From: Mike Larkin Subject: Re: AMD SEV: confidential autoconf whitelist To: Dave Voutila Cc: tech@openbsd.org Date: Mon, 21 Jul 2025 10:31:53 -0700 On Mon, Jul 21, 2025 at 11:08:24AM -0400, Dave Voutila wrote: > "Theo de Raadt" writes: > > > I think this is very ugly. The idea is basically that a hypervisor > > will not screw up these devices: > > > >> + /* These are sufficient for running on vmm(4)/vmd(8) */ > >> + "mainbus", "cpu", "pvbus", "pvclock", "pci", "virtio", "viornd", > >> + "vio", "vioblk", "scsibus", "sd", "vmmci", "isa", "com", > >> + "softraid", "mpath", "vscsi", > >> + /* These are additionally required for qemu and Linux/KVM */ > >> + "ppb", "ioapic", "bios", "acpi", "acpimadt", > > > > but will screw up all the others, and that's attack surface? > > > > I don't understand that logic, and I don't like this scheme at all. > > > > Yeah... I think disabling things in the guest is backwards. Devices > don't just magically appear without the hypervisor's knowledge so I > believe it should be the arbiter of what it provides the guest. > > Unless I'm missing something here? > yeah.. not to dogpile here but I also agree this is the wrong approach. > > > > > > Hans-Jörg Höxer wrote: > > > >> Hi, > >> > >> When running confidential -- ie. SEV-* is active -- disable all > >> autoconf attached devices except a set of white listed devices. > >> This is similar to disabling devices using UKC. > >> > >> Running on a hypervisor puts emphasis on device drives as attack > >> surface. Thus we want to reduce that surface in a confidential > >> setting. > >> > >> Take care, > >> Hans-Joerg > >> > >> -- > >> commit 653bf04dfd955a4b746c556fb1f909d0efde33f8 > >> Author: Hans-Joerg Hoexer > >> Date: Wed Jul 16 11:45:00 2025 +0200 > >> > >> AMD SEV: confidential autoconf whitelist > >> > >> When running confidential -- ie. SEV-* is active -- disable all > >> autoconf attached devices except a set of white listed devices. > >> This is similar to disabling devices using UKC. > >> > >> Running on a hypervisor puts emphasis on device drives as attack > >> surface. Thus we want to reduce that surface in a confidential > >> setting. > >> > >> diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c > >> index 991dd2cbeb6..5fdb3ad08e3 100644 > >> --- a/sys/arch/amd64/amd64/machdep.c > >> +++ b/sys/arch/amd64/amd64/machdep.c > >> @@ -276,6 +276,7 @@ void map_tramps(void); > >> void init_x86_64(paddr_t); > >> void (*cpuresetfn)(void); > >> void enter_shared_special_pages(void); > >> +void filter_autoconf(void); > >> > >> #ifdef APERTURE > >> int allowaperture = 0; > >> @@ -319,6 +320,8 @@ cpu_startup(void) > >> > >> bufinit(); > >> > >> + filter_autoconf(); > >> + > >> if (boothowto & RB_CONFIG) { > >> #ifdef BOOT_CONFIG > >> user_config(); > >> @@ -2212,3 +2215,46 @@ delay_fini(void (*fn)(int)) > >> amd64_delay_quality = 0; > >> } > >> } > >> + > >> +/* > >> + * When running confidential, enable only trusted device drivers. > >> + */ > >> +void > >> +filter_autoconf(void) > >> +{ > >> + int i, j, disable; > >> + const char *wlist[] = { > >> + /* These are sufficient for running on vmm(4)/vmd(8) */ > >> + "mainbus", "cpu", "pvbus", "pvclock", "pci", "virtio", "viornd", > >> + "vio", "vioblk", "scsibus", "sd", "vmmci", "isa", "com", > >> + "softraid", "mpath", "vscsi", > >> + /* These are additionally required for qemu and Linux/KVM */ > >> + "ppb", "ioapic", "bios", "acpi", "acpimadt", > >> + NULL }; > >> + > >> + if (!ISSET(cpu_sev_guestmode, SEV_STAT_ENABLED)) > >> + return; > >> + > >> + i = 0; > >> + while (cfdata[i].cf_attach != NULL) { > >> + j = 0; > >> + disable = 1; > >> + while (wlist[j] != NULL) { > >> + if (strcmp(wlist[j], cfdata[i].cf_driver->cd_name) > >> + == 0) { > >> + disable = 0; > >> + break; > >> + } > >> + j++; > >> + } > >> + if (!disable) { > >> + i++; > >> + continue; > >> + } > >> + if (cfdata[i].cf_fstate == FSTATE_NOTFOUND) > >> + cfdata[i].cf_fstate = FSTATE_DNOTFOUND; > >> + if (cfdata[i].cf_fstate == FSTATE_STAR) > >> + cfdata[i].cf_fstate = FSTATE_DSTAR; > >> + i++; > >> + } > >> +} >