plat/common/efi: Add support for `TCG`'s `Reset Attack Mitigation`

Add `Trusted Computing Group`'s `Reset Attack Mitigation` mechanism.
Whenever a machine shuts down or reboots, due to lack of electric
charge, the contents of RAM may dissipate after a short amount of
time. However this may be enough for an attacker to quickly boot
again into a custom program and dump memory contents. Thus, by using
this, the OS instructs POST BIOS to overwrite memory contents before
continuing to boot into the rest of the BIOS code.

Since this is not really implemented in `OVMF`'s `NVRAM` variables
we disable this by default.

Signed-off-by: Sergiu Moga <sergiu.moga@protonmail.com>
Reviewed-by: Michalis Pappas <michalis@unikraft.io>
Approved-by: Razvan Deaconescu <razvand@unikraft.io>
Tested-by: Unikraft CI <monkey@unikraft.io>
GitHub-Closes: #909

diff --git a/plat/kvm/Config.uk b/plat/kvm/Config.uk
index 5fa58e3667f2968e4df4125fb37a1ea4d29c51e8..14369a213cd5a2d80e9a559295d0f92cd1dc7529 100644 (file)
--- a/plat/kvm/Config.uk
+++ b/plat/kvm/Config.uk
@@ -63,6 +63,19 @@ config KVM_BOOT_EFI_STUB_DTB_FNAME
        string "Name of the Devicetree Blob file"
        default "$(UK_NAME).dtb"
 
+config KVM_BOOT_EFI_STUB_RST_ATK_MITIGATION
+       bool "TCG Reset Attack Mitigation"
+       default n
+       help
+               Enable Trusted Computing Group's Reset Attack Mitigation.
+               Whenever a machine shuts down or reboots, due to lack of
+               electric charge, the contents of RAM may dissipate after a short
+               amount of time. However this may be enough for an attacker to
+               quickly boot again into a custom program and dump memory
+               contents. Thus, by using this, the OS instructs POST BIOS to
+               overwrite memory contents before continuing to boot into the
+               rest of the BIOS code.
+
 endif
 
 choice

diff --git a/plat/kvm/efi.c b/plat/kvm/efi.c
index fd3ba58d5197dbfc4691edee162dff01497885bb..a58f126248050f3874ff6c2e76be77a4c7560525 100644 (file)
--- a/plat/kvm/efi.c
+++ b/plat/kvm/efi.c
@@ -567,12 +567,48 @@ static void uk_efi_exit_bs(void)
                uk_efi_crash("Failed to to exit Boot Services\n");
 }
 
+/* Sect 4. of TCG Platform Reset Attack Mitigation Specification Version 1.10
+ * Rev. 17
+ */
+static void uk_efi_reset_attack_mitigation_enable(void)
+{
+#ifdef CONFIG_KVM_BOOT_EFI_STUB_RST_ATK_MITIGATION
+       /* The UTF-16 encoding of the "MemoryOverwriteRequestControl" string */
+       char var_name[] = "M\0e\0m\0o\0r\0y\0O\0v\0e\0r\0w\0r\0i\0t\0e\0R\0e"
+                         "\0q\0u\0e\0s\0t\0C\0o\0n\0t\0r\0o\0l\0";
+       uk_efi_uintn_t data_sz;
+       uk_efi_status_t status;
+       __u8 enable = 1;
+
+       status = uk_efi_rs->get_variable((__s16 *)var_name,
+                                        MEMORY_ONLY_RESET_CONTROL_GUID,
+                                        NULL, &data_sz, NULL);
+       /* There is either no such variable in the firmware database, or no
+        * variable storage is supported
+        */
+       if (status == UK_EFI_UNSUPPORTED || status == UK_EFI_NOT_FOUND)
+               return;
+       else if (unlikely(status != UK_EFI_SUCCESS))
+               uk_efi_crash("Failed to get MemoryOverwriteRequestControl variable\n");
+
+       status = uk_efi_rs->set_variable((__s16 *)var_name,
+                                        MEMORY_ONLY_RESET_CONTROL_GUID,
+                                        UK_EFI_VARIABLE_NON_VOLATILE        |
+                                        UK_EFI_VARIABLE_BOOTSERVICE_ACCESS  |
+                                        UK_EFI_VARIABLE_RUNTIME_ACCESS,
+                                        sizeof(enable), &enable);
+       if (unlikely(status != UK_EFI_SUCCESS))
+               uk_efi_crash("Failed to enable reset attack mitigation\n");
+#endif
+}
+
 void __uk_efi_api __noreturn uk_efi_main(uk_efi_hndl_t self_hndl,
                                         struct uk_efi_sys_tbl *sys_tbl)
 {
        uk_efi_init_vars(self_hndl, sys_tbl);
        uk_efi_cls();
        uk_efi_setup_bootinfo();
+       uk_efi_reset_attack_mitigation_enable();
        uk_efi_exit_bs();
 
        /* Jump to arch specific post-EFI entry */

diff --git a/plat/kvm/include/kvm/efi.h b/plat/kvm/include/kvm/efi.h
index 6401c45b4d14c2102cb4603bc94d3faa8fd29c41..0ca3c829a28eac1cfa4484eb7028ed018951ef88 100644 (file)
--- a/plat/kvm/include/kvm/efi.h
+++ b/plat/kvm/include/kvm/efi.h
@@ -40,6 +40,15 @@ enum uk_efi_if_type {
        EFI_NATIVE_INTERFACE
 };
 
+#define UK_EFI_VARIABLE_NON_VOLATILE                           0x00000001
+#define UK_EFI_VARIABLE_BOOTSERVICE_ACCESS                     0x00000002
+#define UK_EFI_VARIABLE_RUNTIME_ACCESS                         0x00000004
+#define UK_EFI_VARIABLE_HARDWARE_ERROR_RECORD                  0x00000008
+#define UK_EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS             0x00000010
+#define UK_EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS  0x00000020
+#define UK_EFI_VARIABLE_APPEND_WRITE                           0x00000040
+#define UK_EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS          0x00000080
+
 #define UK_EFI_PAGE_SHIFT              12
 #define UK_EFI_PAGE_SIZE               (1UL << UK_EFI_PAGE_SHIFT)
 #define UK_EFI_PAGES_MAX               (__U64_MAX >> UK_EFI_PAGE_SHIFT)