Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1461969pxb;
        Wed, 10 Feb 2021 08:51:28 -0800 (PST)
X-Google-Smtp-Source: ABdhPJziZEMJKJgk+vKhugSG+RZJ56K/FqAZ9IJrSNc8xC+uQZjrJl96Ot+6fjzxL80i7Vg0W7nC
X-Received: by 2002:a17:906:8053:: with SMTP id x19mr3717025ejw.470.1612975888454;
        Wed, 10 Feb 2021 08:51:28 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1612975888; cv=none;
        d=google.com; s=arc-20160816;
        b=DXnuFoLMDG6Pz+ETpcrkGMMQgq3oEspeS3ELyNg6KFgkQIEAl47qctS64/sTkLFLuJ
         C+ZmSZum4yEYPKZy76rMCqkWgsYqvKiNiXKKTrg8om5z2Yg9K0+QIyB4X4d0nkZmCt5e
         wpQdxQyQaf/TvxAn+GOkS9U2/SzT2NtQmqwOYH+YT64JACPpGF5zX0YFP+2dDf3+182K
         npYwWMBVRLxb9z1Pxt+qxwElIV4jteOJCZTMtt/7IP1jg7xWA+V8SHk5CleRI9XBzdsv
         1yiCf1f8LQHyzvJG3jUWtUDoKieB0kZaUHnX+rfspDCHijFXhyBnD7wsXnPz4x7w8yma
         TKUA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:user-agent:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date;
        bh=/FcsxF9BuQWYfmEvZx2330dxDbng79up6xEAmhLOeYM=;
        b=m+Wg1ODg5L+CxdZw51mUlNNmnRB29RXaBIfQcB04v2VTIM3ipLY27hArTL3QpilsjB
         e5Ykr+2OesHOBi1H72LuAh9/tyVplydVVWN6CZ17NgtL4jlHcnDhgweUo7EA9J22WTaM
         g+rDuqWZs7LLoAqyQuUGFue5CtVOsIF+uz7/FC5Y+HAXezsdjv9t0ilG4em7CTIw9Vc7
         xKGT+LuLXIcg9evh1jLmpO/7KfeLw0TtxjL8ktJctF/Ieb7dpZREGKoPBXemRJMPWDZD
         xMZETC9YhkfJ4Ym+uBVOcg79zOOlgqL6AKhmpZyKAOPt/eNcX8xwEJlPquhuT8ozQhUW
         8y9Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id i26si1712766edu.267.2021.02.10.08.51.04;
        Wed, 10 Feb 2021 08:51:28 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232736AbhBJQr6 (ORCPT <rfc822;loic.yhuel@gmail.com> + 99 others);
        Wed, 10 Feb 2021 11:47:58 -0500
Received: from 8bytes.org ([81.169.241.247]:55448 "EHLO theia.8bytes.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S232552AbhBJQr0 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 10 Feb 2021 11:47:26 -0500
Received: by theia.8bytes.org (Postfix, from userid 1000)
        id 6B01C3C2; Wed, 10 Feb 2021 17:46:44 +0100 (CET)
Date:   Wed, 10 Feb 2021 17:46:42 +0100
From:   Joerg Roedel <joro@8bytes.org>
To:     Dave Hansen <dave.hansen@intel.com>
Cc:     x86@kernel.org, Joerg Roedel <jroedel@suse.de>, hpa@zytor.com,
        Andy Lutomirski <luto@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Jiri Slaby <jslaby@suse.cz>,
        Dan Williams <dan.j.williams@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Juergen Gross <jgross@suse.com>,
        Kees Cook <keescook@chromium.org>,
        David Rientjes <rientjes@google.com>,
        Cfir Cohen <cfir@google.com>,
        Erdem Aktas <erdemaktas@google.com>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Mike Stunes <mstunes@vmware.com>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        Martin Radev <martin.b.radev@gmail.com>,
        Arvind Sankar <nivedita@alum.mit.edu>,
        linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
        virtualization@lists.linux-foundation.org
Subject: Re: [PATCH 6/7] x86/boot/compressed/64: Check SEV encryption in
 32-bit boot-path
Message-ID: <20210210164642.GE7302@8bytes.org>
References: <20210210102135.30667-1-joro@8bytes.org>
 <20210210102135.30667-7-joro@8bytes.org>
 <0526b64e-8ef0-2e3c-06a7-e07835be160c@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <0526b64e-8ef0-2e3c-06a7-e07835be160c@intel.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Feb 10, 2021 at 08:25:11AM -0800, Dave Hansen wrote:
> This is all very cute.  But, if this fails, it means that the .data
> section is now garbage, right?.  I guess failing here is less
> entertaining than trying to run the kernel with random garbage in .data,
> but it doesn't make it very far either way, right?

Yes, if this fails the .data section is garbage, and more importantly,
the .text section of the decompressed kernel image would be garbage too.
The kernel won't get very far, but could possibly be tricked into
releasing secrets to the hypervisor.

> Why bother with rdrand, though?  Couldn't you just pick any old piece of
> .data and compare before and after?

It is important that the Hypervisor can't predict what data will be
written. It is written with paging off, so it will implicitly be
encrypted. If the Hypervisor knows the data, it could use the small time
window until it is read again to remap the gpa to a page with the
expected data.

Regards,

	Joerg