From patchwork Thu Sep 22 14:52:39 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 673463 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3sg0Qc080Sz9t1Y for ; Fri, 23 Sep 2016 01:14:32 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b=otkNEtuJ; dkim-atps=neutral Received: from localhost ([::1]:50055 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bn5hl-0006Wj-GU for incoming@patchwork.ozlabs.org; Thu, 22 Sep 2016 11:14:29 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45883) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bn5Mp-0000dV-Ux for qemu-devel@nongnu.org; Thu, 22 Sep 2016 10:52:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bn5Mk-0007gl-T4 for qemu-devel@nongnu.org; Thu, 22 Sep 2016 10:52:50 -0400 Received: from mail-by2nam01on0054.outbound.protection.outlook.com ([104.47.34.54]:10784 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bn5Mk-0007gf-FY for qemu-devel@nongnu.org; Thu, 22 Sep 2016 10:52:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ueoGcA4IpNKqgAZ1wItAzTPizqsUJEFyquyAnjWAvJI=; b=otkNEtuJ0Ha+vXhxVL2Q4V3JN9cHeyRloIBlCAc2NmkAp644nmlSyvWHwSm9SerTuR37K/FHwPlx5hF1d0iDztSP5m/HUKdovRHq7R4wRzOdvesmIQUgl3p+viRD9hCmLcyDivGken78XzgdUrN85ZywdX9ZXmnqkZWzitXDL8c= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from [127.0.1.1] (165.204.77.1) by BLUPR12MB0660.namprd12.prod.outlook.com (10.163.217.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.629.8; Thu, 22 Sep 2016 14:52:43 +0000 From: Brijesh Singh To: , , , , , , , , Date: Thu, 22 Sep 2016 10:52:39 -0400 Message-ID: <147455595948.8519.13198694684344528032.stgit@brijesh-build-machine> In-Reply-To: <147455590865.8519.11191009507297313736.stgit@brijesh-build-machine> References: <147455590865.8519.11191009507297313736.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN1PR17CA0025.namprd17.prod.outlook.com (10.169.33.163) To BLUPR12MB0660.namprd12.prod.outlook.com (10.163.217.30) X-MS-Office365-Filtering-Correlation-Id: 13970511-2a42-46a7-d3b1-08d3e2f81c15 X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0660; 2:BDbLzn5uT2yC5yKEwUsihOKY6V17R/zNKWG9a6Esv9F5073992QUnXigNwe8iiDjBLpXAoeZ0Kf2dhsqRYNmrvx78cq5J2aLHq3ajfNiO+uQxLQaDPdkiQidmwbFjJQSH6Y5gQf6D+/2JEFFKoYPm5uB5dESWJk/0omfMfoV7MDbzI0jR+LORKHpF1Q5fl50; 3:skaM311sC2FeKucnC85A/BzSZQ0ddHKXcUsfCzEvbYTrUzUQO4QoKLR/CDEzvUX9NfiR+vi2o0QtMiwtJP0ljsYLbQGsSO0UcBGESCmg+N1VQyc3Ziw6/EwNHRf74C/S; 25:xO3/f7hAIgbFxfwLz9Z2ywCtH2mT1QhskJGE04z0WnoU/+z+4YIfr+1LuvR6V9BNHbnBU61P9uJh5vsFMB0FbQyyj5Ao9UpiNo0N0diHt/k9XWhP3uOK8ODS7GKKyZ4uAZgXQ56XgoAiHGqMUzBt0eE1s4RF3/sNsb/aZDDO2g+KRpWH/9177gHQjPqr1ZfEwMwqwSg+CbXlN3QCO4SY7eAQBPYHIbenDcn3/fwrsGdrM2nfCsx9iUnDv/+Ck4JviuDnXRUQcGiL8FnfLuF06+WAZq4+oqdMqzlPiqQg9GG+qmephJ5jX4E9hVwhtuzpWUvGdYwacVTPzzHVB2VArfSi8YPttgp9Vt+mL8ne+CIwnp82AIU+r/VSGTf1fdHchiXcOyXRK690BGREamlHqUlzpCg/CAcYzt+25hydqAE= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR12MB0660; X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0660; 31:V99oGcAV42EzJsAbCpX+1OalcqqlnCQDjBUPGVi9urP+k2wNQSSUAltQYA8vcrVCDdDLzUhbWmg5NzCNSvPjsPVtrtfB2wNfi+Zm+gj2ppR2GvtH0nS/feHu3jQYeXC9CPrDuJPoH4BzGhT1o44XrU4XIUHtV7MzuN7TiAeGO/Wbt4T/BrcmrvRwuQJy6mtn5DHJLms0tix2/rc/PwSSCFo8MkXCcigyGZStkcx2sf4=; 20:33WyGWgHqcOzuk79wAKVwp2DpSY2NNhxQmIQE0jXzBmBuOGoW3naXcgry7X0mhYWaT2xh6fNoEzgKNDOEiIVEvkg8OdM/7U0QDKw2fRzaIjuJI8vABWcqcklogfFHloVNbo499cJ9eSezsOjfoc+neXj2jwsDu/LQMDFzKy4hGITBstYq8aMwy3nn1tPtKiW4FcF4vcKp99rxcdZErSMbfl0MsF9FH9grAy/2kxh3UIV+MtaQS/oZLx/3pdAYEOnspbX1IozHJEbxPehwVUdq7nnYPWycDGiaNJLj9j38wUy5KWWu/ouMAxbXariqQick10uG+noziq2Ztv40P5/+U6tUW5GJL1XVTsRr+vurCcqN+1kWAY9dh9QQ3CLm9lPEUlikcspTPAfWRTnZPpSd6g/MqezWPw34hgyuonlLtWHIw90AsF4HcZ5nhhDvH0t45ZZwX94q1NwNs7x/z9TExSctpFDK07XoJvuFmF6X9iknlVIaOAuLrafmlZiG4Xm X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(250305191791016)(22074186197030)(192374486261705)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026); SRVR:BLUPR12MB0660; BCL:0; PCL:0; RULEID:; SRVR:BLUPR12MB0660; X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0660; 4:lIfvR3i1TKZHM2fvH8zDyxaozblKz6jlk+y3UbGOGSTqQhJ/ctKsgcya7mVI0PljcDJjuLojuW0Z9KbFV/mRYPUDEvCLIxdguvovOiJScIhZSajh+uWh4lUjx01AzbgPX862kU8M2+0NlVCWKwQXnKbi4mnPa7EFzLMXfqEU1JyMvR5V21LnOQIb0cdGicHL3yPt5NWNES38MtHTgsu+EESzBQegI2/bWtGji8H7JnUwYw2lnymh327ZuXEWHY/lr6UvgQy/4QSedRrhn0XDg7ct6Bkbtyf7nBzP7UWUGj54MeennixqSo9oaHImjVPbjCGsumPz2FK6EtgBDoAw3uvQxmxVQGHTUFALN/g+kApSVomQs+Lb1YNUH9UvQ7a2i5n9v8IpiJFSHWCBB6ebwSPZrBfO5w/hKon+ppCG9YUb37U1mKm8hXWmUFztwtD/1VPPVwI+hEwGdosbRW9PKiS0TTW4QaZI9a0sbsce1FoGV4KHb/Mk8t/pzaf2AIzjrhQQjMdhSegG+l8PauvjbmMqyKCpodLKI5PipPN9n18= X-Forefront-PRVS: 0073BFEF03 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6049001)(6009001)(7916002)(15404003)(189002)(199003)(86362001)(10710500007)(101416001)(23676002)(2420400007)(2906002)(189998001)(7846002)(42186005)(305945005)(107886002)(5001770100001)(8676002)(5660300001)(7110500001)(15650500001)(81166006)(54356999)(76176999)(9686002)(19580395003)(2201001)(50986999)(33646002)(92566002)(7736002)(19580405001)(83506001)(33716001)(4001350100001)(586003)(229853001)(105586002)(81156014)(97736004)(2950100001)(103116003)(15975445007)(230700001)(106356001)(47776003)(77096005)(50466002)(6116002)(68736007)(3846002)(66066001)(2004002)(21314002)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR12MB0660; H:[127.0.1.1]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTFVQUjEyTUIwNjYwOzIzOnBKTGF1TVpkVW5BQm5WeXZvTTk0YXVXenh0?= =?utf-8?B?QnBSMldjdWZ0S3NmaDJ0UzF6YytWZE9zNkdpNk9mMWVPcEFjWVlJcXZNRjlu?= =?utf-8?B?N3ZLdEZva2VWaDVNSWdtYlhObGQ0aDl4c3BYNjRJVnlpNUdlM3dxQXZzTDlp?= =?utf-8?B?dC9yekIxeTRLbGR3MDgzV0ZRUmVrMnhPNGJrWFlSSnJ4N2RSc2ZyalBidXQr?= =?utf-8?B?dWQ2TEYrTko4UWxmQm1Yb1o4K2tLdCtLZjN4VXlaVEdYUzVocUxCdnZ0WHF5?= =?utf-8?B?R296UmlpK25MMElwdUYxdXBmRjBERUszYW1DVjh5dVZXL1NGby85QmJkUFhN?= =?utf-8?B?SXhjakRnV1VsVHp4ZEJjbzVkRUMzcjhuaFBhUEZSM1pXVVRnT05UVWJnNlk2?= =?utf-8?B?KzQzQVQ2VWh3amRVNlpHUlkycTNKczVxOGpxam0rOGpBQkdkeDFjMEdJVkN1?= =?utf-8?B?d0pqUm54UUNITXQvK3cxcGEzS0VEQ2FaZ3JZOFdwYWoxU2RtK01wdVg3TlFO?= =?utf-8?B?UG4wWlFmZWNrcTFhTzFYVVRzVExEbk9HOWtEdWFZaTFQMEEwdDZ2eEJxZjFy?= =?utf-8?B?ak8yUTNnaHZDbGlVQitPRlZ4M3VjTklsT2tjdklzM0k2K1BCdjRMVi9kYjZo?= =?utf-8?B?VXkzUG8wczhKVERFMGx3MVV6dDNuaXRXakhGcTVoVGxORXh1eW5rUjRzVnRL?= =?utf-8?B?UkRIQ2NJaGJPZHFqbk0wVDdGbE81SHRYTllSSEswWjZXaXBZc0daZFczdXFO?= =?utf-8?B?REM3TUw5S25JS0EwQTE0RXVxam5FV2dEZE9sei9WVWt4cm5uR1RvN1ppTlBH?= =?utf-8?B?dDJlL3U3MWxVU3BKWUorRTJiSGQwaERpSEZpM29pM2l1bXlHRWo2OXlLbnlY?= =?utf-8?B?d3Vid0RiSW1uL0RQaHA4TVYrZXZIRXNmMVJGSi82MDB0RTBLbHhzWE95eS9j?= =?utf-8?B?aGZZc1NlbWd5bkllRTl5bXh0YzBldDl0TXZDYmNJclE1M2dGVHBHeUNmYnc3?= =?utf-8?B?eTZIbHcxSGxZanRDTHppSzVoMi9ob3VkdFphajYyMG9ZTG1pSG03RGIyNXZ3?= =?utf-8?B?TGhIZFk4amxZQmNzRUZ6U2g4aUhLVFA4dC9vRTBLYUU4WmhZeUVWZUlVYXNs?= =?utf-8?B?Z2J6MU5nOURYT2h1UXhGejdSYVhjMFdENlRWZ29BL24rR2dsd1l0WEhac3E0?= =?utf-8?B?MmNRRktiMjUvTmJUQzlFaHVRaXhUTUc3WnR0VWlHdXZ6N0VUNkUwTWZqZVMx?= =?utf-8?B?R2ZMT2ZVZjVKSzIwRm5WREdNVW9LZG50bm5uTllHajRmM1BtTFZDT3YzbE5q?= =?utf-8?B?QWhDbTNQTDZ2eGhmOFhoTXhXOUlHR1U4aGVNcGVhT201b0hYVHlNS3NNa3dS?= =?utf-8?B?N2lLVWJZbXVKRnZHeER4Y3FNQm4yMXFsN0xlQlFtaGh1R0hKWnRyb3ZpcjRo?= =?utf-8?B?Zy80SkJaTnhYVG5HSm5sdzRhVFc2NTFnTEh3OWV1VHlsS1BBWDA2MzFUOEU1?= =?utf-8?B?UkZiTWtTdmcxRTZlSW5hM0hSb0Y2ZHhjRW8rbXh1aVJlRUlFOU8vOHQ3VENF?= =?utf-8?B?SUJlNmN3OVpZMUNvTWp3Y3RnMmZPTHVBaGJXUk5IQ3B4b2xvdWlvTUFsSHF5?= =?utf-8?B?WTdkajFJR0UzTE5VN1R5cTB0N053cGFGTVg3UHBoZ2tNdGdqSzJ5ajVuTVo2?= =?utf-8?B?R0o4Z2ZlcGpQYTBTUEs2cnpqc1V1MHdHbXZYaGgvUkRRMkVXOVdPK2Y1b09H?= =?utf-8?B?UmVkNjJFbkphaXRpNmJxbHc3aitsNkdHRGZNSzd1RnhEOVVsSzFOZVovTXBm?= =?utf-8?B?UXdaT2VtTE9DdVNwQ1BMZjlwRUhTM3EycFhwbVBWZlZ2QjR0ejJTanNncGlD?= =?utf-8?B?VVFQN0tRNzVPOWtoaDFQbm5rdXpNMitTQTcxeDJRcmtSTVBDcDZtd1dpQ3U5?= =?utf-8?B?SnlRb3ZBajZBPT0=?= X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0660; 6:pjRpHkKhIl3P2ePI+rKs1bRp0LBESyUYWyrfDanOKw9uSKpN9H4ECNdW+W4f76KTEton8EuPfWtuHceP+LWu3O7kO/Ub4QQPBSwk19rrHXqRDmjomwNjYQ4dIyhgMR3OvqD983SGQACvx2H2Ha0sSCsS1m87koIoKSs5Y1uNq113TS8h1aa6sc0Rek9tYS8+fkclOarCf9HY6/srzUDCtK67d212r+h5uSyfwEcUXi0BssULoscLx4ucKmq2hF8c6lPkdbY3MKLWOSgAJZidydzoAPJX4zY12htAMXuWCYTiz19kXUctTW5xDm42ibVys7DGNHo1ip5Z1k3bQQJ35w==; 5:QNBnD+rXGKQ2PQNpeXuWkjwZAIbaZoEJ8dSpCaD8ZwJEVCPjW63GJBvyEfJLPu9EW0rgAL8olYJbE1/TtDGQaW/bfN3C3WY3WRLaJMzpRZw4daGHQZ68rNJk3FfpfbSt3EFv6Xt3OdvYv1oAXt7D4w==; 24:5RVPNfRGfHFPtBfRwzt1KtJQS6W2gQcpF2cUfLnswmWtpfs48P3r3Vn7v6mNlUetvPWRP/rDs0n4/8QBGAgjbtH4tmySgpQTYP4r8/s4/uI=; 7:pX3rEDVpkKSLGwOCKEzjq7zVttk6qL2eGQ2MklVIfuQOsO7LuZ5w9Vx4TqDyujRSbV6/DbXHk6gjj9zOzq731p8CgnE0lC3VnCgUlkg0pVgNojyqRZgA9tsXzBJIVtqqiJfM4GXseCWOhdt5AvgLlCHZZm5jmtR8VKFZ8zBMJX0Kk6okcWekK2hQLcpb7qhA4Ex/LdYHjoNvXB+AmL8iWxYieG9Dp47/oo/cIt3HRxEckXf8yIuNBuI7PAnDhKCCfAbidoy05jZOPDDAR/bqwxE+E2UwOfwQs0+dOUmeaQh2r/Y+G8fGn+3Oows+Ae4M SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0660; 20:bN9DVexcYy+BYhY0FPVO3UUPBYbW8mDO7b3a5ctUqNj8R24IilNyp+pGIkkIjhbPoV1hHkcal8HT9jdyeFp8PnCC6Mup0aso1gu7hcGBKeX9Ml9OMyLltPTlEAcZxwn2o8WpidWoGaH+EFDiciivrBKeu4knlRF4H+TVYxMTgNmU6vAW/x6CYxTz+83oS4CovyiXxiU5vObFvRjkIuNX8DQLtwoBAPXNDWmNqMtnbJInW3ML6YeXfV16imgGKUo9 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Sep 2016 14:52:43.4966 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR12MB0660 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.34.54 Subject: [Qemu-devel] [RFC PATCH v2 05/16] core: add new security-policy object X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The object can be used to define global security policy for the guest. object provides two properties: - debug: can be used to disable the guest memory access from hypervisor. e.g if guest owner does not want qemu monitor to debug or dump guest memory then it can do so using the below command. # $QEMU \ -object security-policy,debug=false,id=mypolicy \ -machine ...,security-policy=mypolicy - memory-encryption: if guest supports memory encryption then property should be set to memory encryption object id. e.g to launch a encrypted guest # $QEMU \ -object sev-guest,launch-id=unencrypted,id=sev-guest \ -object security-policy,id=memory-encryption=sev-guest,id=mypolicy \ -machine ...,security-policy=mypolicy Signed-off-by: Brijesh Singh --- exec.c | 7 ++ hw/core/Makefile.objs | 1 hw/core/machine.c | 22 +++++ hw/core/security-policy.c | 166 ++++++++++++++++++++++++++++++++++++++ include/hw/boards.h | 1 include/sysemu/security-policy.h | 75 +++++++++++++++++ qemu-options.hx | 21 +++++ 7 files changed, 293 insertions(+) create mode 100644 hw/core/security-policy.c create mode 100644 include/sysemu/security-policy.h diff --git a/exec.c b/exec.c index 9d0128e..2aad84a 100644 --- a/exec.c +++ b/exec.c @@ -42,6 +42,7 @@ #include "exec/memory.h" #include "exec/ioport.h" #include "sysemu/dma.h" +#include "sysemu/security-policy.h" #include "exec/address-spaces.h" #include "sysemu/xen-mapcache.h" #include "trace.h" @@ -2728,6 +2729,12 @@ static inline void cpu_physical_memory_rw_debug_internal(AddressSpace *as, hwaddr addr1; MemoryRegion *mr; + if (attrs.debug && + !security_policy_debug_allowed(current_machine->security_policy)) { + fprintf(stderr, "WARNING: debug is disabled\n"); + return; + } + rcu_read_lock(); while (len > 0) { l = len; diff --git a/hw/core/Makefile.objs b/hw/core/Makefile.objs index cfd4840..f230b74 100644 --- a/hw/core/Makefile.objs +++ b/hw/core/Makefile.objs @@ -16,4 +16,5 @@ common-obj-$(CONFIG_SOFTMMU) += null-machine.o common-obj-$(CONFIG_SOFTMMU) += loader.o common-obj-$(CONFIG_SOFTMMU) += qdev-properties-system.o common-obj-$(CONFIG_SOFTMMU) += register.o +common-obj-$(CONFIG_SOFTMMU) += security-policy.o common-obj-$(CONFIG_PLATFORM_BUS) += platform-bus.o diff --git a/hw/core/machine.c b/hw/core/machine.c index e5a456f..a63d1c9 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -332,6 +332,22 @@ static bool machine_get_enforce_config_section(Object *obj, Error **errp) return ms->enforce_config_section; } +static char *machine_get_security_policy(Object *obj, Error **errp) +{ + MachineState *ms = MACHINE(obj); + + return g_strdup(ms->security_policy); +} + +static void machine_set_security_policy(Object *obj, + const char *value, Error **errp) +{ + MachineState *ms = MACHINE(obj); + + g_free(ms->security_policy); + ms->security_policy = g_strdup(value); +} + static int error_on_sysbus_device(SysBusDevice *sbdev, void *opaque) { error_report("Option '-device %s' cannot be handled by this machine", @@ -494,6 +510,12 @@ static void machine_initfn(Object *obj) object_property_set_description(obj, "enforce-config-section", "Set on to enforce configuration section migration", NULL); + object_property_add_str(obj, "security-policy", + machine_get_security_policy, + machine_set_security_policy, NULL); + object_property_set_description(obj, "security-policy", + "Set the security policy for the machine", + NULL); /* Register notifier when init is done for sysbus sanity checks */ ms->sysbus_notifier.notify = machine_init_notify; diff --git a/hw/core/security-policy.c b/hw/core/security-policy.c new file mode 100644 index 0000000..92689ff --- /dev/null +++ b/hw/core/security-policy.c @@ -0,0 +1,166 @@ +/* + * QEMU security policy support + * + * Copyright (c) 2016 Advanced Micro Devices + * + * Author: + * Brijesh Singh + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qom/object_interfaces.h" +#include "qemu/base64.h" +#include "trace.h" + +#include "sysemu/security-policy.h" + +static SecurityPolicy * +find_security_policy_obj(const char *name) +{ + Object *obj; + SecurityPolicy *policy; + + if (!name) { + return NULL; + } + + obj = object_resolve_path_component( + object_get_objects_root(), name); + if (!obj) { + return NULL; + } + + policy = (SecurityPolicy *) + object_dynamic_cast(obj, + TYPE_SECURITY_POLICY); + if (!policy) { + return NULL; + } + + return policy; +} + +bool +security_policy_debug_allowed(const char *secure_policy_id) +{ + SecurityPolicy *policy = find_security_policy_obj(secure_policy_id); + + /* if id is not a valid security policy then we return true */ + return policy ? policy->debug : true; +} + +char * +security_policy_get_memory_encryption_id(const char *secure_policy_id) +{ + SecurityPolicy *policy = find_security_policy_obj(secure_policy_id); + + return policy ? g_strdup(policy->memory_encryption) : NULL; +} + +static bool +security_policy_prop_get_debug(Object *obj, + Error **errp G_GNUC_UNUSED) +{ + SecurityPolicy *policy = SECURITY_POLICY(obj); + + return policy->debug; +} + + +static void +security_policy_prop_set_debug(Object *obj, + bool value, + Error **errp G_GNUC_UNUSED) +{ + SecurityPolicy *policy = SECURITY_POLICY(obj); + + policy->debug = value; +} + +static char * +sev_launch_get_memory_encryption(Object *obj, Error **errp) +{ + SecurityPolicy *policy = SECURITY_POLICY(obj); + + return g_strdup(policy->memory_encryption); +} + +static void +sev_launch_set_memory_encryption(Object *obj, const char *value, + Error **errp) +{ + SecurityPolicy *policy = SECURITY_POLICY(obj); + + policy->memory_encryption = g_strdup(value); +} + +static void +security_policy_init(Object *obj) +{ + SecurityPolicy *policy = SECURITY_POLICY(obj); + + policy->debug = true; +} + +static void +security_policy_finalize(Object *obj) +{ +} + +static void +security_policy_class_init(ObjectClass *oc, void *data) +{ + object_class_property_add_bool(oc, "debug", + security_policy_prop_get_debug, + security_policy_prop_set_debug, + NULL); + object_class_property_set_description(oc, "debug", + "Set on/off if debugging is allowed on this guest (default on)", + NULL); + object_class_property_add_str(oc, "memory-encryption", + sev_launch_get_memory_encryption, + sev_launch_set_memory_encryption, + NULL); + object_class_property_set_description(oc, "memory-encryption", + "Set memory encryption object id (if supported by hardware)", + NULL); +} + +static const TypeInfo security_policy_info = { + .parent = TYPE_OBJECT, + .name = TYPE_SECURITY_POLICY, + .instance_size = sizeof(SecurityPolicy), + .instance_init = security_policy_init, + .instance_finalize = security_policy_finalize, + .class_size = sizeof(SecurityPolicyClass), + .class_init = security_policy_class_init, + .interfaces = (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { } + } +}; + + +static void +security_policy_register_types(void) +{ + type_register_static(&security_policy_info); +} + + +type_init(security_policy_register_types); diff --git a/include/hw/boards.h b/include/hw/boards.h index 3e69eca..18ca525 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -143,6 +143,7 @@ struct MachineState { /*< public >*/ char *accel; + char *security_policy; bool kernel_irqchip_allowed; bool kernel_irqchip_required; bool kernel_irqchip_split; diff --git a/include/sysemu/security-policy.h b/include/sysemu/security-policy.h new file mode 100644 index 0000000..6d3789d --- /dev/null +++ b/include/sysemu/security-policy.h @@ -0,0 +1,75 @@ +/* + * QEMU security policy support + * + * Copyright (c) 2016 Advanced Micro Devices + * + * Author: + * Brijesh Singh + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#ifndef SECURITY_POLICY_H +#define SECURITY_POLICY_H + +#include "qom/object.h" + +#define TYPE_SECURITY_POLICY "security-policy" +#define SECURITY_POLICY(obj) \ + OBJECT_CHECK(SecurityPolicy, (obj), TYPE_SECURITY_POLICY) + +typedef struct SecurityPolicy SecurityPolicy; +typedef struct SecurityPolicyClass SecurityPolicyClass; + +/** + * SecurityPolicy: + * + * The SecurityPolicy object provides method to define + * various security releated policies for guest machine. + * + * e.g + * When launching QEMU, user can create a security policy + * to disallow memory dump and debug of guest + * + * # $QEMU \ + * -object security-policy,id=mypolicy,debug=off \ + * -machine ...,security-policy=mypolicy + * + * If hardware supports memory encryption then user can set + * encryption policy of guest + * + * # $QEMU \ + * -object encrypt-policy,key=xxx,flags=xxxx,id=encrypt \ + * -object security-policy,debug=off,memory-encryption=encrypt,id=mypolicy \ + * -machine ...,security-policy=mypolicy + * + */ + +struct SecurityPolicy { + Object parent_obj; + + bool debug; + char *memory_encryption; +}; + + +struct SecurityPolicyClass { + ObjectClass parent_class; +}; + +bool security_policy_debug_allowed(const char *name); +char *security_policy_get_memory_encryption_id(const char *name); + +#endif /* SECURITY_POLICY_H */ diff --git a/qemu-options.hx b/qemu-options.hx index a71aaf8..b90d6da 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -3964,6 +3964,27 @@ contents of @code{iv.b64} to the second secret data=$SECRET,iv=$(