plat/common/efi: Add support for TCG's Reset Attack Mitigation

Add `Trusted Computing Group`'s `Reset Attack Mitigation` mechanism.
Whenever a machine shuts down or reboots, due to lack of electric
charge, the contents of RAM may dissipate after a short amount of
time. However this may be enough for an attacker to quickly boot
again into a custom program and dump memory contents. Thus, by using
this, the OS instructs POST BIOS to overwrite memory contents before
continuing to boot into the rest of the BIOS code.

Since this is not really implemented in `OVMF`'s `NVRAM` variables
we disable this by default.

Signed-off-by: Sergiu Moga <sergiu.moga@protonmail.com>
Reviewed-by: Michalis Pappas <michalis@unikraft.io>
Approved-by: Razvan Deaconescu <razvand@unikraft.io>
Tested-by: Unikraft CI <monkey@unikraft.io>
GitHub-Closes: #909

Author: mogasergiu

plat/kvm/Config.uk

@@ -63,6 +63,19 @@ config KVM_BOOT_EFI_STUB_DTB_FNAME
 	string "Name of the Devicetree Blob file"
 	default "$(UK_NAME).dtb"
 
+config KVM_BOOT_EFI_STUB_RST_ATK_MITIGATION
+	bool "TCG Reset Attack Mitigation"
+	default n
+	help
+		Enable Trusted Computing Group's Reset Attack Mitigation.
+		Whenever a machine shuts down or reboots, due to lack of
+		electric charge, the contents of RAM may dissipate after a short
+		amount of time. However this may be enough for an attacker to
+		quickly boot again into a custom program and dump memory
+		contents. Thus, by using this, the OS instructs POST BIOS to
+		overwrite memory contents before continuing to boot into the
+		rest of the BIOS code.
+
 endif
 
 choice

plat/kvm/efi.c

@@ -567,12 +567,48 @@ static void uk_efi_exit_bs(void)
 		uk_efi_crash("Failed to to exit Boot Services\n");
 }
 
+/* Sect 4. of TCG Platform Reset Attack Mitigation Specification Version 1.10
+ * Rev. 17
+ */
+static void uk_efi_reset_attack_mitigation_enable(void)
+{
+#ifdef CONFIG_KVM_BOOT_EFI_STUB_RST_ATK_MITIGATION
+	/* The UTF-16 encoding of the "MemoryOverwriteRequestControl" string */
+	char var_name[] = "M\0e\0m\0o\0r\0y\0O\0v\0e\0r\0w\0r\0i\0t\0e\0R\0e"
+			  "\0q\0u\0e\0s\0t\0C\0o\0n\0t\0r\0o\0l\0";
+	uk_efi_uintn_t data_sz;
+	uk_efi_status_t status;
+	__u8 enable = 1;
+
+	status = uk_efi_rs->get_variable((__s16 *)var_name,
+					 MEMORY_ONLY_RESET_CONTROL_GUID,
+					 NULL, &data_sz, NULL);
+	/* There is either no such variable in the firmware database, or no
+	 * variable storage is supported
+	 */
+	if (status == UK_EFI_UNSUPPORTED || status == UK_EFI_NOT_FOUND)
+		return;
+	else if (unlikely(status != UK_EFI_SUCCESS))
+		uk_efi_crash("Failed to get MemoryOverwriteRequestControl variable\n");
+
+	status = uk_efi_rs->set_variable((__s16 *)var_name,
+					 MEMORY_ONLY_RESET_CONTROL_GUID,
+					 UK_EFI_VARIABLE_NON_VOLATILE	     |
+					 UK_EFI_VARIABLE_BOOTSERVICE_ACCESS  |
+					 UK_EFI_VARIABLE_RUNTIME_ACCESS,
+					 sizeof(enable), &enable);
+	if (unlikely(status != UK_EFI_SUCCESS))
+		uk_efi_crash("Failed to enable reset attack mitigation\n");
+#endif
+}
+
 void __uk_efi_api __noreturn uk_efi_main(uk_efi_hndl_t self_hndl,
 					 struct uk_efi_sys_tbl *sys_tbl)
 {
 	uk_efi_init_vars(self_hndl, sys_tbl);
 	uk_efi_cls();
 	uk_efi_setup_bootinfo();
+	uk_efi_reset_attack_mitigation_enable();
 	uk_efi_exit_bs();
 
 	/* Jump to arch specific post-EFI entry */

plat/kvm/include/kvm/efi.h

@@ -40,6 +40,15 @@ enum uk_efi_if_type {
 	EFI_NATIVE_INTERFACE
 };
 
+#define UK_EFI_VARIABLE_NON_VOLATILE				0x00000001
+#define UK_EFI_VARIABLE_BOOTSERVICE_ACCESS			0x00000002
+#define UK_EFI_VARIABLE_RUNTIME_ACCESS				0x00000004
+#define UK_EFI_VARIABLE_HARDWARE_ERROR_RECORD			0x00000008
+#define UK_EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS		0x00000010
+#define UK_EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS	0x00000020
+#define UK_EFI_VARIABLE_APPEND_WRITE				0x00000040
+#define UK_EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS		0x00000080
+
 #define UK_EFI_PAGE_SHIFT		12
 #define UK_EFI_PAGE_SIZE		(1UL << UK_EFI_PAGE_SHIFT)
 #define UK_EFI_PAGES_MAX		(__U64_MAX >> UK_EFI_PAGE_SHIFT)