From: Hans-Jörg Höxer <hshoexer@genua.de>
Subject: Re: [EXT] Re: AMD SEV: confidential autoconf whitelist
To: <tech@openbsd.org>
Cc: <Hans-Joerg_Hoexer@genua.de>
Date: Tue, 22 Jul 2025 10:58:11 +0200

Hi,

no problem. Everyone thanks for the feedback!

Take care,
HJ.

On Mon, Jul 21, 2025 at 10:31:53AM -0700, Mike Larkin wrote:
> On Mon, Jul 21, 2025 at 11:08:24AM -0400, Dave Voutila wrote:
> > "Theo de Raadt" <deraadt@openbsd.org> writes:
> >
> > > I think this is very ugly.   The idea is basically that a hypervisor
> > > will not screw up these devices:
> > >
> > >> +         /* These are sufficient for running on vmm(4)/vmd(8) */
> > >> +         "mainbus", "cpu", "pvbus", "pvclock", "pci", "virtio", "viornd",
> > >> +         "vio", "vioblk", "scsibus", "sd", "vmmci", "isa", "com",
> > >> +         "softraid", "mpath", "vscsi",
> > >> +         /* These are additionally required for qemu and Linux/KVM */
> > >> +         "ppb", "ioapic", "bios", "acpi", "acpimadt",
> > >
> > > but will screw up all the others, and that's attack surface?
> > >
> > > I don't understand that logic, and I don't like this scheme at all.
> > >
> >
> > Yeah... I think disabling things in the guest is backwards. Devices
> > don't just magically appear without the hypervisor's knowledge so I
> > believe it should be the arbiter of what it provides the guest.
> >
> > Unless I'm missing something here?
> >
> 
> yeah.. not to dogpile here but I also agree this is the wrong approach.
> 
> > >
> > >
> > > Hans-Jörg Höxer <hshoexer@genua.de> wrote:
> > >
> > >> Hi,
> > >>
> > >> When running confidential -- ie. SEV-* is active -- disable all
> > >> autoconf attached devices except a set of white listed devices.
> > >> This is similar to disabling devices using UKC.
> > >>
> > >> Running on a hypervisor puts emphasis on device drives as attack
> > >> surface. Thus we want to reduce that surface in a confidential
> > >> setting.
> > >>
> > >> Take care,
> > >> Hans-Joerg
> > >>
> > >> --
> > >> commit 653bf04dfd955a4b746c556fb1f909d0efde33f8
> > >> Author: Hans-Joerg Hoexer <hshoexer@genua.de>
> > >> Date:   Wed Jul 16 11:45:00 2025 +0200
> > >>
> > >>     AMD SEV: confidential autoconf whitelist
> > >>
> > >>     When running confidential -- ie. SEV-* is active -- disable all
> > >>     autoconf attached devices except a set of white listed devices.
> > >>     This is similar to disabling devices using UKC.
> > >>
> > >>     Running on a hypervisor puts emphasis on device drives as attack
> > >>     surface. Thus we want to reduce that surface in a confidential
> > >>     setting.
> > >>
> > >> diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c
> > >> index 991dd2cbeb6..5fdb3ad08e3 100644
> > >> --- a/sys/arch/amd64/amd64/machdep.c
> > >> +++ b/sys/arch/amd64/amd64/machdep.c
> > >> @@ -276,6 +276,7 @@ void	map_tramps(void);
> > >>  void	init_x86_64(paddr_t);
> > >>  void	(*cpuresetfn)(void);
> > >>  void	enter_shared_special_pages(void);
> > >> +void	filter_autoconf(void);
> > >>
> > >>  #ifdef APERTURE
> > >>  int allowaperture = 0;
> > >> @@ -319,6 +320,8 @@ cpu_startup(void)
> > >>
> > >>  	bufinit();
> > >>
> > >> +	filter_autoconf();
> > >> +
> > >>  	if (boothowto & RB_CONFIG) {
> > >>  #ifdef BOOT_CONFIG
> > >>  		user_config();
> > >> @@ -2212,3 +2215,46 @@ delay_fini(void (*fn)(int))
> > >>  		amd64_delay_quality = 0;
> > >>  	}
> > >>  }
> > >> +
> > >> +/*
> > >> + * When running confidential, enable only trusted device drivers.
> > >> + */
> > >> +void
> > >> +filter_autoconf(void)
> > >> +{
> > >> +	int i, j, disable;
> > >> +	const char *wlist[] = {
> > >> +	    /* These are sufficient for running on vmm(4)/vmd(8) */
> > >> +	    "mainbus", "cpu", "pvbus", "pvclock", "pci", "virtio", "viornd",
> > >> +	    "vio", "vioblk", "scsibus", "sd", "vmmci", "isa", "com",
> > >> +	    "softraid", "mpath", "vscsi",
> > >> +	    /* These are additionally required for qemu and Linux/KVM */
> > >> +	    "ppb", "ioapic", "bios", "acpi", "acpimadt",
> > >> +	    NULL };
> > >> +
> > >> +	if (!ISSET(cpu_sev_guestmode, SEV_STAT_ENABLED))
> > >> +		return;
> > >> +
> > >> +	i = 0;
> > >> +	while (cfdata[i].cf_attach != NULL) {
> > >> +		j = 0;
> > >> +		disable = 1;
> > >> +		while (wlist[j] != NULL) {
> > >> +			if (strcmp(wlist[j], cfdata[i].cf_driver->cd_name)
> > >> +			    == 0) {
> > >> +				disable = 0;
> > >> +				break;
> > >> +			}
> > >> +			j++;
> > >> +		}
> > >> +		if (!disable) {
> > >> +			i++;
> > >> +			continue;
> > >> +		}
> > >> +		if (cfdata[i].cf_fstate == FSTATE_NOTFOUND)
> > >> +			cfdata[i].cf_fstate = FSTATE_DNOTFOUND;
> > >> +		if (cfdata[i].cf_fstate == FSTATE_STAR)
> > >> +			cfdata[i].cf_fstate = FSTATE_DSTAR;
> > >> +		i++;
> > >> +	}
> > >> +}
> >
>