[Bug]: AMD SEV-SNP: SVSM-populated secrets fields not respected #10701
Labels
package:ovmfpkg
priority:medium
Moderate impact. Should be prioritized over lower priority issues.
state:needs-maintainer-feedback
state:needs-owner
state:needs-triage
type:bug
Something isn't working
Comments
github-actions
bot
added
package:ovmfpkg
priority:medium
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing issue for this?
Bug Type
Code first?
What packages are impacted?
OvmfPkg
Which targets are impacted by this bug?
DEBUG, NO-TARGET, NOOPT, RELEASE
Current Behavior
The PcdsFixedAtBuild-classified PcdOvmfSecSvsmCaaBase and PcdOvmfSecSvsmCaaSize as located at
edk2/OvmfPkg/OvmfPkgX64.fdf
Line 97 in 87f1432
respectively [1]. Relatedly, the base/size values at offsets 0x140, 0x148 ought to define a reserved memory HOB. We can restrict these allocations to be within few pre-determined areas to ensure we know exactly which HOBs to break up.
[1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf table 1
Expected Behavior
The CAA_BASE can be set by the SVSM itself in the Secrets page, subject to some restrictions
Steps To Reproduce
Populate the CAA_BASE field in SVSM be somewhere else and try to communicate with SVSM at that address. If you're lucky it crashes. If you're unlucky, you corrupt memory.
Build Environment
Version Information
Urgency
Medium
Are you going to fix this?
Someone else needs to fix it
Do you need maintainer feedback?
Maintainer feedback requested
Anything else?
Request feedback from Thomas Lendacky.
The text was updated successfully, but these errors were encountered: