Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1723536ybl;
        Tue, 3 Dec 2019 11:37:12 -0800 (PST)
X-Google-Smtp-Source: APXvYqzqU5KTFKU04GJE8MBnSyfTbqa8bU0/2lIS3a+sl2A6PoHvsatjTn10xq2hdoJjOWj5CjAA
X-Received: by 2002:a05:6830:2157:: with SMTP id r23mr4643904otd.143.1575401832550;
        Tue, 03 Dec 2019 11:37:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1575401832; cv=none;
        d=google.com; s=arc-20160816;
        b=Dxr61IrT6vhoQJap5GiD0uOvCXB2p9kXAjGicCaSiTWK97hP23VDaQ/r0xnpey6LXU
         GlGUgLJloDMJB5vpavUGQgEiHyppIJSNxGhf0ufeYJktz+cMdcD1CDGYTMYPcjjeh8fr
         Xbb72TAakQoUT43T4SyN3YDlHgt/pTQlvMb+v6b/IRc7mtfWBniM98Czapkw2ADMpfnp
         Eqi5eV0okdCN4wxugIqroYr7ztIQD+1kQoO4u0oY2cMnBnCSUWEJz3Dc+5eB63Cfpp+S
         xTad2CNc292UB3LRN+EFHKTbt3g8+5RDU07Px84xJhAqwmq6ZAANoUWT5op6qS6EjUyY
         pLEA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=rbCm+sboO//ec+9mJyUZQfBjgbVhZp2u3dmOtW+Tw+c=;
        b=yhnq9VBb899hYefnBWKA1R2Rxz8Fnl7aiF0m8PXsE12wg1mNu+7xAOAZFLD0RWJtP1
         FccUhfZYnsx5HpWJcynfKXqxkaj/wZDFIlqaegHh3BRHdhz+tydDMuOEf4STwgGvXsEM
         9aMZl/ESosp6jPlM5UXyOQuXSmfNGzWxkR+hcKU/h9nf89a2IoKmbHSxcGloWEf9pE7Y
         xtPXshOL3u55KLiwsPD3PTPF1tuptqGgWO9/a55TE1Kj0EX46DpzCTRsstVeaLDtbo4l
         ixN/Bv/3iSjbT5bC5KQT91XWSh2H8/MPgpHhU/1pAmawAR9EBsuhaFJk0m4QzKlfxNso
         YtEg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=thVNI2dY;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g72si1846080otg.179.2019.12.03.11.37.00;
        Tue, 03 Dec 2019 11:37:12 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=thVNI2dY;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727434AbfLCTg2 (ORCPT <rfc822;tluu11sec@gmail.com> + 99 others);
        Tue, 3 Dec 2019 14:36:28 -0500
Received: from mail-io1-f42.google.com ([209.85.166.42]:46235 "EHLO
        mail-io1-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727376AbfLCTg1 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Dec 2019 14:36:27 -0500
Received: by mail-io1-f42.google.com with SMTP id i11so5047348iol.13
        for <linux-kernel@vger.kernel.org>; Tue, 03 Dec 2019 11:36:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=rbCm+sboO//ec+9mJyUZQfBjgbVhZp2u3dmOtW+Tw+c=;
        b=thVNI2dYbYLDW7LST1GvzlBiAIZzDGO78uzN5JdQEO7M2lDOMNOZANxdYW/Y7S1E6z
         AcwyTekhqytphND8+4zCsLKXRktkres1MuM7s1pYrPxWFAnFY1Tp2Wd8xvzwZX4PBfcn
         Tm+WvtYdvApcHjn6toWDudMHLN9YunqMDWB67jvfly7Y6o47uSik+1Jg3cl20RL4da7P
         WT0pEGwL7R5GvTy4QRe9JCbM2ia3Ljd68N4ly17rWbUsvkBsNs6r3AMCu/Io//k/PPtF
         ILNKPshiXXSd4xHgkaSDLBCJ3xCGvHOJlmYSftmXic4Lvhqhc9cp1iPk6kJlcGCelnxr
         vF5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=rbCm+sboO//ec+9mJyUZQfBjgbVhZp2u3dmOtW+Tw+c=;
        b=b7s0xeTgYn8OerlgSIso8mngsUYWJDi7Q30Szh+ws2exp7VCynTeRX5YLCn+WeTUUF
         2qeUJrLgAi2AFVAxASgLX4JVex91pSbMRMR4aSjeTZBpKUrKyUMjoGqoqeKpSO1hlDfs
         lLHab9PQIB/92hhEbZbOBF36eXoPFy1GOjxj62XMo9G48c3cRyUeVGMPcEr1Eclykq+A
         vYUU4D5sRDOl0ySSRWvLBfQlf2PVwr7p5n513G0YMALra8lAaJjx5es9sFsSUPCVdZcs
         vk1VwAjyccDGh77lmFsTnN3MPd8n9uVeOaLl4wz1X4BciJAWTJe7Ep+BGIYU03y/gute
         E5rQ==
X-Gm-Message-State: APjAAAXW0YFOymLfujb78Anm5zbApeWT7RF6LDw9INELoduo6P4zJyGZ
        RL0f/ny8Pbg84wnpH7ORBxlWy/CExllzjG3DLUR+ig==
X-Received: by 2002:a05:6602:187:: with SMTP id m7mr3775316ioo.16.1575401786293;
 Tue, 03 Dec 2019 11:36:26 -0800 (PST)
MIME-Version: 1.0
References: <20191203004043.174977-1-matthewgarrett@google.com>
 <CACdnJus7nHdr4p4H1j5as9eB=FG-uX+wy_tjvTQ5ObErDJHdow@mail.gmail.com>
 <CAKv+Gu8emrf7WbTyGc8QDykX_hZbrVtxJKkRVbGFhd8rd13yww@mail.gmail.com> <9c58f2d2-5712-0972-6ea7-092500f37cf9@redhat.com>
In-Reply-To: <9c58f2d2-5712-0972-6ea7-092500f37cf9@redhat.com>
From:   Matthew Garrett <mjg59@google.com>
Date:   Tue, 3 Dec 2019 11:36:14 -0800
Message-ID: <CACdnJutpgeUsGcscVJsxsj5-E=0JwYUFqEfjT4VJ+BMjn2RpAQ@mail.gmail.com>
Subject: Re: [PATCH] [EFI,PCI] Allow disabling PCI busmastering on bridges
 during boot
To:     Laszlo Ersek <lersek@redhat.com>
Cc:     Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        linux-efi <linux-efi@vger.kernel.org>,
        "the arch/x86 maintainers" <x86@kernel.org>,
        linux-pci <linux-pci@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Dec 3, 2019 at 5:38 AM Laszlo Ersek <lersek@redhat.com> wrote:

> (2) I'm not 100% convinced this threat model -- I hope I'm using the
> right term -- is useful. A PCI device will likely not "itself" set up
> DMA (maliciously or not) without a matching driver.

A malicious PCI device can absolutely set up DMA itself without a
matching driver. There's a couple of cases:

1) A device that's entirely under the control of an attacker. Using
external Thunderbolt devices to overwrite OS data has been
demonstrated on multiple occasions.

2) A device that's been compromised in some way. The UEFI driver is a
long way from the only software that's related to the device -
discrete GPUs boot themselves even in the absence of a driver, and if
that on-board code can be compromised in any persistent way then they
can be used to attack the OS.

> Is this a scenario where we trust the device driver that comes from the
> device's ROM BAR (let's say after the driver passes Secure Boot
> verification and after we measure it into the TPM), but don't trust the
> silicon jammed in the motherboard that presents the driver?

Yes, though it's not just internal devices that we need to worry about.

> (3) I never understood why the default behavior (or rather, "only"
> behavior) for system firmware wrt. the IOMMU at EBS was "whitelist
> everything". Why not "blacklist everything"?
>
> I understand the compat perspective, but the OS should at least be able
> to request such a full blackout through OsIndications or whatever. (With
> the SEV IOMMU driver in OVMF, that's what we do -- we set everything to
> encrypted.)

I'm working on that, but it would be nice to have an approach for
existing systems.