From patchwork Tue May 15 12:30:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Marc-Andr=C3=A9_Lureau?= X-Patchwork-Id: 913612 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40lcQ34fYNz9ryk for ; Tue, 15 May 2018 22:31:55 +1000 (AEST) Received: from localhost ([::1]:35609 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fIZ7R-0008Jm-4q for incoming@patchwork.ozlabs.org; Tue, 15 May 2018 08:31:53 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44353) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fIZ6T-0008FA-Vf for qemu-devel@nongnu.org; Tue, 15 May 2018 08:31:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fIZ6Q-0003nP-OZ for qemu-devel@nongnu.org; Tue, 15 May 2018 08:30:53 -0400 Received: from mx1.redhat.com ([209.132.183.28]:51144) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fIZ6Q-0003mW-GM for qemu-devel@nongnu.org; Tue, 15 May 2018 08:30:50 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9275A1B982B; Tue, 15 May 2018 12:30:49 +0000 (UTC) Received: from localhost (ovpn-116-28.phx2.redhat.com [10.3.116.28]) by smtp.corp.redhat.com (Postfix) with ESMTP id 44C1E10018FD; Tue, 15 May 2018 12:30:45 +0000 (UTC) From: marcandre.lureau@redhat.com To: edk2-devel@lists.01.org Date: Tue, 15 May 2018 14:30:07 +0200 Message-Id: <20180515123007.10164-5-marcandre.lureau@redhat.com> In-Reply-To: <20180515123007.10164-1-marcandre.lureau@redhat.com> References: <20180515123007.10164-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Tue, 15 May 2018 12:30:49 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 4/4] ovmf: process TPM PPI request in AfterConsole() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: stefanb@linux.vnet.ibm.com, qemu-devel@nongnu.org, javierm@redhat.com, pjones@redhat.com, jiewen.yao@intel.com, =?utf-8?q?Marc-Andr=C3=A9_Lu?= =?utf-8?q?reau?= , lersek@redhat.com Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" From: Marc-André Lureau Call Tcg2PhysicalPresenceLibProcessRequest() to process pending PPI requests from PlatformBootManagerAfterConsole(). Laszlo understanding of edk2 is that the PPI operation processing was meant to occur *entirely* before End-Of-Dxe, so that 3rd party UEFI drivers couldn't interfere with PPI opcode processing *at all*. He suggested that we should *not* call Tcg2PhysicalPresenceLibProcessRequest() from BeforeConsole(). Because, an "auth" console, i.e. one that does not depend on a 3rd party driver, is *in general* impossible to guarantee. Instead we could opt to trust 3rd party drivers, and use the "normal" console(s) in AfterConsole(), in order to let the user confirm the PPI requests. It will depend on the user to enable Secure Boot, so that the trustworthiness of those 3rd party drivers is ensured. If an attacker roots the guest OS from within, queues some TPM2 PPI requests, and also modifies drivers on the EFI system partition and/or in GPU option ROMs (?), then those drivers will not load after guest reboot, and thus the dependent console(s) won't be used for confirming the PPI requests. Signed-off-by: Marc-André Lureau Reviewed-by: Laszlo Ersek --- OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 8 ++++++++ .../PlatformBootManagerLib/PlatformBootManagerLib.inf | 2 ++ 2 files changed, 10 insertions(+) diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c index 004b753f4d26..8b1beaa3e207 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -16,6 +16,7 @@ #include #include #include +#include // @@ -1410,6 +1411,13 @@ PlatformBootManagerAfterConsole ( // PciAcpiInitialization (); + + // + // Process TPM PPI request + // + Tcg2PhysicalPresenceLibProcessRequest (NULL); + + // // Process QEMU's -kernel command line option // diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index 27789b7377bc..4b72c44bcf0a 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -38,6 +38,7 @@ [Packages] IntelFrameworkModulePkg/IntelFrameworkModulePkg.dec SourceLevelDebugPkg/SourceLevelDebugPkg.dec OvmfPkg/OvmfPkg.dec + SecurityPkg/SecurityPkg.dec [LibraryClasses] BaseLib @@ -56,6 +57,7 @@ [LibraryClasses] LoadLinuxLib QemuBootOrderLib UefiLib + Tcg2PhysicalPresenceLib [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent