git.proxmox.com Git - mirror

author	Laszlo Ersek <lersek@redhat.com>
	Mon, 28 Aug 2017 09:48:00 +0000 (11:48 +0200)
committer	Laszlo Ersek <lersek@redhat.com>
	Tue, 29 Aug 2017 20:44:33 +0000 (22:44 +0200)
commit	d431d8339e8b0e8cff634ae2567960706c028522
tree	774a50889d95cb4b3948949f9dcdf6b6d064b9aa	tree
parent	c1d799b915096b79b5c5d035b134ffbccc6d1469	commit \| diff

OvmfPkg/QemuFwCfgDxeLib: SEV: zero FW_CFG_DMA_ACCESS before decrypting it

There's a small window between

- AllocFwCfgDmaAccessBuffer() mapping the new FW_CFG_DMA_ACCESS object for
common buffer operation (i.e., decrypting it), and

- InternalQemuFwCfgDmaBytes() setting the fields of the object.

In this window, earlier garbage in the object is "leaked" to the
hypervisor. So zero the object before we decrypt it.

(This commit message references AMD SEV directly, because QemuFwCfgDxeLib
is not *generally* enabled for IOMMU operation just yet, unlike our goal
for the virtio infrastructure. Instead, QemuFwCfgDxeLib uses
MemEncryptSevLib explicitly to detect SEV, and then relies on IOMMU
protocol behavior that is specific to SEV. At this point, this is by
design.)

Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>