From 90d2581e0a74580abb8695ab9b626fa82b530809 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Mon, 21 Oct 2024 09:31:55 +0000 Subject: [PATCH 1/4] Set and enforced VMPL in SNP attestation --- .snpcc_canary | 2 +- CHANGELOG.md | 8 ++++++++ include/ccf/pal/attestation.h | 10 ++++++++++ include/ccf/pal/snp_ioctl5.h | 2 +- include/ccf/pal/snp_ioctl6.h | 2 +- 5 files changed, 21 insertions(+), 3 deletions(-) diff --git a/.snpcc_canary b/.snpcc_canary index 4ee1c2fe9d6b..4f8925b59ebe 100644 --- a/.snpcc_canary +++ b/.snpcc_canary @@ -4,4 +4,4 @@ /-xXx--//-----x=x--/-xXx--/---x---->>>--/ ... /\/\d(-_-)b/\/\ ----- \ No newline at end of file +----vmpl \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 14878b4f0f7e..6708944ca2ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [6.0.0-dev3] + +[6.0.0-dev3]: https://github.com/microsoft/CCF/releases/tag/6.0.0-dev3 + +### Changed + +- Set VMPL value when creating SNP attestations, and check VMPL value is in guest range when verifiying attestation, since recent [updates allow host-initiated attestations](https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/56860.pdf). + ## [6.0.0-dev2] [6.0.0-dev2]: https://github.com/microsoft/CCF/releases/tag/6.0.0-dev2 diff --git a/include/ccf/pal/attestation.h b/include/ccf/pal/attestation.h index 2cc25bee6939..2e471f7a1a35 100644 --- a/include/ccf/pal/attestation.h +++ b/include/ccf/pal/attestation.h @@ -75,6 +75,16 @@ namespace ccf::pal fmt::format("SEV-SNP: Mask chip key must not be set")); } + // Introduced in https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/56860.pdf + // The guest sets the VMPL field to a value from 0 thru 3 which indicates a request from the guest. + // For a Guest requested attestation report this field will contain the value (0-3). A Host requested attestation report will have a value of 0xffffffff. + // CCF current always sets VMPL to 0, and rejects non-guest values. + if (quote.vmpl > 3) + { + throw std::logic_error( + fmt::format("SEV-SNP: VMPL for guest attestations must be in 0-3 range, not {}", quote.vmpl)); + } + report_data = SnpAttestationReportData(quote.report_data); measurement = SnpAttestationMeasurement(quote.measurement); diff --git a/include/ccf/pal/snp_ioctl5.h b/include/ccf/pal/snp_ioctl5.h index 830bd79b12af..7bad5ae89794 100644 --- a/include/ccf/pal/snp_ioctl5.h +++ b/include/ccf/pal/snp_ioctl5.h @@ -56,7 +56,7 @@ namespace ccf::pal::snp::ioctl5 struct AttestationReq { uint8_t report_data[snp_attestation_report_data_size]; - uint32_t vmpl; + uint32_t vmpl = 0; uint8_t reserved[28]; }; diff --git a/include/ccf/pal/snp_ioctl6.h b/include/ccf/pal/snp_ioctl6.h index cc73bb9ce369..3a765ce95bc0 100644 --- a/include/ccf/pal/snp_ioctl6.h +++ b/include/ccf/pal/snp_ioctl6.h @@ -23,7 +23,7 @@ namespace ccf::pal::snp::ioctl6 struct AttestationReq { uint8_t report_data[snp_attestation_report_data_size]; - uint32_t vmpl; + uint32_t vmpl = 0; uint8_t reserved[28]; // needs to be zero }; // aka snp_report_req in (linux) include/uapi/linux/sev-guest.h From 7e7e6393ff7387d5811793c53233b60d7c779ddf Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Mon, 21 Oct 2024 09:32:42 +0000 Subject: [PATCH 2/4] pr --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6708944ca2ab..9d666ea52a2d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ### Changed -- Set VMPL value when creating SNP attestations, and check VMPL value is in guest range when verifiying attestation, since recent [updates allow host-initiated attestations](https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/56860.pdf). +- Set VMPL value when creating SNP attestations, and check VMPL value is in guest range when verifiying attestation, since recent [updates allow host-initiated attestations](https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/56860.pdf) (#6583). ## [6.0.0-dev2] From 46066c744f84c54ed9fdd48287802440ecb1dbe0 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Mon, 21 Oct 2024 09:37:14 +0000 Subject: [PATCH 3/4] 3 --- python/pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/pyproject.toml b/python/pyproject.toml index 01353f9d6e5b..b8fadadf3d89 100644 --- a/python/pyproject.toml +++ b/python/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "ccf" -version = "6.0.0-dev2" +version = "6.0.0-dev3" authors = [ { name="CCF Team", email="CCF-Sec@microsoft.com" }, ] From 98394c6f73efc0c91076cfa7b5ded378852a3556 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Mon, 21 Oct 2024 11:56:28 +0000 Subject: [PATCH 4/4] blah --- include/ccf/pal/attestation.h | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/include/ccf/pal/attestation.h b/include/ccf/pal/attestation.h index 2e471f7a1a35..48304ab5f7db 100644 --- a/include/ccf/pal/attestation.h +++ b/include/ccf/pal/attestation.h @@ -75,14 +75,18 @@ namespace ccf::pal fmt::format("SEV-SNP: Mask chip key must not be set")); } - // Introduced in https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/56860.pdf - // The guest sets the VMPL field to a value from 0 thru 3 which indicates a request from the guest. - // For a Guest requested attestation report this field will contain the value (0-3). A Host requested attestation report will have a value of 0xffffffff. - // CCF current always sets VMPL to 0, and rejects non-guest values. + // Introduced in + // https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/56860.pdf + // The guest sets the VMPL field to a value from 0 thru 3 which indicates a + // request from the guest. For a Guest requested attestation report this + // field will contain the value (0-3). A Host requested attestation report + // will have a value of 0xffffffff. CCF current always sets VMPL to 0, and + // rejects non-guest values. if (quote.vmpl > 3) { - throw std::logic_error( - fmt::format("SEV-SNP: VMPL for guest attestations must be in 0-3 range, not {}", quote.vmpl)); + throw std::logic_error(fmt::format( + "SEV-SNP: VMPL for guest attestations must be in 0-3 range, not {}", + quote.vmpl)); } report_data = SnpAttestationReportData(quote.report_data);