Shim Reboot workaround #3
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Joerg Roedel <[email protected]>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 In preparation for running under an SVSM at VMPL1 or higher (higher numerically, lower privilege), re-organize the way a page state change is performed in order to free up the GHCB for use by the SVSM support. Currently, the page state change logic directly uses the GHCB shared buffer to build the page state change structures. However, this will be in conflict with the use of the GHCB should an SVSM call be required. Instead, use a separate buffer (an area in the workarea during SEC and an allocated page during PEI/DXE) to hold the page state change request and only update the GHCB shared buffer as needed. Since the information is copied to, and operated on, in the GHCB shared buffer this has the added benefit of not requiring to save the start and end entries for use when validating the memory during the page state change sequence. Signed-off-by: Tom Lendacky <[email protected]>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 The Secure VM Service Module specification defines the interfaces needed to allow multi-VMPL level execution of an SEV-SNP guest. Define the SVSM related structures for the SVSM Calling Area as well as the SVSM CAA MSR. The SVSM CAA MSR is an MSR register that is reserved for software use and will not be implemented in hardware. Signed-off-by: Tom Lendacky <[email protected]>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 The SVSM specification relies on a specific register calling convention to hold the parameters that are associated with the SVSM request. The SVSM is invoked by requesting the hypervisor to run the VMPL0 VMSA of the guest using the GHCB MSR Protocol or a GHCB NAE event. Create a new version of the VMGEXIT instruction that will adhere to this calling convention and load the SVSM function arguments into the proper register before invoking the VMGEXIT instruction. On return, perform the atomic exchange on the SVSM call pending value as specified in the SVSM specification. Signed-off-by: Tom Lendacky <[email protected]>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 In order to support an SEV-SNP guest running under an SVSM at VMPL1 or lower, the CcExitLib library must be extended with new intefaces. This includes an interface to detect if running under an SVSM, an interface to return the current VMPL, an interface to perform memory validation and an interface to set or clear the attribute that allows a page to be used as a VMSA. Signed-off-by: Tom Lendacky <[email protected]>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 Add initial support for the new CcExitLib interfaces to the OvmfPkg version of the library. The initial implementation will fully implement the SVSM presence check API and the SVSM VMPL API, with later patches fully implementing the other interfaces. The SVSM presence check, CcExitSnpSvsmPresent(), determines the presence of an SVSM by checking if an SVSM has been advertised in the SEV-SNP Secrets Page. The SVSM VMPL API, CcExitSnpGetVmpl(), returns the VMPL level at which the OVMF is currently running. Signed-off-by: Tom Lendacky <[email protected]>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 An SVSM requires a calling area page whose address (CAA) is used by the SVSM to communicate and process the SVSM request. Add a pre-defined page area to the OvmfPkg and AmdSev packages and define corresponding PCDs used to communicate the location and size of the area. Keep the AmdSev package in sync with the OvmfPkg and adjust the AmdSev launch and hash area memory locations. Signed-off-by: Tom Lendacky <[email protected]>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 The PVALIDATE instruction can only be performed at VMPL0. An SVSM will be present when running at VMPL1 or higher. When an SVSM is present, use the SVSM_CORE_PVALIDATE call to perform memory validation instead of issuing the PVALIDATE instruction directly. This moves the current PVALIDATE functionality into the CcExitLib library, where it can be determined whether an SVSM is present and perform the proper operation. Signed-off-by: Tom Lendacky <[email protected]>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 The RMPADJUST instruction is used to alter the VMSA attribute of a page, but the VMSA attribute can only be changed when running at VMPL0. When an SVSM is present, use the SVSM_CORE_CREATE_VCPU and SVSM_CORE_DELTE_VCPU calls to add or remove the VMSA attribute on a page instead of issuing the RMPADJUST instruction directly. Implement the CcExitSnpVmsaRmpAdjust() API to perform the proper operation to update the VMSA attribute. Signed-off-by: Tom Lendacky <[email protected]>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 The RMPADJUST instruction is used to change the VMSA attribute of a page, but the VMSA attribute can only be changed when running at VMPL0. When an SVSM is present, use the SVSM_CORE_CREATE_VCPU and SVSM_CORE_DELTE_VCPU calls to change the VMSA attribute on a page instead of issuing the RMPADJUST instruction directly. Implement the CcExitSnpVmsaRmpAdjust() API to perform the appropriate operation to change the VMSA attribute based on the presence of an SVSM. Signed-off-by: Tom Lendacky <[email protected]>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 When an SVSM is present, starting the APs requires knowledge of the APIC IDs. Create the definitions required to retrieve and hold the APIC ID information of all the vCPUs present in the guest. Signed-off-by: Tom Lendacky <[email protected]>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 Create a PCD that can be used to set and get the APIC ID information that is required for starting APs when an SVSM is present. Signed-off-by: Tom Lendacky <[email protected]>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 If the hypervisor supports retrieval of the vCPU APIC IDs, retrieve them before any APs are actually started. The APIC IDs can be used to start the APs for any SEV-SNP guest, but is a requirement for an SEV-SNP guest that is running under an SVSM. After retrieving the APIC IDs, save the address of the APIC ID data structure in the PcdSevSnpApicIds PCD. Signed-off-by: Tom Lendacky <[email protected]>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 Currently, the first time an AP is started for an SEV-SNP guest, it relies on the VMSA as set by the hypervisor. If the list of APIC IDs has been retrieved, this is not necessary. Instead, use the SEV-SNP AP Create protocol to start the AP for the first time and thereafter using the VMPL at which the BSP is running. Signed-off-by: Tom Lendacky <[email protected]>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 When running under an SVSM, the VMPL level of the APs that are started must match the VMPL level provided by the SVSM. Additionally, each AP must have a Calling Area for use with the SVSM protocol. Update the AP creation to properly support running under an SVSM. Signed-off-by: Tom Lendacky <[email protected]>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 The SVSM specification documents an alternative method of discovery for the SVSM using a reserved CPUID bit and a reserved MSR. For the CPUID support, the #VC handler of an SEV-SNP guest should modify the returned value in the EAX register for the 0x8000001f CPUID function by setting bit 28 when an SVSM is present. For the MSR support, new reserved MSR 0xc001f000 has been defined. A #VC should be generated when accessing this MSR. The #VC handler is expected to ignore writes to this MSR and return the physical calling area address (CAA) on reads of this MSR. Signed-off-by: Tom Lendacky <[email protected]>
…VMPL0 BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654 Currently, an SEV-SNP guest will terminate if it is not running at VMPL0. The requirement for running at VMPL0 is removed if an SVSM is present. Update the current VMPL0 check to additionally check for the presence of an SVSM is the guest is not running at VMPL0. Additionally, fix an error in SevSnpIsVmpl0() where the Status variable should be compared to 0 and not use the EFI_ERROR() function to determine if an error occurred during AsmRmpAdjust(). Signed-off-by: Tom Lendacky <[email protected]>
Add this as a new device in TPM2DeviceLibDTpm. The SVSM vTPM has no physical presence interface, so handle detecting this device before that check. The detection is done by sending a SVSM_VTPM_QUERY to the SVSM. Co-developed-by: Claudio Carvalho <[email protected]> Signed-off-by: Claudio Carvalho <[email protected]> Signed-off-by: James Bottomley <[email protected]>
Add a callback at the end of the Dxe phase that sets the "FB_NO_REBOOT" variable under the Shim GUID. This is a workaround for a boot loop in case a confidential guest that uses shim is booted with a vtpm device present. Signed-off-by: Oliver Steffen <[email protected]>
osteffenrh
force-pushed
the
coconut-shim-fallback-workaround
branch
from
5ffb4fb to
7a4cf97
Compare
stefano-garzarella
pushed a commit
to stefano-garzarella/edk2
that referenced
this pull request
Oct 10, 2024
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4536 Bug Overview: PixieFail Bug coconut-svsm#3 CVE-2023-45231 CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-125 Out-of-bounds Read Out-of-bounds read when handling a ND Redirect message with truncated options Change Overview: Adds a check to prevent truncated options from being parsed + // + // Cannot process truncated options. + // Cannot process options with a length of 0 as there is no Type field. + // + if (OptionLen < sizeof (IP6_OPTION_HEADER)) { + return FALSE; + } Cc: Saloni Kasbekar <[email protected]> Cc: Zachary Clark-williams <[email protected]> Signed-off-by: Doug Flick [MSFT] <[email protected]> Reviewed-by: Saloni Kasbekar <[email protected]>
stefano-garzarella
pushed a commit
to stefano-garzarella/edk2
that referenced
this pull request
Nov 5, 2024
This patch does not impact functionality. It aims to clarify the synchronization flow between the BSP and APs to enhance code readability and understanding: Steps tianocore#6 and tianocore#11 are the basic synchronization requirements for all cases. Steps coconut-svsm#1 is additional requirements if the MmCpuSyncModeTradition mode is selected. Steps coconut-svsm#1, coconut-svsm#2, coconut-svsm#3, coconut-svsm#4, coconut-svsm#5, tianocore#7, tianocore#8, tianocore#9, and tianocore#10 are additional requirements if the system needs to configure the MTRR. Steps tianocore#9 and tianocore#10 are additional requirements if the system needs to support the mSmmDebugAgentSupport. Signed-off-by: Jiaxin Wu <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When booting a distro image that uses shim for the first time (via the removable media path),
shim will install itself as the default boot option and wants to reboot the machine.
This is annoying, since manual intervention is required, as reboots do not work under SNP.
Shim can be told to not reboot by setting an EFI variable.
Let's set this by default and never bother the user with reboots.
This is done via a code rather than pre-populating the OVMF image, since OVMF is using the
emulated in-ram variable store.