Mailing List Archive

> Date: Tue, 9 Sep 2025 11:42:38 +0200 > From: Hans-Jörg Höxer <hshoexer@genua.de> > > Hi, Hey, > this is an updated diff that works well on vmd/vmm and linux/kvm hosts > with SEV-ES enabled guests. > > The previous discussion raised some questions, thanks for your input! > All in all we came to the conclusion to proceed with this approach. > > ok? Sorry, still a few comments. > Take care, > HJ. > ------------------------------------------------------------------------- > > commit 576036aa72fef155f1584690fab5bdfe018672b8 > Author: Hans-Joerg Hoexer <hshoexer@genua.de> > Date: Sat Aug 2 12:58:50 2025 +0200 > > Whitelist devices in cfdrive for use when SEV is enabled > > Skip devices, that are not flagged for use with SEV. Hook into > config_search() and isascan(). > > diff --git a/sys/arch/amd64/amd64/bios.c b/sys/arch/amd64/amd64/bios.c > index 3a264d09d5b..15dec870ba6 100644 > --- a/sys/arch/amd64/amd64/bios.c > +++ b/sys/arch/amd64/amd64/bios.c > @@ -50,7 +50,7 @@ const struct cfattach bios_ca = { > }; > > struct cfdriver bios_cd = { > - NULL, "bios", DV_DULL > + NULL, "bios", DV_DULL, CD_COCOVM > }; > > struct smbios_entry smbios_entry; > diff --git a/sys/arch/amd64/amd64/cpu.c b/sys/arch/amd64/amd64/cpu.c > index 1287c610344..b8ad479cefa 100644 > --- a/sys/arch/amd64/amd64/cpu.c > +++ b/sys/arch/amd64/amd64/cpu.c > @@ -445,7 +445,7 @@ const struct cfattach cpu_ca = { > }; > > struct cfdriver cpu_cd = { > - NULL, "cpu", DV_DULL > + NULL, "cpu", DV_DULL, CD_COCOVM > }; > > /* > diff --git a/sys/arch/amd64/amd64/ioapic.c b/sys/arch/amd64/amd64/ioapic.c > index 9989fdfeb29..40af6c4154d 100644 > --- a/sys/arch/amd64/amd64/ioapic.c > +++ b/sys/arch/amd64/amd64/ioapic.c > @@ -231,7 +231,7 @@ const struct cfattach ioapic_ca = { > }; > > struct cfdriver ioapic_cd = { > - NULL, "ioapic", DV_DULL > + NULL, "ioapic", DV_DULL, CD_COCOVM > }; > > int > diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c > index 3462ac54559..7c540328d98 100644 > --- a/sys/arch/amd64/amd64/machdep.c > +++ b/sys/arch/amd64/amd64/machdep.c > @@ -1474,6 +1474,8 @@ init_x86_64(paddr_t first_avail) > cpu_init_early_vctrap(first_avail); > first_avail += 2 * NBPG; > } > + if (ISSET(cpu_sev_guestmode, SEV_STAT_ENABLED)) > + boothowto |= RB_COCOVM; > > /* > * locore0 mapped 3 pages for use before the pmap is initialized > diff --git a/sys/arch/amd64/amd64/mainbus.c b/sys/arch/amd64/amd64/mainbus.c > index 030f0b1212f..f77a67f5517 100644 > --- a/sys/arch/amd64/amd64/mainbus.c > +++ b/sys/arch/amd64/amd64/mainbus.c > @@ -83,7 +83,7 @@ const struct cfattach mainbus_ca = { > }; > > struct cfdriver mainbus_cd = { > - NULL, "mainbus", DV_DULL > + NULL, "mainbus", DV_DULL, CD_COCOVM > }; > > int mainbus_print(void *, const char *); > diff --git a/sys/arch/amd64/pci/acpipci.c b/sys/arch/amd64/pci/acpipci.c > index 5b07e2d3aba..81d8ad3ced0 100644 > --- a/sys/arch/amd64/pci/acpipci.c > +++ b/sys/arch/amd64/pci/acpipci.c > @@ -76,7 +76,7 @@ const struct cfattach acpipci_ca = { > }; > > struct cfdriver acpipci_cd = { > - NULL, "acpipci", DV_DULL > + NULL, "acpipci", DV_DULL, CD_COCOVM > }; > > const char *acpipci_hids[] = { > diff --git a/sys/arch/amd64/pci/pchb.c b/sys/arch/amd64/pci/pchb.c > index 9b10011e2db..eb06df06b19 100644 > --- a/sys/arch/amd64/pci/pchb.c > +++ b/sys/arch/amd64/pci/pchb.c > @@ -122,7 +122,7 @@ const struct cfattach pchb_ca = { > }; > > struct cfdriver pchb_cd = { > - NULL, "pchb", DV_DULL > + NULL, "pchb", DV_DULL, CD_COCOVM > }; > > int pchb_print(void *, const char *); > diff --git a/sys/dev/acpi/acpi.c b/sys/dev/acpi/acpi.c > index 7bcf56cab49..bb3645528c9 100644 > --- a/sys/dev/acpi/acpi.c > +++ b/sys/dev/acpi/acpi.c > @@ -184,7 +184,7 @@ struct acpi_softc *acpi_softc; > extern struct aml_node aml_root; > > struct cfdriver acpi_cd = { > - NULL, "acpi", DV_DULL > + NULL, "acpi", DV_DULL, CD_COCOVM > }; I still think that by including acpi(4) in the list of allowed drivers you have included the driver with the largest possible attack surface. And our the AML interpreter code certainly isn't the best quality code in our tree. > uint8_t > diff --git a/sys/dev/acpi/acpicmos.c b/sys/dev/acpi/acpicmos.c > index 6e424e26530..068787c1922 100644 > --- a/sys/dev/acpi/acpicmos.c > +++ b/sys/dev/acpi/acpicmos.c > @@ -37,7 +37,7 @@ const struct cfattach acpicmos_ca = { > }; > > struct cfdriver acpicmos_cd = { > - NULL, "acpicmos", DV_DULL > + NULL, "acpicmos", DV_DULL, CD_COCOVM > }; > > const char *acpicmos_hids[] = { > diff --git a/sys/dev/acpi/acpicpu_x86.c b/sys/dev/acpi/acpicpu_x86.c > index 15f0ceeaeae..a5ddc55b1b3 100644 > --- a/sys/dev/acpi/acpicpu_x86.c > +++ b/sys/dev/acpi/acpicpu_x86.c > @@ -183,7 +183,7 @@ const struct cfattach acpicpu_ca = { > }; > > struct cfdriver acpicpu_cd = { > - NULL, "acpicpu", DV_DULL > + NULL, "acpicpu", DV_DULL, CD_COCOVM > }; > > const char *acpicpu_hids[] = { > diff --git a/sys/dev/acpi/acpihpet.c b/sys/dev/acpi/acpihpet.c > index dd992132678..dd25309c1c5 100644 > --- a/sys/dev/acpi/acpihpet.c > +++ b/sys/dev/acpi/acpihpet.c > @@ -79,7 +79,7 @@ const struct cfattach acpihpet_ca = { > }; > > struct cfdriver acpihpet_cd = { > - NULL, "acpihpet", DV_DULL > + NULL, "acpihpet", DV_DULL, CD_COCOVM > }; > > uint64_t > diff --git a/sys/dev/acpi/acpimadt.c b/sys/dev/acpi/acpimadt.c > index 3faed32b355..6359ffd925b 100644 > --- a/sys/dev/acpi/acpimadt.c > +++ b/sys/dev/acpi/acpimadt.c > @@ -48,7 +48,7 @@ const struct cfattach acpimadt_ca = { > }; > > struct cfdriver acpimadt_cd = { > - NULL, "acpimadt", DV_DULL > + NULL, "acpimadt", DV_DULL, CD_COCOVM > }; > > int acpimadt_validate(struct acpi_madt *); > diff --git a/sys/dev/acpi/acpimcfg.c b/sys/dev/acpi/acpimcfg.c > index f3e520882aa..b7df8a297a0 100644 > --- a/sys/dev/acpi/acpimcfg.c > +++ b/sys/dev/acpi/acpimcfg.c > @@ -31,7 +31,7 @@ const struct cfattach acpimcfg_ca = { > }; > > struct cfdriver acpimcfg_cd = { > - NULL, "acpimcfg", DV_DULL > + NULL, "acpimcfg", DV_DULL, CD_COCOVM > }; > > int > diff --git a/sys/dev/acpi/acpiprt.c b/sys/dev/acpi/acpiprt.c > index 39de79dcfca..1011ec68600 100644 > --- a/sys/dev/acpi/acpiprt.c > +++ b/sys/dev/acpi/acpiprt.c > @@ -77,7 +77,7 @@ const struct cfattach acpiprt_ca = { > }; > > struct cfdriver acpiprt_cd = { > - NULL, "acpiprt", DV_DULL > + NULL, "acpiprt", DV_DULL, CD_COCOVM > }; > > void acpiprt_prt_add(struct acpiprt_softc *, struct aml_value *); > diff --git a/sys/dev/acpi/acpitimer.c b/sys/dev/acpi/acpitimer.c > index 11a8b9eccf3..498146a592e 100644 > --- a/sys/dev/acpi/acpitimer.c > +++ b/sys/dev/acpi/acpitimer.c > @@ -55,7 +55,7 @@ const struct cfattach acpitimer_ca = { > }; > > struct cfdriver acpitimer_cd = { > - NULL, "acpitimer", DV_DULL > + NULL, "acpitimer", DV_DULL, CD_COCOVM > }; > > int > diff --git a/sys/dev/efi/efi.c b/sys/dev/efi/efi.c > index 43a774253fa..e600a3b1e47 100644 > --- a/sys/dev/efi/efi.c > +++ b/sys/dev/efi/efi.c > @@ -24,7 +24,7 @@ > #include <machine/efivar.h> > > struct cfdriver efi_cd = { > - NULL, "efi", DV_DULL > + NULL, "efi", DV_DULL, CD_COCOVM > }; What do you need efi(4) for? This driver will potentilly make runtime services calls that run code provided by the firmware. This is done with a somewhat restricted pmap. But the contents of that pmap are determined by the memory map provided by the firmware. > int efiioc_get_table(struct efi_softc *sc, void *); > diff --git a/sys/dev/ic/com.c b/sys/dev/ic/com.c > index dd45e3c901c..da29f82243b 100644 > --- a/sys/dev/ic/com.c > +++ b/sys/dev/ic/com.c > @@ -96,7 +96,7 @@ void compwroff(struct com_softc *); > void cominit(bus_space_tag_t, bus_space_handle_t, int, int); > > struct cfdriver com_cd = { > - NULL, "com", DV_TTY > + NULL, "com", DV_TTY, CD_COCOVM > }; > > int comdefaultrate = TTYDEF_SPEED; > diff --git a/sys/dev/isa/isa.c b/sys/dev/isa/isa.c > index 2d11dc33a84..2a799f8a82a 100644 > --- a/sys/dev/isa/isa.c > +++ b/sys/dev/isa/isa.c > @@ -62,6 +62,7 @@ > #include <sys/malloc.h> > #include <sys/device.h> > #include <sys/extent.h> > +#include <sys/reboot.h> > > #include <dev/isa/isareg.h> > #include <dev/isa/isavar.h> > @@ -84,7 +85,7 @@ const struct cfattach isa_ca = { > }; > > struct cfdriver isa_cd = { > - NULL, "isa", DV_DULL, CD_INDIRECT > + NULL, "isa", DV_DULL, CD_INDIRECT | CD_COCOVM > }; > > int > @@ -218,6 +219,10 @@ isascan(struct device *parent, void *match) > ia.ipa_ndrq = 2; > ia.ia_delaybah = sc->sc_delaybah; > > + if (ISSET(boothowto, RB_COCOVM) && > + !ISSET(cf->cf_driver->cd_mode, CD_COCOVM)) > + return; > + > if (cf->cf_fstate == FSTATE_STAR) { > struct isa_attach_args ia2 = ia; > > diff --git a/sys/dev/pci/pci.c b/sys/dev/pci/pci.c > index c0376842914..d7601dd976e 100644 > --- a/sys/dev/pci/pci.c > +++ b/sys/dev/pci/pci.c > @@ -90,7 +90,7 @@ const struct cfattach pci_ca = { > }; > > struct cfdriver pci_cd = { > - NULL, "pci", DV_DULL > + NULL, "pci", DV_DULL, CD_COCOVM > }; > > int pci_ndomains; > diff --git a/sys/dev/pci/ppb.c b/sys/dev/pci/ppb.c > index cf7cb120cc1..f6ab05f9168 100644 > --- a/sys/dev/pci/ppb.c > +++ b/sys/dev/pci/ppb.c > @@ -113,7 +113,7 @@ const struct cfattach ppb_ca = { > }; > > struct cfdriver ppb_cd = { > - NULL, "ppb", DV_DULL > + NULL, "ppb", DV_DULL, CD_COCOVM > }; > > void ppb_alloc_busrange(struct ppb_softc *, struct pci_attach_args *, > diff --git a/sys/dev/pv/if_vio.c b/sys/dev/pv/if_vio.c > index a94945a8ea0..458f98c6a7a 100644 > --- a/sys/dev/pv/if_vio.c > +++ b/sys/dev/pv/if_vio.c > @@ -382,7 +382,7 @@ const struct cfattach vio_ca = { > }; > > struct cfdriver vio_cd = { > - NULL, "vio", DV_IFNET > + NULL, "vio", DV_IFNET, CD_COCOVM > }; > > int > diff --git a/sys/dev/pv/pvbus.c b/sys/dev/pv/pvbus.c > index 165fcc9fbff..a482072de4b 100644 > --- a/sys/dev/pv/pvbus.c > +++ b/sys/dev/pv/pvbus.c > @@ -68,7 +68,8 @@ const struct cfattach pvbus_ca = { > struct cfdriver pvbus_cd = { > NULL, > "pvbus", > - DV_DULL > + DV_DULL, > + CD_COCOVM > }; > > struct pvbus_type { > diff --git a/sys/dev/pv/pvclock.c b/sys/dev/pv/pvclock.c > index 89eff0ce248..fd69960ddda 100644 > --- a/sys/dev/pv/pvclock.c > +++ b/sys/dev/pv/pvclock.c > @@ -125,7 +125,8 @@ const struct cfattach pvclock_ca = { > struct cfdriver pvclock_cd = { > NULL, > "pvclock", > - DV_DULL > + DV_DULL, > + CD_COCOVM > }; > > struct timecounter pvclock_timecounter = { > diff --git a/sys/dev/pv/vioblk.c b/sys/dev/pv/vioblk.c > index 7f7a518332f..761ce73a847 100644 > --- a/sys/dev/pv/vioblk.c > +++ b/sys/dev/pv/vioblk.c > @@ -146,7 +146,7 @@ const struct cfattach vioblk_ca = { > }; > > struct cfdriver vioblk_cd = { > - NULL, "vioblk", DV_DULL > + NULL, "vioblk", DV_DULL, CD_COCOVM > }; > > const struct scsi_adapter vioblk_switch = { > diff --git a/sys/dev/pv/viocon.c b/sys/dev/pv/viocon.c > index 95a1e875579..1d24074c54d 100644 > --- a/sys/dev/pv/viocon.c > +++ b/sys/dev/pv/viocon.c > @@ -144,7 +144,7 @@ const struct cfattach viocon_ca = { > }; > > struct cfdriver viocon_cd = { > - NULL, "viocon", DV_TTY > + NULL, "viocon", DV_TTY, CD_COCOVM > }; > > static inline struct viocon_softc * > diff --git a/sys/dev/pv/viornd.c b/sys/dev/pv/viornd.c > index 484f7ce1be0..9eeb6115f3e 100644 > --- a/sys/dev/pv/viornd.c > +++ b/sys/dev/pv/viornd.c > @@ -66,7 +66,7 @@ const struct cfattach viornd_ca = { > }; > > struct cfdriver viornd_cd = { > - NULL, "viornd", DV_DULL > + NULL, "viornd", DV_DULL, CD_COCOVM > }; > > int > diff --git a/sys/dev/pv/virtio.c b/sys/dev/pv/virtio.c > index ac0432dc9f9..4a8d140f797 100644 > --- a/sys/dev/pv/virtio.c > +++ b/sys/dev/pv/virtio.c > @@ -48,7 +48,7 @@ void vq_free_entry(struct virtqueue *, struct vq_entry *); > struct vq_entry *vq_alloc_entry(struct virtqueue *); > > struct cfdriver virtio_cd = { > - NULL, "virtio", DV_DULL > + NULL, "virtio", DV_DULL, CD_COCOVM > }; > > static const char * const virtio_device_name[] = { > diff --git a/sys/dev/pv/vmmci.c b/sys/dev/pv/vmmci.c > index 984626393cd..18930c62766 100644 > --- a/sys/dev/pv/vmmci.c > +++ b/sys/dev/pv/vmmci.c > @@ -72,7 +72,7 @@ const struct cfattach vmmci_ca = { > #define VMMCI_F_SYNCRTC (1ULL<<2) > > struct cfdriver vmmci_cd = { > - NULL, "vmmci", DV_DULL > + NULL, "vmmci", DV_DULL, CD_COCOVM > }; > > int > diff --git a/sys/dev/softraid.c b/sys/dev/softraid.c > index c10ebeaaa93..41929692397 100644 > --- a/sys/dev/softraid.c > +++ b/sys/dev/softraid.c > @@ -88,7 +88,7 @@ const struct cfattach softraid_ca = { > }; > > struct cfdriver softraid_cd = { > - NULL, "softraid", DV_DULL > + NULL, "softraid", DV_DULL, CD_COCOVM > }; > > /* scsi & discipline */ > diff --git a/sys/dev/vscsi.c b/sys/dev/vscsi.c > index 31885a6b9c9..2e2deb25b1f 100644 > --- a/sys/dev/vscsi.c > +++ b/sys/dev/vscsi.c > @@ -89,7 +89,8 @@ const struct cfattach vscsi_ca = { > struct cfdriver vscsi_cd = { > NULL, > "vscsi", > - DV_DULL > + DV_DULL, > + CD_COCOVM > }; > > void vscsi_cmd(struct scsi_xfer *); > diff --git a/sys/kern/subr_autoconf.c b/sys/kern/subr_autoconf.c > index 41633140dc6..eec9eef15ce 100644 > --- a/sys/kern/subr_autoconf.c > +++ b/sys/kern/subr_autoconf.c > @@ -216,6 +216,9 @@ config_search(cfmatch_t fn, struct device *parent, void *aux) > if (cf->cf_driver->cd_class == DV_TAPE) > continue; > } > + if (ISSET(boothowto, RB_COCOVM) && > + !ISSET(cf->cf_driver->cd_mode, CD_COCOVM)) > + continue; > for (p = cf->cf_parents; *p >= 0; p++) > if (parent->dv_cfdata == &cfdata[*p]) > mapply(&m, cf); > diff --git a/sys/scsi/mpath.c b/sys/scsi/mpath.c > index c94a4ff5cf7..090c78c35f1 100644 > --- a/sys/scsi/mpath.c > +++ b/sys/scsi/mpath.c > @@ -79,7 +79,8 @@ const struct cfattach mpath_ca = { > struct cfdriver mpath_cd = { > NULL, > "mpath", > - DV_DULL > + DV_DULL, > + CD_COCOVM > }; > > void mpath_cmd(struct scsi_xfer *); > diff --git a/sys/scsi/scsiconf.c b/sys/scsi/scsiconf.c > index 495020a23a3..2f9ab1b15d0 100644 > --- a/sys/scsi/scsiconf.c > +++ b/sys/scsi/scsiconf.c > @@ -102,7 +102,7 @@ const struct cfattach scsibus_ca = { > }; > > struct cfdriver scsibus_cd = { > - NULL, "scsibus", DV_DULL > + NULL, "scsibus", DV_DULL, CD_COCOVM > }; > > struct scsi_quirk_inquiry_pattern { > diff --git a/sys/scsi/sd.c b/sys/scsi/sd.c > index 9b02314c679..085ad01cd78 100644 > --- a/sys/scsi/sd.c > +++ b/sys/scsi/sd.c > @@ -116,7 +116,7 @@ const struct cfattach sd_ca = { > }; > > struct cfdriver sd_cd = { > - NULL, "sd", DV_DISK > + NULL, "sd", DV_DISK, CD_COCOVM > }; > > const struct scsi_inquiry_pattern sd_patterns[] = { > diff --git a/sys/sys/device.h b/sys/sys/device.h > index 5dccec16cf8..2c4171017ec 100644 > --- a/sys/sys/device.h > +++ b/sys/sys/device.h > @@ -139,6 +139,7 @@ struct cfattach { > /* For cd_mode, below */ > #define CD_INDIRECT 1 > #define CD_SKIPHIBERNATE 2 > +#define CD_COCOVM 4 VMs defenitely taste better with chocolate, but can we maybe have a comment here as well like you have for RB_COCOVM? > struct cfdriver { > void **cd_devs; /* devices found */ > diff --git a/sys/sys/reboot.h b/sys/sys/reboot.h > index bf3e7f82680..1998f21691b 100644 > --- a/sys/sys/reboot.h > +++ b/sys/sys/reboot.h > @@ -59,6 +59,7 @@ > #define RB_RESET 0x08000 /* just reset, no cleanup */ > #define RB_GOODRANDOM 0x10000 /* excellent random seed loaded */ > #define RB_UNHIBERNATE 0x20000 /* unhibernate */ > +#define RB_COCOVM 0x40000 /* VM booting with SEV enabled */ > > /* > * Constants for converting boot-style device number to type, > > [2:application/pkcs7-signature Show Save:smime.p7s (5kB)] >

2025-07-21 14:16 Theo de Raadt:
AMD SEV: confidential autoconf whitelist
2025-09-09 09:42 Hans-Jörg Höxer:
AMD SEV: confidential autoconf whitelist
- 2025-09-09 11:20 Mark Kettenis:
  AMD SEV: confidential autoconf whitelist
- - 2025-09-09 16:07 Hans-Jörg Höxer:
    [EXT] Re: AMD SEV: confidential autoconf whitelist
  - - 2025-09-11 18:23 Alexander Bluhm:
      [EXT] Re: AMD SEV: confidential autoconf whitelist