lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 16 Aug 2023 15:37:20 -0700
From:   Jim Mattson <jmattson@...gle.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     dave.hansen@...el.com, linux-kernel@...r.kernel.org,
        stable@...nel.org, x86@...nel.org
Subject: Re: [PATCH 1/2] x86/microcode/AMD: Load late on both threads too

On Wed, Aug 16, 2023 at 2:59 PM Borislav Petkov <bp@...en8.de> wrote:
>
> On Wed, Aug 16, 2023 at 02:36:57PM -0700, Jim Mattson wrote:
> > Doesn't this render that attestation misleading, since the microcode
> > patch may not have been loaded on all logical processors?
>
> For that it doesn't matter because the microcode engine is shared
> between the two threads. The updated microcode revision is shown on any
> of the two threads so you can load on one only. And we did this for
> years.
>
> Only recently we started loading on both and we will be doing that from
> now on.

SEV-SNP is supposed to protect the guest from a malicious host. A
malicious host may not load the microcode update on both threads. As a
result, it gives me some concern when I see something like this
(https://lore.kernel.org/lkml/20230808190239.131508-1-john.allen@amd.com/):

+NOTE: For Genoa (Family=0x19 Model=0x11) and Bergamo (Family=0x19 Model=0xa0),
+either AGESA version >= 1.0.0.8 OR a kernel with the following commit is
+required:
+a32b0f0db3f3 ("x86/microcode/AMD: Load late on both threads too")

It seems problematic if the guest can't tell from the attestation
whether or not the identified microcode revision has been correctly
applied.

> What could be problematic is if it simply fails loading on some cores
> - regardless of SMT - but that would be problematic not only to SEV-SNP
> attestation but to the general system health. tglx has some patches
> which verify what has been successfully loaded where so hopefully we'll
> be verifying more in that area.

I had assumed that the SEV-SNP microcode revision attestation was for
all logical processors on the host. Are you saying that it is not?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ