qemu-system-x86_64: sev_snp_launch_finish: SNP_LAUNCH_FINISH ret=-5 fw_error=11 'Bad measurement' #195
Comments
|
Please be aware that the snp-latest branches need to be used in sync. If you update just one without updating the others you may experience issues. Please update all your components to snp-latest or snp-host-latest as appropriate and see if the issue still persists. |
|
Hi, I'm also experiencing mismatches of the launch digest compared to the one computed with sev-snp-measure (see virtee/sev-snp-measure#30), after building all components at the same time from the latest commits. I used normal boot (without measuring the kernel). @sza-1 have you solved your issue? |
Sure, I always had used |
Not yet. We have currently suspended SEV-SNP support in our product. Maybe, I will try Direct Linux Boot and IDBlock again next month. |
|
@sza-1 I have a couple of questions for you:
These will be really helpful in reproducing the error you are seeing. Thanks, |
|
I have same problem. Kernel, QEMU, OVMF(OvmfPkg/AmdSev/AmdSevX64.dsc) were built with AMDESE/AMDSEV(c941361)
I updated actual binaries at Google Drive. I used sev-snp-measure(virtee/sev-snp-measure@015a9ee) to calculate hash with following script. #!/bin/bash
set -eu
SEV_SNP_MEASURE_PATH="/home/naoki/sev-snp-measure"
SEV_SNP_MEASURE="$SEV_SNP_MEASURE_PATH/sev-snp-measure.py"
SEV_SNP_CREATE_IDBLOCK="$SEV_SNP_MEASURE_PATH/snp-create-id-block.py"
QEMU="/home/naoki/AMDSEV/usr/local/bin/qemu-system-x86_64"
CPU_MODEL="EPYC-Milan-v2"
VCPU_NUM="1"
OVMF="OVMF.fd"
KERNEL="vmlinuz-6.6.0-snp-guest-690558b32fe6"
INITRD="initrd.img-6.6.0-snp-guest-690558b32fe6"
APPEND="console=ttyS0 earlyprintk=serial root=/dev/sda2"
ID_KEY="./sev-id.key"
AUTHOR_KEY="./sev-author.key"
MEASURE_HASH=$($SEV_SNP_MEASURE --mode snp --vcpus=$VCPU_NUM --vcpu-type=$CPU_MODEL --ovmf=$OVMF --kernel=$KERNEL --initrd=$INITRD --append="$APPEND" --output-format base64 --vmm-type QEMU)
BLOCKS=$($SEV_SNP_CREATE_IDBLOCK --measure $MEASURE_HASH --idkey $ID_KEY --authorkey $AUTHOR_KEY)
BLOCKS=$(echo $BLOCKS | awk '{print $1}')
set -x
$QEMU -chardev stdio,id=char0,logfile=logfile,mux=on \
-enable-kvm \
-cpu $CPU_MODEL -device isa-debugcon,chardev=char0,iobase=0x402 \
-drive if=pflash,file=$OVMF,format=raw,readonly=on \
-kernel $KERNEL -initrd $INITRD -append "$APPEND" \
-m 2G -machine q35,confidential-guest-support=sev0,kvm-type=protected,memory-backend=ram1,vmport=off \
-nic user -no-reboot -nodefaults -nographic \
-object memory-backend-memfd-private,id=ram1,share=true,size=2G \
-object sev-snp-guest,auth-key-enabled=on,cbitpos=51,discard=none,host-data=,id=sev0,$BLOCKS,kernel-hashes=on,reduced-phys-bits=1 \
-serial chardev:char0 -smp $VCPU_NUM -trace kvm_sev_*And got following 'Bad measurement' error. Below logs are host-side SEV-related dmesg logs. $ sudo dmesg | grep -i sev
[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-6.6.0-rc1-snp-host-35f31dfb8101 root=/dev/mapper/ubuntu--vg-ubuntu--lv ro mem_encrypt=on kvm_amd.sev=1
[ 0.106380] Kernel command line: BOOT_IMAGE=/vmlinuz-6.6.0-rc1-snp-host-35f31dfb8101 root=/dev/mapper/ubuntu--vg-ubuntu--lv ro mem_encrypt=on kvm_amd.se=1
[ 0.711481] SEV-SNP: RMP table physical address [0x0000000087800000 - 0x00000000a7dfffff]
[ 4.962020] ccp 0000:47:00.1: sev enabled
[ 6.996983] ccp 0000:47:00.1: SEV API:1.53 build:5
[ 6.996993] ccp 0000:47:00.1: SEV-SNP API:1.53 build:5
[ 7.003919] kvm_amd: SEV-ES and SEV-SNP supported: 99 ASIDs
[ 7.003920] kvm_amd: SEV enabled (ASIDs 100 - 509)
[ 7.003921] kvm_amd: SEV-ES enabled (ASIDs 1 - 99) |
|
For anyone experiencing this issue, please try the following:
Upstream host kernels have a new debug_swap features which modifies the initial state each vCPU's VMSA page, which may affect measurement. Measurement tools will need changes to account for the feature if it is not disabled through the above steps. |
This works for me. I can confirm that now the measurements match, both in "normal" mode and using linux direct boot. Thanks! |
Good find @mdroth , the debug_swap feature shows up as a new bit in the SEV_FEATURES within the VMSA. I don't believe that any other part of the VMSA is affected. Could someone make a local change to the measurement tool to set bit 5 of SEV_FEATURES within the VMSA to see if that resolves the measurement issue when debug_swap is not disabled? (change the init function of vmsa.py to set sev_features = 33 instead of 1) |
|
@mdroth 's approach works for me. Thank you so much! |
|
@tlendacky I tried this and it worked without I changed the line (https://github.com/virtee/sev-snp-measure/blob/015a9eefb5818c0d8f75c28fe0c5410cd23a3369/sevsnpmeasure/vmsa.py#L187) to |
|
@tlendacky @mdroth I verified the change, as well, and opened the PR mentioned above to begin introducing the patch to fix this. |
There should probably be command line parameters that can be used to apply/set bits in SEV_FEATURES as needed. |
You may see here the full Dockerfile I wrote for this purpose, if you wish: https://github.com/sza-1/sev/blob/main/Dockerfile. |
I completely agree. @mdroth and I were talking about that yesterday. Diego and I will adjust the existing PR to incorporate those changes. |
Awesome, thanks for the info! I will make sure we add this to our list of test-cases to add to our internal CI. |
It seems that the PSP measurement check does not work anymore with the latest stable QEMU patches and Direct Linux Boot.
I use the pretty simple command line to launch QEMU and it definitely had worked with the patch series based on QEMU 7.x (and
-machine pc-q35-7.2instead-machine q35):(There is no initrd param since the kernel is UKI.)
And now I get the following:
LD was calculated with sev-snp-measure, which was not changed last moth in the part of LD calculation algorithm.
Reproduced with the SEV firmware 1.54 and 1.55, EPYC 7B13 (family 25 stepping 1), AMDESE/qemu bbc1bfb6bfb3cde4c22755cedd5b71e651ca35e8, AMDESE/linux 93e2466caee94edb1616ab75f48983ecbc86a03b, AMDESE/ovmf 80318fcdf1bccf5d503197825d62a157efd27c4b.
One more addition: the LD in the attestation report obtained by the guest through
/dev/sev-guest(in case when the guest has been booted without IDBlock) differs from the LD calculated by sev-snp-measure.The text was updated successfully, but these errors were encountered: