From: "Theo de Raadt" <deraadt@openbsd.org>
Subject: Re: AMD SEV: confidential autoconf whitelist
To: tech@openbsd.org
Date: Mon, 21 Jul 2025 08:09:22 -0600

I think this is very ugly.   The idea is basically that a hypervisor
will not screw up these devices:

> +         /* These are sufficient for running on vmm(4)/vmd(8) */
> +         "mainbus", "cpu", "pvbus", "pvclock", "pci", "virtio", "viornd",
> +         "vio", "vioblk", "scsibus", "sd", "vmmci", "isa", "com",
> +         "softraid", "mpath", "vscsi",
> +         /* These are additionally required for qemu and Linux/KVM */
> +         "ppb", "ioapic", "bios", "acpi", "acpimadt",

but will screw up all the others, and that's attack surface?

I don't understand that logic, and I don't like this scheme at all.



Hans-Jörg Höxer <hshoexer@genua.de> wrote:

> Hi,
> 
> When running confidential -- ie. SEV-* is active -- disable all
> autoconf attached devices except a set of white listed devices.
> This is similar to disabling devices using UKC.
>     
> Running on a hypervisor puts emphasis on device drives as attack
> surface. Thus we want to reduce that surface in a confidential
> setting.
> 
> Take care,
> Hans-Joerg
> 
> -- 
> commit 653bf04dfd955a4b746c556fb1f909d0efde33f8
> Author: Hans-Joerg Hoexer <hshoexer@genua.de>
> Date:   Wed Jul 16 11:45:00 2025 +0200
> 
>     AMD SEV: confidential autoconf whitelist
>     
>     When running confidential -- ie. SEV-* is active -- disable all
>     autoconf attached devices except a set of white listed devices.
>     This is similar to disabling devices using UKC.
>     
>     Running on a hypervisor puts emphasis on device drives as attack
>     surface. Thus we want to reduce that surface in a confidential
>     setting.
> 
> diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c
> index 991dd2cbeb6..5fdb3ad08e3 100644
> --- a/sys/arch/amd64/amd64/machdep.c
> +++ b/sys/arch/amd64/amd64/machdep.c
> @@ -276,6 +276,7 @@ void	map_tramps(void);
>  void	init_x86_64(paddr_t);
>  void	(*cpuresetfn)(void);
>  void	enter_shared_special_pages(void);
> +void	filter_autoconf(void);
>  
>  #ifdef APERTURE
>  int allowaperture = 0;
> @@ -319,6 +320,8 @@ cpu_startup(void)
>  
>  	bufinit();
>  
> +	filter_autoconf();
> +
>  	if (boothowto & RB_CONFIG) {
>  #ifdef BOOT_CONFIG
>  		user_config();
> @@ -2212,3 +2215,46 @@ delay_fini(void (*fn)(int))
>  		amd64_delay_quality = 0;
>  	}
>  }
> +
> +/*
> + * When running confidential, enable only trusted device drivers.
> + */
> +void
> +filter_autoconf(void)
> +{
> +	int i, j, disable;
> +	const char *wlist[] = {
> +	    /* These are sufficient for running on vmm(4)/vmd(8) */
> +	    "mainbus", "cpu", "pvbus", "pvclock", "pci", "virtio", "viornd",
> +	    "vio", "vioblk", "scsibus", "sd", "vmmci", "isa", "com",
> +	    "softraid", "mpath", "vscsi",
> +	    /* These are additionally required for qemu and Linux/KVM */
> +	    "ppb", "ioapic", "bios", "acpi", "acpimadt",
> +	    NULL };
> +
> +	if (!ISSET(cpu_sev_guestmode, SEV_STAT_ENABLED))
> +		return;
> +
> +	i = 0;
> +	while (cfdata[i].cf_attach != NULL) {
> +		j = 0;
> +		disable = 1;
> +		while (wlist[j] != NULL) {
> +			if (strcmp(wlist[j], cfdata[i].cf_driver->cd_name)
> +			    == 0) {
> +				disable = 0;
> +				break;
> +			}
> +			j++;
> +		}
> +		if (!disable) {
> +			i++;
> +			continue;
> +		}
> +		if (cfdata[i].cf_fstate == FSTATE_NOTFOUND)
> +			cfdata[i].cf_fstate = FSTATE_DNOTFOUND;
> +		if (cfdata[i].cf_fstate == FSTATE_STAR)
> +			cfdata[i].cf_fstate = FSTATE_DSTAR;
> +		i++;
> +	}
> +}