search

intel / ccc-linux-guest-hardening

Linux Security Hardening for Confidential Compute
https://intel.github.io/ccc-linux-guest-hardening-docs
MIT License
63 stars 13 forks source link

[Hardening aspect] Minimal required set of PIO for a CoCo guest #149

Open ereshetova opened 3 months ago

ereshetova commented 3 months ago

Problem

A read from a PIO inside a CoCo guest can result in consumption of malicious data from host/VMM and if the code is not ready to handle such input, potential privilege escalation into a CoCo guest.

Solution

Either all such reads must be audited/hardened (really difficult since we are talking about many device drivers that use PIO) or a CoCo guest should only allow reads from a minimal set of allowed PIOs. This configuration can be provided via an ACPI table or other configuration file and allow to restrict the PIO attack surface to a minimal hardened one. Note: This should be possible to do for PIO (as opposite to MMIO) since PIO configuration is rather stable (either known hard-coded ports are used or they are configured via ACPI). In past we have successfully run a TDX guest with the following configuration of ports:

bool tdx_allowed_port(int port)
{
if (tdx_debug_enabled() && !cc_filter_enabled())
    return true;

switch (port) {
/* MC146818 RTC */
case 0x70 ... 0x71:
/* i8237A DMA controller */
case 0x80 ... 0x8f:
/* PCI */
case 0xcd8 ... 0xcdf:
case 0xcf8 ... 0xcff:
    return true;
/* PCIE hotplug device state for Q35 machine type */
case 0xcc4:
case 0xcc8:
    return true;
/* ACPI ports list:
 * 0600-0603 : ACPI PM1a_EVT_BLK
 * 0604-0605 : ACPI PM1a_CNT_BLK
 * 0608-060b : ACPI PM_TMR
 * 0620-062f : ACPI GPE0_BLK
 */
case 0x600 ... 0x62f:
    return true;
/* serial */
case 0x2e8 ... 0x2ef:
case 0x2f8 ... 0x2ff:
case 0x3e8 ... 0x3ef:
case 0x3f8 ... 0x3ff:
    return tdx_debug_enabled();
default:
    return false;
}
}

https://github.com/intel/tdx/commit/3949a919d892d026d7e13817a2b602e768e7d8a8