Download raw body.
On Mon, Jul 21, 2025 at 11:08:24AM -0400, Dave Voutila wrote:
> "Theo de Raadt" <deraadt@openbsd.org> writes:
>
> > I think this is very ugly. The idea is basically that a hypervisor
> > will not screw up these devices:
> >
> >> + /* These are sufficient for running on vmm(4)/vmd(8) */
> >> + "mainbus", "cpu", "pvbus", "pvclock", "pci", "virtio", "viornd",
> >> + "vio", "vioblk", "scsibus", "sd", "vmmci", "isa", "com",
> >> + "softraid", "mpath", "vscsi",
> >> + /* These are additionally required for qemu and Linux/KVM */
> >> + "ppb", "ioapic", "bios", "acpi", "acpimadt",
> >
> > but will screw up all the others, and that's attack surface?
> >
> > I don't understand that logic, and I don't like this scheme at all.
> >
>
> Yeah... I think disabling things in the guest is backwards. Devices
> don't just magically appear without the hypervisor's knowledge so I
> believe it should be the arbiter of what it provides the guest.
>
> Unless I'm missing something here?
>
yeah.. not to dogpile here but I also agree this is the wrong approach.
> >
> >
> > Hans-Jörg Höxer <hshoexer@genua.de> wrote:
> >
> >> Hi,
> >>
> >> When running confidential -- ie. SEV-* is active -- disable all
> >> autoconf attached devices except a set of white listed devices.
> >> This is similar to disabling devices using UKC.
> >>
> >> Running on a hypervisor puts emphasis on device drives as attack
> >> surface. Thus we want to reduce that surface in a confidential
> >> setting.
> >>
> >> Take care,
> >> Hans-Joerg
> >>
> >> --
> >> commit 653bf04dfd955a4b746c556fb1f909d0efde33f8
> >> Author: Hans-Joerg Hoexer <hshoexer@genua.de>
> >> Date: Wed Jul 16 11:45:00 2025 +0200
> >>
> >> AMD SEV: confidential autoconf whitelist
> >>
> >> When running confidential -- ie. SEV-* is active -- disable all
> >> autoconf attached devices except a set of white listed devices.
> >> This is similar to disabling devices using UKC.
> >>
> >> Running on a hypervisor puts emphasis on device drives as attack
> >> surface. Thus we want to reduce that surface in a confidential
> >> setting.
> >>
> >> diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c
> >> index 991dd2cbeb6..5fdb3ad08e3 100644
> >> --- a/sys/arch/amd64/amd64/machdep.c
> >> +++ b/sys/arch/amd64/amd64/machdep.c
> >> @@ -276,6 +276,7 @@ void map_tramps(void);
> >> void init_x86_64(paddr_t);
> >> void (*cpuresetfn)(void);
> >> void enter_shared_special_pages(void);
> >> +void filter_autoconf(void);
> >>
> >> #ifdef APERTURE
> >> int allowaperture = 0;
> >> @@ -319,6 +320,8 @@ cpu_startup(void)
> >>
> >> bufinit();
> >>
> >> + filter_autoconf();
> >> +
> >> if (boothowto & RB_CONFIG) {
> >> #ifdef BOOT_CONFIG
> >> user_config();
> >> @@ -2212,3 +2215,46 @@ delay_fini(void (*fn)(int))
> >> amd64_delay_quality = 0;
> >> }
> >> }
> >> +
> >> +/*
> >> + * When running confidential, enable only trusted device drivers.
> >> + */
> >> +void
> >> +filter_autoconf(void)
> >> +{
> >> + int i, j, disable;
> >> + const char *wlist[] = {
> >> + /* These are sufficient for running on vmm(4)/vmd(8) */
> >> + "mainbus", "cpu", "pvbus", "pvclock", "pci", "virtio", "viornd",
> >> + "vio", "vioblk", "scsibus", "sd", "vmmci", "isa", "com",
> >> + "softraid", "mpath", "vscsi",
> >> + /* These are additionally required for qemu and Linux/KVM */
> >> + "ppb", "ioapic", "bios", "acpi", "acpimadt",
> >> + NULL };
> >> +
> >> + if (!ISSET(cpu_sev_guestmode, SEV_STAT_ENABLED))
> >> + return;
> >> +
> >> + i = 0;
> >> + while (cfdata[i].cf_attach != NULL) {
> >> + j = 0;
> >> + disable = 1;
> >> + while (wlist[j] != NULL) {
> >> + if (strcmp(wlist[j], cfdata[i].cf_driver->cd_name)
> >> + == 0) {
> >> + disable = 0;
> >> + break;
> >> + }
> >> + j++;
> >> + }
> >> + if (!disable) {
> >> + i++;
> >> + continue;
> >> + }
> >> + if (cfdata[i].cf_fstate == FSTATE_NOTFOUND)
> >> + cfdata[i].cf_fstate = FSTATE_DNOTFOUND;
> >> + if (cfdata[i].cf_fstate == FSTATE_STAR)
> >> + cfdata[i].cf_fstate = FSTATE_DSTAR;
> >> + i++;
> >> + }
> >> +}
>