNEL_BLOB *KernelBlob; KERNEL_BLOB *KernelBlob;
EFI_STATUS Status; EFI_STATUS Status;
EFI_STATUS FetchStatus;
EFI_HANDLE FileSystemHandle; EFI_HANDLE FileSystemHandle;
EFI_HANDLE InitrdLoadFile2Handle; EFI_HANDLE InitrdLoadFile2Handle;
@ -1060,15 +1061,13 @@ QemuKernelLoaderFsDxeEntrypoint (
// //
for (BlobType = 0; BlobType < KernelBlobTypeMax; ++BlobType) { for (BlobType = 0; BlobType < KernelBlobTypeMax; ++BlobType) {
CurrentBlob = &mKernelBlob[BlobType]; CurrentBlob = &mKernelBlob[BlobType];
Status = FetchBlob (CurrentBlob); FetchStatus = FetchBlob (CurrentBlob);
if (EFI_ERROR (Status)) {
goto FreeBlobs;
}
Status = VerifyBlob ( Status = VerifyBlob (
CurrentBlob->Name, CurrentBlob->Name,
CurrentBlob->Data, CurrentBlob->Data,
CurrentBlob->Size CurrentBlob->Size,
FetchStatus
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
goto FreeBlobs; goto FreeBlobs;