From 957c4b1603be2efcc6e00521fbe605a815b3106f Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Mon, 21 Oct 2024 15:02:36 +0100 Subject: [PATCH] Set and enforce VMPL in SNP attestation (#6583) (cherry picked from commit d3ba218586fde80e992ad44fda5a9eb219c1254e) # Conflicts: # .snpcc_canary # CHANGELOG.md # python/pyproject.toml --- .snpcc_canary | 1 + CHANGELOG.md | 6 ++++++ include/ccf/pal/attestation.h | 14 ++++++++++++++ include/ccf/pal/snp_ioctl5.h | 2 +- include/ccf/pal/snp_ioctl6.h | 2 +- 5 files changed, 23 insertions(+), 2 deletions(-) diff --git a/.snpcc_canary b/.snpcc_canary index ffe520bebb0f..baf88260e6b0 100644 --- a/.snpcc_canary +++ b/.snpcc_canary @@ -5,3 +5,4 @@ ... /\/\d(-_-)b/\/\ --/\ +----vmpl diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ac75c9d6215..cccfdd14dfe2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [5.0.8] + +[5.0.8]: https://github.com/microsoft/CCF/releases/tag/ccf-5.0.8 + +- Set VMPL value when creating SNP attestations, and check VMPL value is in guest range when verifiying attestation, since recent [updates allow host-initiated attestations](https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/56860.pdf) (#6583). + ## [5.0.7] [5.0.7]: https://github.com/microsoft/CCF/releases/tag/ccf-5.0.7 diff --git a/include/ccf/pal/attestation.h b/include/ccf/pal/attestation.h index c3a7ad859e00..b2fec1b1de6a 100644 --- a/include/ccf/pal/attestation.h +++ b/include/ccf/pal/attestation.h @@ -75,6 +75,20 @@ namespace ccf::pal fmt::format("SEV-SNP: Mask chip key must not be set")); } + // Introduced in + // https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/56860.pdf + // The guest sets the VMPL field to a value from 0 thru 3 which indicates a + // request from the guest. For a Guest requested attestation report this + // field will contain the value (0-3). A Host requested attestation report + // will have a value of 0xffffffff. CCF current always sets VMPL to 0, and + // rejects non-guest values. + if (quote.vmpl > 3) + { + throw std::logic_error(fmt::format( + "SEV-SNP: VMPL for guest attestations must be in 0-3 range, not {}", + quote.vmpl)); + } + report_data = SnpAttestationReportData(quote.report_data); measurement = SnpAttestationMeasurement(quote.measurement); diff --git a/include/ccf/pal/snp_ioctl5.h b/include/ccf/pal/snp_ioctl5.h index 830bd79b12af..7bad5ae89794 100644 --- a/include/ccf/pal/snp_ioctl5.h +++ b/include/ccf/pal/snp_ioctl5.h @@ -56,7 +56,7 @@ namespace ccf::pal::snp::ioctl5 struct AttestationReq { uint8_t report_data[snp_attestation_report_data_size]; - uint32_t vmpl; + uint32_t vmpl = 0; uint8_t reserved[28]; }; diff --git a/include/ccf/pal/snp_ioctl6.h b/include/ccf/pal/snp_ioctl6.h index cc73bb9ce369..3a765ce95bc0 100644 --- a/include/ccf/pal/snp_ioctl6.h +++ b/include/ccf/pal/snp_ioctl6.h @@ -23,7 +23,7 @@ namespace ccf::pal::snp::ioctl6 struct AttestationReq { uint8_t report_data[snp_attestation_report_data_size]; - uint32_t vmpl; + uint32_t vmpl = 0; uint8_t reserved[28]; // needs to be zero }; // aka snp_report_req in (linux) include/uapi/linux/sev-guest.h