lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 4 Mar 2022 09:39:16 -0600
From:   Brijesh Singh <brijesh.singh@....com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     brijesh.singh@....com, x86@...nel.org,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        linux-efi@...r.kernel.org, platform-driver-x86@...r.kernel.org,
        linux-coco@...ts.linux.dev, linux-mm@...ck.org,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Joerg Roedel <jroedel@...e.de>,
        Tom Lendacky <thomas.lendacky@....com>,
        "H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Sean Christopherson <seanjc@...gle.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Jim Mattson <jmattson@...gle.com>,
        Andy Lutomirski <luto@...nel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Sergio Lopez <slp@...hat.com>, Peter Gonda <pgonda@...gle.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>,
        David Rientjes <rientjes@...gle.com>,
        Dov Murik <dovmurik@...ux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@....com>,
        Michael Roth <michael.roth@....com>,
        Vlastimil Babka <vbabka@...e.cz>,
        "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
        Andi Kleen <ak@...ux.intel.com>,
        "Dr . David Alan Gilbert" <dgilbert@...hat.com>,
        brijesh.ksingh@...il.com, tony.luck@...el.com, marcorr@...gle.com,
        sathyanarayanan.kuppuswamy@...ux.intel.com
Subject: Re: [PATCH v11 44/45] virt: sevguest: Add support to get extended
 report


On 3/4/22 8:06 AM, Borislav Petkov wrote:
> On Thu, Mar 03, 2022 at 10:47:20AM -0600, Brijesh Singh wrote:
>> I did not fail on !req.cert_len, because my read of the GHCB spec says that
>> additional data (certificate blob) is optional. A user could call
>> SNP_GET_EXT_REPORT without asking for the extended certificate. In this
>> case, SNP_GET_EXT_REPORT == SNP_GET_REPORT.
>>
>> Text from the GHCB spec section 4.1.8
>> ---------------
>> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper.amd.com%2Fwp-content%2Fresources%2F56421.pdf&amp;data=04%7C01%7Cbrijesh.singh%40amd.com%7C10f73f9bd6524f9f9c4e08d9fde843d5%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637819996563585169%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=GS3iyUCAOmaPuxN4sRi%2B%2FFTsRGF7QC1jISc%2B25c4XtY%3D&amp;reserved=0
>>
>> The SNP Extended Guest Request NAE event is very similar to the SNP Guest
>> Request NAE event. The difference is related to the additional data that can
>> be returned based on the guest request. Any SNP Guest Request that does not
>> support returning additional data must execute as if invoked as an SNP Guest
>> Request.
>> --------------
> Sorry, it is still not clear to me how
>
> "without asking for the extended certificate" == !req.certs_len
>
> That's not explained in the help text either. And ->certs_len is part of
> the input structure but nowhere does it say that when that thing is 0,
> the request will be downgraded to a SNP_GET_REPORT.

The decision to downgrade will be done by the hypervisor. See the GHCB
spec (page 36), if RBX (aka number of certificate data pages) is zero
then section SNP_GET_EXT_REQUEST section (4.1.8) say that hypervisor
must treat it as SNP_GET_REQUEST.


>
> How is the user of this supposed to know?

Depending on which ioctl user want to use for querying the attestation
report, she need to look at the SNP/GHCB specification for more details.
The blob contains header that application need to parse to get to the
actual certificate. The header is defined in the spec. From kernel
driver point-of-view, all these are opaque data.


>
> And regardless, you can still streamline the code as in the example I
> gave so that it is clear which values are checked and for which does the
> request get failed...

Will do.

thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ