Re: [PATCH 3/5] x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path

From: Joerg Roedel
Date: Tue Oct 20 2020 - 05:00:05 EST

Next message: SeongJae Park: "[PATCH v22 00/18] Introduce Data Access MONitor (DAMON)"
Previous message: Andy Shevchenko: "Re: [PATCH v6 3/6] drivers: hwmon: Add the iEi WT61P803 PUZZLE HWMON driver"
In reply to: Arvind Sankar: "Re: [PATCH 3/5] x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path"
Next in thread: Arvind Sankar: "Re: [PATCH 3/5] x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 19, 2020 at 05:31:06PM -0400, Arvind Sankar wrote:
> Is it possible to take advantage of this to make the check independent
> of the original page tables? i.e. switch to the new pagetables, then
> write into .data or .bss the opcodes for a function that does
> movabs $imm64, %rax
> jmp *%rdi // avoid using stack for the return
> filling in the imm64 with the RDRAND value, and then try to execute it.
> If the C-bit value is wrong, this will probably crash, and at any rate
> shouldn't return with the correct value in %rax.

That could work, but is not reliable. When the C bit is wrong the CPU
would essentially execute random data, which could also be a valid
instruction stream. A crash is not guaranteed.

Regards,

Joerg

Next message: SeongJae Park: "[PATCH v22 00/18] Introduce Data Access MONitor (DAMON)"
Previous message: Andy Shevchenko: "Re: [PATCH v6 3/6] drivers: hwmon: Add the iEi WT61P803 PUZZLE HWMON driver"
In reply to: Arvind Sankar: "Re: [PATCH 3/5] x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path"
Next in thread: Arvind Sankar: "Re: [PATCH 3/5] x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]