• Joerg Roedel's avatar
    x86/sev: Do not require Hypervisor CPUID bit for SEV guests · eab696d8
    Joerg Roedel authored
    A malicious hypervisor could disable the CPUID intercept for an SEV or
    SEV-ES guest and trick it into the no-SEV boot path, where it could
    potentially reveal secrets. This is not an issue for SEV-SNP guests,
    as the CPUID intercept can't be disabled for those.
    
    Remove the Hypervisor CPUID bit check from the SEV detection code to
    protect against this kind of attack and add a Hypervisor bit equals zero
    check to the SME detection path to prevent non-encrypted guests from
    trying to enable SME.
    
    This handles the following cases:
    
    	1) SEV(-ES) guest where CPUID intercept is disabled. The guest
    	   will still see leaf 0x8000001f and the SEV bit. It can
    	   retrieve the C-bit and boot normally.
    
    	2) Non-encrypted guests with intercepted CPUID will check
    	   the SEV_STATUS MSR and find it 0 and will try to enable SME.
    	   This will fail when the guest finds MSR_K8_SYSCFG to be zero,
    	   as it is emulated by KVM. But we can't rely on that, as there
    	   might be other hypervisors which return this MSR with bit
    	   23 set. The Hypervisor bit check will prevent that the guest
    	   tries to enable SME in this case.
    
    	3) Non-encrypted guests on SEV capable hosts with CPUID intercept
    	   disabled (by a malicious hypervisor) will try to boot into
    	   the SME path. This will fail, but it is also not considered
    	   a problem because non-encrypted guests have no protection
    	   against the hypervisor anyway.
    
     [ bp: s/non-SEV/non-encrypted/g ]
    Signed-off-by: default avatarJoerg Roedel <jroedel@suse.de>
    Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
    Acked-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
    Link: https://lkml.kernel.org/r/20210312123824.306-3-joro@8bytes.org
    eab696d8
sev-es-shared.c 12.2 KB