From patchwork Mon Jan 29 17:41:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 867213 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="HLKtVHNY"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zVcKh0tXwz9s74 for ; Tue, 30 Jan 2018 04:42:47 +1100 (AEDT) Received: from localhost ([::1]:53635 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egDS9-0005VZ-3C for incoming@patchwork.ozlabs.org; Mon, 29 Jan 2018 12:42:45 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48928) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egDRJ-0005VJ-GJ for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:41:55 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1egDRF-0003Dg-Qs for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:41:53 -0500 Received: from mail-dm3nam03on0615.outbound.protection.outlook.com ([2a01:111:f400:fe49::615]:51935 helo=NAM03-DM3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1egDRF-0003CJ-Hx for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:41:49 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=XZNMX7W7BjAyoauY9C01cQiqbO/rA7zoVdtjsIuLsGs=; b=HLKtVHNYzE67gG0cfmmx66MJwEJqATCXLB8LvPlI2a4SjNGaxbT8/RhANRE0lQbbZlApiZsGQ5Nizf84Vl3Pgk8ovyg3WKfElFTAqLg2xuL29xi0L8oPaHSVL14L+N3hPMp4xBGmP+Dontw/LYPYxDaRqBDCbqIxneVL72OYBwk= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.444.14; Mon, 29 Jan 2018 17:41:44 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Mon, 29 Jan 2018 11:41:09 -0600 Message-Id: <20180129174132.108925-1-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR17CA0018.namprd17.prod.outlook.com (2603:10b6:404:65::28) To DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 34d66727-b988-4f1d-c5d9-08d5673f9127 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0154; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 3:0Go09PPz/W1F0H/HuyqsRdf/WTvNgn+oKyxacKQh/YKqJCEYgoyoNQ95fhBLce0Poq0oEsQUez0TTNUH3C0CQ3vKHKWID3tsDMlJypT8Olo4t1mAfuqkADhhtNZxaegK+r2RasYc2nTXsm+JUXUzqUpoojLh+oaC1XR3ESHyshnfC4nLD0s/LGRDEbFuTZmloB5E8xP8Q60bjDG9uOpgzEa1K+uOr6bTh8hGCvYwDDaS9CTeCTJcs5nCKdXyhTBs; 25:EhLDcKlXdCS4b8oYoM57DybXz6Nu8tHIaMx18zAsH9oxPso3Jik08dP5MS8bK7299fEUUCqnsnUA4EV0whz1MSqpb4+VcZ3Sxzwv1beta16e+OB5mg7xmIe+eRX/AKsrVqQDVpOUdZ25TVQ+XfTv0O84gD9Y/U3Qfn+De7/GGc9cME0THjsoihQ0JcQm5BLneQGiCF12kOWxGTf3EmzCiBICrDBlHr/WVVGiFw204g1iFwHrFmTisv4KoIYwzGFIqOa3nIhfxnEn7uJN4dxOrrwSkZvZTud/uj2uLtYHq4ZAHpX80TFUTSYhswxWgkalaziL5zlR6rj+RbuEpPe17g==; 31:HuKxtPETC3+M7J8tnzH+zehJyMPk5NNLkZFgK0eA8fHtbXmZZ5LkuyPTFTY1PFWeQsNF7YNOvmVHYbjO19yxqj3NrqFDx3Pvk62UfrTNpOuBF10QnlK1IdxU23sw9GnpcQpy3Uw45NuUEYZ8n6rarG58Z66K+XTprHm92tHkVMdWqU/meQkSLri5ybPFwolxFZ/vliuvwiA+mwmDSNg4wsmWMroWbNVxQAIrI7HfZ9s= X-MS-TrafficTypeDiagnostic: DM2PR12MB0154: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:jZpsSTixm7DBXLM4G0ns+mezOUfaxM5M2YKZrf/Apu+4heUrUJvadhJuIaMtxKnqqqTOjrtKqjKh/+F50YWhiqKz4f/ZtEsFvvIJKkd6HrAUAAkiNHBjYme5WoDl1HsFLCDmqQXzdRj8yMBeTCaMDKo3I8s2SEKzYxT/1k8FZfWATjaD7u9QBfbiw3SooVuRR+hXfMPEn5/m+2nCd5y9JqLuJM6hRufUrbQe0AUbirM7j0YQtt5cSPZ7MpxOI2HZ4vL2rLCTgrQS2IzQrR61VzYxGaVhkxnfY5FwA775p0BWyIGUs4Sqc8W4OcDtOfmLR/ZYcwM6zEgjL17sz9pSIkrLMSJGE5VoMprnhE/p/zRIvI2oeXwH5hu2okY1cPkXoYCc6vQtqiDonRRdcqMFeYUIpjZkrZ5dB7z7in3/dBtJ72B1pEEcGmKXpRQkMYihgSIMT0JIk2wlQyWXWVo0QDFHgGjmoIG3CK6fM3UGunTqyM6VQLDAv3GepeK3BTa0; 4:VWMT6jlT39UMQIPLXbfYtuuO5CBymy6hTDTL5EkFZZSxSoeVoCFzB7DJOiQXDsUJGizlMhIp/ZFCP0vp4dmKnj+xWXYfQ5A5t3t8ptz981Z0iDC4Do0gG5ZZCm+zMelR1aTREIA4DUrsPPq1XInSZkKnMhEvA//aHv4V120v/7wcFZTr5N3AE6aHkYWD0Jl3yfElvK3XFiSrlFhw4122pLcTxs5a0wHyuDWt9MHgiZUZUAF8utzHhOCYiY/mf7w/68zfNso2ck+l4mDcpxAh+Kmj+zILSXVMRG3Bq3kAyb32MJRPLJto8cucmtrwVne2meH/2aOtPeQ2D26Zglka+TUcXa1WfbD3bu89I1g7BCgBof6TMTDjdsLC4s7It5puu8Q8kV7WOgHQMTgBssefC+q5iHBOb86zORh3wnqV3wI= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(166708455590820)(767451399110)(254730959083279)(91638250987450); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(10201501046)(3231101)(944501161)(93006095)(93001095)(3002001)(6055026)(6041288)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(6072148)(201708071742011); SRVR:DM2PR12MB0154; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0154; X-Forefront-PRVS: 0567A15835 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(39380400002)(396003)(366004)(346002)(199004)(189003)(48376002)(8656006)(39060400002)(4326008)(6486002)(68736007)(36756003)(478600001)(26005)(97736004)(16526019)(6306002)(1720100001)(53936002)(386003)(50466002)(86362001)(25786009)(8666007)(16586007)(54906003)(186003)(47776003)(59450400001)(316002)(7416002)(305945005)(7696005)(105586002)(106356001)(51416003)(2906002)(81156014)(66066001)(81166006)(8676002)(2361001)(966005)(53416004)(3846002)(50226002)(52116002)(6116002)(2351001)(1076002)(8936002)(7736002)(6666003)(6916009)(5660300001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0154; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0154; 23:KWfGxuHn8s3frOgT9G89dstW82MGDOIYS0Xc7lpkT?= zr/l6rIv6SO8lAU8Or/TdIb4ZtxC7y4abpijJbU534ueidRMcoVJSBVVQVlee+gKz8y4mTqgodt5bj/8T/2ynogzZUNXOazBa50XDK718YO5rKXHmcb+uemzHhT1Dwew09QpwXisJcmLkOGLEFdgeX04DKluGoGy/w1bRbFZ6HIEQ7H3/jfZhAXlxJTO1VIEz4LfnWlWIsoO2cxcB00iVJ1vXVlrNDf5SzEJlB9dkEuTQKImdgfxi2iLwVK/4Y7gyGzGIgWJ+SK8arfzvbbvZQghfqhz2/AruKfby4CPdXs/Q6gfoPX/8MotH6UjseuBc14gK3wBNdSp4yATibOU406shRXM0XxnB3stgnicpUFqdV2R954TXPDHTU7QPjVUYwoLF7hX3SwiNbxixG1O9H6hLTcxKad5EL/e0NHbyTSew7671bf7zv9baTJtuWFGSRwQ05vXKlZBtu/FLTwMEvKfkBTTO0CC5M6nlenRIeS2QGoGKKmbgnZVAxKV1SztXnRR8gLlT8/v0ogm10ag3Hz9AKOXj96Eb8QX/A/DA1ff7ldai1Gce55s1Kzr3/A6R1QvqCP9ASi6hRtRx2oAVXgrfciHlKWIkz+X69QxvPOGR/B7nLT9Un+J9LtabXuwi27Vk7c3i8R459oW/29QkjvVMMyqNevjZsJrXDA1B6eQ+xl0EA3NIg1ePSyKOh7PgLxrJ6QRUvsj7TIPcyfCaPqFvaKNFqP1MJT4n7zX+AESezN4XjMx79lLobDOPHw2rV34Xmre5xZX34a93MwIb/n4WLeMFTxE3YMpKiAyYKcuAnM/Yvwn2n85MaHXAhtkag1t/QE1m40rGG2ROAC0jTkG5jjcuE6yJvHvXbhBY9KmaKXoMr80mSnB/DcClDUFbW5NGVcCQAZV3S7MhxWfgfh9HAXf2U97epEdZoZuJADMC19yZLb1KuTkf7dIct408Xf0Z4drA3P923FOhYS1i0kk4MPfoF0YY/drBRSxQPzZj2EyMXnGSY2JJDHM9vxyY43plbf0EDEQ1yN67FzwyVZSr0vQv6554cNhoRGdOd6Pyp2Rq7oUEcTKVFKwE5IOPEHw6PgDsHK0n48Q1YE6q5Fk/szHZOi6yu7XEjwhZLPUTI3g3+cDHSQlJKHuUBSperOPMlu/ZnIRnSJj4qbUauGgjwj/gPhAHvvc/eMTU9/mBjdNx8v4FktXdu4mG8uyPGYHF6Vh+qdFFie2JEt1P2kePYWUZf2Q/9GULTO61GD3P+Qt0CsGHIQciHyEldUZmk= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 6:ZiXeLMOrKuqoZ/UWLeqKBnRB7l2tWTOxYopcqTolOTfJ6NWRG11VqU2lBLsvjWMVtLhC9tU5fS1vcMIPBG7MmEvCNPZXGjsTjy24vSYHj+LMP7t2U8dzDTxVYynJY59WkAuecRNPNQ0h7XRoyA/egM79EvigqYZwS9FkgfdK/fDPAbC8SMHTkHWrFySmzLMCovtQUBh32G63LczX2Mie2BVntbCWmaA6V448IxSJ24Vgu4tZ46VSJYBmIjzWDh+rH/ngwhP1D6SRyqr5ZGYvPs26LgnLKwK2Lu3n/i6DfBCRhr8bz+yXGqId1zJMQq8yOgSCdoU186Ae78rHeVW+7s8vZFTQIHDBBJgm42bN/Ts=; 5:p3Weq4H3HapBlg6AlpUjBJJ5w2TTytzU8o4QuQe0MFVWgqfvlf/AKEt0CNPk7p2GmRVt2up48JZcvxjx//bmaBjrDh7OfzspZPjLrnv/nx9GO0Ify1KZWH2x6ExaAYGKSTs/5k+6Sr1kVCCcUZMLG47G7R5eSDu4cHn0i8EgklA=; 24:UQ9unX7pesITkbobKCU/MJ0Z8A4G8pu9kSoFCz46V1UkO10fvPd0YbP2v8dievkTKo0wPgojOJ7DYAD6IMgtG1rm48obSGUKf5pHJq08JPo=; 7:cdntouX9QUalJxgFpLa+plwHDKTCX+8dT4DPeOmVn3jVOyWU+VvzxtZjCBDczp+AjxRUh7JmN09HbN+ViRXnBzNMDNmMhf1Rjp7x4SoJnUdMByOUsVFIGllBFJLqmckvABBnNCTsVemNWs0jiMK4R6E2LOdxRKjXd2AUwKk7bPVKl072Ct1zz+UZ1g+m+QmhJae9XN6fxK84lGxKjZQmktSAb2ifs08XPQPvzeGYOUHHCxjmDaocSKZRdQnwKZY0 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:rpFxXWZn/p+5TmmiYeu24Ig9bfK/PlmGUuAlIN2S5zr4I2CzJ0XjoUeCySSvinsVhcYqjKWFiReUsZJtw6aPVLywAZReh+DxFUxwOXjnozsmC5WO0vJ06jsc+qTtS8C3ufMUIVKZum/CWC7KRCIvyHL01OwJDOHI4SGx8bbjKoYjIYi0thZdStZp78FIlpn3RbH0NERC6D+fcvXgIW18qOgfOVP0k6m3sEF0AWSWaLn3pm7KLp9K51LYCZWi+kt1 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jan 2018 17:41:44.6040 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 34d66727-b988-4f1d-c5d9-08d5673f9127 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0154 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 2a01:111:f400:fe49::615 Subject: [Qemu-devel] [PATCH v6 00/23] x86: Secure Encrypted Virtualization (AMD) X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Edgar E. Iglesias" , Peter Maydell , Eduardo Habkost , kvm@vger.kernel.org, Tom Lendacky , Stefan Hajnoczi , "Michael S. Tsirkin" , Richard Henderson , "Dr. David Alan Gilbert" , Brijesh Singh , Paolo Bonzini Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" This patch series provides support for AMD's new Secure Encrypted Virtualization (SEV) feature. SEV is an extension to the AMD-V architecture which supports running multiple VMs under the control of a hypervisor. The SEV feature allows the memory contents of a virtual machine (VM) to be transparently encrypted with a key unique to the guest VM. The memory controller contains a high performance encryption engine which can be programmed with multiple keys for use by a different VMs in the system. The programming and management of these keys is handled by the AMD Secure Processor firmware which exposes a commands for these tasks. The KVM SEV patch series introduced a new ioctl (KVM_MEMORY_ENCRYPTION_OP) which is used by qemu to issue the SEV commands to assist performing common hypervisor activities such as a launching, running, snapshooting, migration and debugging guests. The following links provide additional details: AMD Memory Encryption whitepaper: http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf AMD64 Architecture Programmer's Manual: http://support.amd.com/TechDocs/24593.pdf SME is section 7.10 SEV is section 15.34 Secure Encrypted Virutualization Key Management: http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf KVM Forum slides: http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf Video of the KVM Forum Talk: https://www.youtube.com/watch?v=RcvQ1xN55Ew --- The complete patch series is available : https://github.com/codomania/qemu/tree/v6 Using these patches we have succesfully booted and tested a guest both with and without SEV enabled. TODO: * Add SEV guest migration support * Add SEV guest snapshot and restore support Changes since v5: - drop MEMTXTATTRS_DEBUG macro, caller now specify attrs.debug=1 when needed. - drop DPRINTF and use trace points to output the debug messages Changes since v4: - extend sev-guest object to add new properties 'dh-cert-file', 'session-file' etc. - emit SEV_MEASUREMENT event when measurement is available - add migration blocker - add memory encryption cpuid support - rebase the series with recent qemu tree Changes since v3: - update to newer SEV spec (0.12 -> 0.14) - update to newer KVM RFC and use KVM_MEMORY_ENCRYPTION_OP ioctl instead of KVM_ISSUE_SEV. - add support to encrypt plfash Changes since v2: - rename ram_ops to ram_debug_ops - use '-' rather than '_' when adding new member in KvmInfo struct - update sev object to use link properties when referencing other objects - use ldq_phys_debug in tlb_info_64 and mem_info_64. - remove sev-guest-policy object, we will revisit it after basic SEV guest support is merged. - remove kernel API from doc and add SEV guest LAUNCH model. The doc will be updated as we integerate the remaining SEV APIs. Changes since v1: - Added Documentation - Added security-policy object. - Drop sev config parsing support and create new objects to get/set SEV specific parameters - Added sev-guest-info object. - Added sev-launch-info object. - Added kvm_memory_encrytion_* APIs. The idea behind this was to allow adding a non SEV memory encrytion object without modifying interfaces. - Drop patch to load OS image at fixed location. - updated LAUNCH_FINISH command structure. Now the structure contains just 'measurement' field. Other fields are not used and will also be removed from newer SEV firmware API spec. Brijesh Singh (23): memattrs: add debug attribute exec: add ram_debug_ops support exec: add debug version of physical memory read and write API monitor/i386: use debug APIs when accessing guest memory target/i386: add memory encryption feature cpuid support machine: add -memory-encryption property kvm: update kvm.h to include memory encryption ioctls docs: add AMD Secure Encrypted Virtualization (SEV) accel: add Secure Encrypted Virtulization (SEV) object sev: add command to initialize the memory encryption context sev: register the guest memory range which may contain encrypted data kvm: introduce memory encryption APIs hmp: display memory encryption support in 'info kvm' sev: add command to create launch memory encryption context sev: add command to encrypt guest memory region target/i386: encrypt bios rom qapi: add SEV_MEASUREMENT event sev: emit the SEV_MEASUREMENT event sev: Finalize the SEV guest launch flow hw: i386: set ram_debug_ops when memory encryption is enabled sev: add debug encrypt and decrypt commands target/i386: clear C-bit when walking SEV guest page table sev: add migration blocker accel/kvm/Makefile.objs | 2 +- accel/kvm/kvm-all.c | 48 +++ accel/kvm/sev.c | 661 +++++++++++++++++++++++++++++++++++++++++ accel/kvm/trace-events | 10 + accel/stubs/kvm-stub.c | 14 + cpus.c | 2 +- disas.c | 2 +- docs/amd-memory-encryption.txt | 109 +++++++ exec.c | 107 ++++++- hmp.c | 2 + hw/core/machine.c | 22 ++ hw/i386/pc.c | 9 + hw/i386/pc_sysfw.c | 19 ++ include/exec/cpu-common.h | 15 + include/exec/memattrs.h | 2 + include/exec/memory.h | 27 ++ include/hw/boards.h | 1 + include/sysemu/kvm.h | 25 ++ include/sysemu/sev.h | 76 +++++ linux-headers/linux/kvm.h | 90 ++++++ monitor.c | 8 +- qapi-schema.json | 18 +- qemu-options.hx | 36 +++ qmp.c | 1 + target/i386/cpu.c | 36 +++ target/i386/cpu.h | 6 + target/i386/helper.c | 46 ++- target/i386/monitor.c | 145 +++++---- 28 files changed, 1450 insertions(+), 89 deletions(-) create mode 100644 accel/kvm/sev.c create mode 100644 docs/amd-memory-encryption.txt create mode 100644 include/sysemu/sev.h