Re: [edk2-devel] Assistance Needed: ArmVirtPkg

2024-05-07 Thread Doug Flick via groups.io
Thanks!

I figured out out what I was missing (a mistake on my end) and I now have it 
booting to shell! I'll make the required changes to OvmfPkg and ArmVirtPkg 
based on your suggestions and put the Patch Series on the mailing list.

The assert you were seeing was the patch attempting to use the EDK2 Nist 
algorithms where VirtioRngDxe doesn't supply them. In that case, I created a 
PCD to disable the attempt to use the Nist algorithms and just take whichever 
algorithm the Rng Producer provides. This allows a platform to implement 
however they deem fit and puts the responsibility of secure algorithms on the 
platform. 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118650): https://edk2.groups.io/g/devel/message/118650
Mute This Topic: https://groups.io/mt/105949609/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-




Re: [edk2-devel] Assistance Needed: ArmVirtPkg

2024-05-07 Thread Ard Biesheuvel
There are no code changes, the only difference is adding the --pcd
PcdMonitorConduitHvc=TRUE option to the build.sh command line, and
running QEMU with -device virtio-rng-pci (which we should be doing in
any case, IMO)

The DEPEX might fix this, and this is actually the appropriate thing
to do if the driver cannot even be dispatched without the RNG protocol
available. However, I'm not convinced this is the right approach - I
think dispatching the driver but failing in the Supported() call on a
missing RNG protocol would be less disruptive, and give more
opportunity for a meaningful warning/error message to the actual user.

But I must admit I have only taken a very cursory look at the
underlying CVE and your proposed mitigation.



On Wed, 8 May 2024 at 00:28, Doug Flick via groups.io
 wrote:
>
> Thanks Ard for the explanation! Would you be able to tell me the exact 
> changes you made to get to this point and if that would be an acceptable 
> change to make to get these CVE patches on the mailing list? I'm happy adding 
> the depex but fundamentally I think the goal is get these patches into this 
> release. My attempts to rollback some of my changes and use VirtioRngDxe have 
> been unsuccessful so far.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118649): https://edk2.groups.io/g/devel/message/118649
Mute This Topic: https://groups.io/mt/105949609/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-




Re: [edk2-devel] Assistance Needed: ArmVirtPkg

2024-05-07 Thread Doug Flick via groups.io
Thanks Ard for the explanation! 
Would you be able to tell me the exact changes you made to get to this point 
and if that would be an acceptable change to make to get these CVE patches on 
the mailing list? I'm happy adding the depex but fundamentally I think the goal 
is get these patches into this release. My attempts to rollback some of my 
changes and use VirtioRngDxe have been unsuccessful so far.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118647): https://edk2.groups.io/g/devel/message/118647
Mute This Topic: https://groups.io/mt/105949609/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-




Re: [edk2-devel] Assistance Needed: ArmVirtPkg

2024-05-07 Thread Ard Biesheuvel
On Tue, 7 May 2024 at 00:22, Doug Flick  wrote:
>
> All,
>
> In order to patch Tianocore Bugzilla issues and CVEs:
>  4541 – Bug 08 - edk2/NetworkPkg: Predictable TCP ISNs (tianocore.org)
> and
> 4542 – Bug 09 - edk2/NetworkPkg: Use of a Weak PseudoRandom Number Generator 
> (tianocore.org)
>
> I've added as a dependency Hash2CryptoDxe and RngDxe lib to NetworkPkg. I've 
> been able to add the relevant libraries to the DSCs of OvmfPkg and 
> EmulatorPkg however I'm seeing odd behavior with ArmVirtPkg.
>
> Would someone more knowledgeable with ArmVirtPkg take a look this PR.
>
> PixieFail #8 and #9 TCBZ4541 and TCBZ4542 by Flickdm · Pull Request #5582 · 
> tianocore/edk2 (github.com)
>
> The issue was introduced in the commit "ArmVirtPkg: : Add RngDxe to 
> ArmVirtPkg"
>
> Right now PlatformCI_ArmVirtPkg_Ubuntu_GCC5_PR is crashing

You need to configure the TrngLib to use either secure monitor calls
or hypervisor calls, and this might be different depending on the
context:

- ordinary VMs running under proper virtualization will execute at EL1
under a hypervisor that implements the TRNG service, so it can only
use HVC (and SMC will trap, as you've experienced)

- QEMU itself does not implement the TRNG service (to my knowledge) so
running a VM under TCG emulation of EL1 will not have access to the
TRNG

- other emulation modes of QEMU may run the firmware in a different
way, where SMC is actually appropriate, and this could be either EL1
or EL2.

This makes it slightly awkward to decide whether or not to dispatch
RngDxe, and this is why nobody has gotten around to it (and I forgot
about this tbh)


TL;DR

building with --pcd PcdMonitorConduitHvc=TRUE will avoid the crash but
may not result in a usable RngDxe


It also seems to me that those network drivers will now need to DEPEX
on the RNG protocol, as they may get dispatched too early otherwise:

Failed to generate random data using secure algorithm 0: Unsupported
Failed to generate random data using secure algorithm 1: Unsupported
Failed to generate random data using secure algorithm 2: Unsupported

ASSERT_EFI_ERROR (Status = Unsupported)
ASSERT [Udp4Dxe] DxeNetLib.c(973): !(((INTN)(RETURN_STATUS)(Status)) < 0)
QEMU: Terminated

This is with -device virtio-rng-pci and the VirtioRngDxe driver (which
is already included in OVMF and ArmVirtQemu) but the driver dispatches
before the driver model can instantiate the protocol.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118646): https://edk2.groups.io/g/devel/message/118646
Mute This Topic: https://groups.io/mt/105949609/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-




Re: [edk2-devel] Assistance Needed: ArmVirtPkg

2024-05-07 Thread Gerd Hoffmann
On Mon, May 06, 2024 at 10:22:07PM GMT, Doug Flick wrote:
> All,
> 
> In order to patch Tianocore Bugzilla issues and CVEs:
>  4541 – Bug 08 - edk2/NetworkPkg: Predictable TCP ISNs 
> (tianocore.org)
> and
> 4542 – Bug 09 - edk2/NetworkPkg: Use of a Weak PseudoRandom Number Generator 
> (tianocore.org)
> 
> I've added as a dependency Hash2CryptoDxe and RngDxe lib to NetworkPkg. I've 
> been able to add the relevant libraries to the DSCs of OvmfPkg and 
> EmulatorPkg however I'm seeing odd behavior with ArmVirtPkg.
> 
> Would someone more knowledgeable with ArmVirtPkg take a look this PR.

Both OVMF and ArmVirt use the virtio random number device as
source for random numbers.

Driver: OvmfPkg/VirtioRngDxe
Some Background: https://wiki.qemu.org/Features/VirtIORNG

Typically the virtio rng device is present in virtual machine
configurations.  It might be missing though.

I'd recommend:
  (1) Do *not* add RngDxe to OvmfPkg and ArmVirtPkg dsc files, instead
  continue to depend on VirtioRngDxe.
  (2) Keep the time-based not-really-random RNG generator as fallback in
  case EFI_RNG_PROTOCOL is not present (possibly requiring a PCD
  being set so the fallback option can be disabled at build time).

HTH & take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118642): https://edk2.groups.io/g/devel/message/118642
Mute This Topic: https://groups.io/mt/105949609/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-