From patchwork Wed Mar 8 20:52:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 736722 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3vdmmk4xFFz9sNG for ; Thu, 9 Mar 2017 08:26:30 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="bKQ+QmoD"; dkim-atps=neutral Received: from localhost ([::1]:58518 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1clj6K-0005g7-H5 for incoming@patchwork.ozlabs.org; Wed, 08 Mar 2017 16:26:28 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51957) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1clj5U-0005cp-DH for qemu-devel@nongnu.org; Wed, 08 Mar 2017 16:25:38 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1clj5R-0005Tl-13 for qemu-devel@nongnu.org; Wed, 08 Mar 2017 16:25:36 -0500 Received: from mail-by2nam03on0067.outbound.protection.outlook.com ([104.47.42.67]:8043 helo=NAM03-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1clj5Q-0005RB-JG for qemu-devel@nongnu.org; Wed, 08 Mar 2017 16:25:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Bb1BD+HDioDMMCPpz7TP8InzjJrm0YkJ4TOzP4XpoZA=; b=bKQ+QmoDb9C2vBPa9v+x8hRyf0u0Lz6F1NhXGlRh0CGHuKb92oSQxAc9PsG+jSvSHRIIhLWkqnZnXIq43q7znkF4t6mlKUDLBWxInXft7/Pqnm8iuPrRQ6EFSCutBcdlaBNm1CJTL0CWiNNfiiqR4y/FSFDzzy3g0mCYdMGeaRg= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from [127.0.1.1] (165.204.77.1) by CY4PR12MB1605.namprd12.prod.outlook.com (10.172.72.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.947.12; Wed, 8 Mar 2017 20:52:21 +0000 From: Brijesh Singh To: , , , , , , , , Date: Wed, 8 Mar 2017 15:52:09 -0500 Message-ID: <148900632968.27090.15435012868487968230.stgit@brijesh-build-machine> In-Reply-To: <148900626714.27090.1616990932333159904.stgit@brijesh-build-machine> References: <148900626714.27090.1616990932333159904.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR16CA0033.namprd16.prod.outlook.com (10.172.42.147) To CY4PR12MB1605.namprd12.prod.outlook.com (10.172.72.14) X-MS-Office365-Filtering-Correlation-Id: 0a81d1f6-ede3-4db7-c5e1-08d46665044e X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:CY4PR12MB1605; X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1605; 3:pRXoM53W149m/EBatOAuTYxHN3VYWZostM915HsnLqg8NK3C+U0LGamz5Dis2RDsrC5IFobezd2abqFVSxZG3SuBF8VGybsPDlrMcOdwLIeKffcQGDMBIWJoMoQWPDDGpY7FDyKnFwZUSOlgcuVsEPnKeeZzSKjLfGHAiYsC/tBkpqfcXQAny50Qz4FLi8nUBRc/Dt171p+sVw4bySqFrNdMKTdNl5N/cPmktlFxRTOq82eZyT5JRbXFgrMNW08yWsNP0sVjslpXU6WvcFfVcQxuLj/qYtEkIVEnASawIEk=; 25:3D9wRyjNvF5R//2Z+8dQCqfjtUGtyrQzHcLfI+L/1FH4Sqh91eZZ3hLgC5pQQw6kCOVE5NM9sS9Q5/Q4reUxaweBJkzErb+sqm9RZx3B+KpmBHQZhHr0ltg5snndMLhsxbLAGEooleLkSrNGUObzeVX0uXhe/6+j+pLlN7H3YnWZ0vMdceHb6xLrtiTeOqyt5YIiiJGhxDmSGwqBEN1/3WUDjSVIiOtMiPuQ3IJSlIJIo9/GmPZoKz2vn93Un7gkP9BsnR6q1hEBVdeJx9jzd748tvUQPMPQpG81gQy6/aMMZXRM7nZOhH3Otl+hFBQ/1ERZf/VrwkkKDHLMrlcErrxUBPGYT+mKQfL17G77aVWTo94YGPuhsmH/Dq6d9zuTBVR+CqlyTvXRG0/irKMER7ica8DdRrWarTITXcEEIOmthqMbe4o2dLOFerG78NgU X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1605; 31:wiQXAD7zAplvC1Sh0ag3hLAuFJv7knyolO1Z9rd60net9BTxvqk2wVDOgJjBc+3pKyGvRDXahB/EwKqNvo+tCLPSvqIvGvRTFCIKzuNRRGOwH1nQt3doLHwSL2Vh6wYuxL1Q82qjtwp95WUYuS18tlzX9MQnM1/zgsA6i/anROPhv9O3EW3FuGjZhelzp1tqN4YX+v+dVe1+vT5mmQe1UMtD5NWQGCR1fJ2UBbRh3GFY4jdygROAI7WJQxnb1ZbfVeFd6E+K7qWgJLit8Ii9Mg==; 20:yktOV25z0AZa3aZIiIWQkXgOT/YkKjV0vLD2g7fz9jx4osgkIHJfocLeG9qV5S27ShS0dgA/NzXZYd0Uklhhqlh3bA7FvGPApyTvJqZjo8mVjI0RDaAUC4P9iyAzo8B1UTVrMNlqjk1jzujSTY8bOrWH0YqUyNXaTmXxyAjj1qnSYBdcAkRGvMOFPOcx40hHJbLL3xWRDBXPrZbcGiOKfh6DYsNQH4DBooc3mqc03orwSyL3XnXf//RHUVnZzs8N2gpbQMk2lcJnBuo3bWEMMw1J7muSwtzpCRlly5IwUd2wPUkoR35r9Q5sr0hPGTdBu957nxVbwKMj9kcorW12WQj54ueQdf98TMXvq3Ji7PLiGf0yqknE1ZJj7KAr8YUzUVuV/LzVLHzJWCwmva3voJNpYFQXe+YEOMat7tFvnNDqSwRvQwpbQdTHWjSdwA1Nar+zeUFROYNlBTetd9YoYAIMmjmQf8nqRuephBTqOOPbjhy6B+lD89Yd+QOFQNix X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(250305191791016)(22074186197030)(192374486261705)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123562025)(20161123560025)(20161123558025)(20161123555025)(20161123564025)(6072148); SRVR:CY4PR12MB1605; BCL:0; PCL:0; RULEID:; SRVR:CY4PR12MB1605; X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1605; 4:cE3DG46dWn02Qn2JpZiKyOqiVu5u748LlAIo1iTcfwDsab9XuLeIA5ppcxYyRmEOOzzWjX+7cfFVZa4CbcsNE/rGmm7SUp7RA/yEzF6hFZmM88oKnDLWkXpCLhcEcp8HogZTeuX+FKFF3n502wTQS3WNGxPZmhiQeia88AEbkMJBlX4wICpMzPRApCiC3b2d8pSShTggQCCpePu288b+7FAhvFlMBQP9CFi0a4oB8wlEI55G89luxe2f/bF2Bmt5US4ac8439Jg6N+AiWEUHxv5mjUf2WqqxLQ3BnA67BPqOqX9BUWzj4fPo1cwX1W+d2uLNHtkFwtma5sBSGHjnWto7UYdS9HYayJie4oRPz8Aw6cbUCq343WGP7R5HwF4GEjkDt80bvKo6r6RUmpxKqAl6V2ON0m1pgsEiXm3fSspCmYLLvlSSKV8mmZNijhsWzvzjsxE0DVbYqPC+41pOVtP1X5GES+p0kHoSLaTldFGUVFUdQKSKZPj5RMi4N3SSKaX+nGVPVqFIyEDShQvMAHtZCkhrJ1IYxk76tyR83T+H1f8yD6bTr5KzEo3Cb2sAPyh8g+S+5KNuluQeYS6qV90ySyANdiFFc3Ksh/8eoALTxgszMr1NwPOXVb3w7aL9tgox2ym+/nVFdJkIMY20XjXURsOiwPzaSqQl31kUdRu43r3WVpeiSy/etGLO0vGFZ6c7QYVi8l1xYp95MV6VHSLUd2JpYtQzO3xUf6b/5bRvElBNbY6s2PhoV6HmoU4xLhgMb5fOyFR49iYew5dO/A== X-Forefront-PRVS: 02408926C4 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(6049001)(39410400002)(39850400002)(39840400002)(39450400003)(39860400002)(33716001)(4326008)(2906002)(38730400002)(47776003)(6666003)(5660300001)(23676002)(6116002)(50986999)(3846002)(76176999)(8676002)(2950100002)(50466002)(54356999)(103116003)(81166006)(66066001)(10710500007)(230700001)(575784001)(54906002)(6306002)(86362001)(42186005)(9686003)(2201001)(90366009)(25786008)(83506001)(15650500001)(305945005)(2420400007)(33646002)(6486002)(7110500001)(53936002)(77096006)(7736002)(189998001)(21314002)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR12MB1605; H:[127.0.1.1]; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxNjA1OzIzOmY5Z3hGUytpMEhXSEZ5amR6NmxRWGtxQkVx?= =?utf-8?B?cGtrOVBibFl3bDNOS2ZpZ05HUEJUUnF6MnZpaFNLZ01OOStaMEFjRC9FK2RS?= =?utf-8?B?NTNCUDVja1pjSE9Rc3pzYTFMVEhqTEtiRUp2TitMc1g1bG5SemZRYzcwSXVW?= =?utf-8?B?S2lLSDJXN0R6YngycExwcFQ2RXpRZkZKUFZ4eTlKeWlwTXpCUDl6NGRIUHRM?= =?utf-8?B?NUhTVmRsbGMxZFZOM0lOYnhZVi9ZL2RwcUFlRGZWdHV2R0tuRlplazlHOXYz?= =?utf-8?B?WHcvMy9oLzZIOEtsNWZabWRuWGdkdlh4WmZBOVVjeGZya1liRUFvOFVmQVFj?= =?utf-8?B?VEdFWmxtckRQS0ovSDRNQjQxOUhMYnN1YkNxOCtjRkxSR1pZSDJoZ2xvdlhH?= =?utf-8?B?MThielVxbmhIbTlVMFhtbmpJRUFQZkFhMjlVVStTTXZKZ2k3NVdrUmpnRWNm?= =?utf-8?B?L09zaFFnTVE2S2ZyUkJDR0dwTGFBWXJqRDZqWEppWlZrVW1YWGZiR1loRG9u?= =?utf-8?B?djI3cVk0ZVh6U1NRK2pHUFhlVkxJYVRxeko3QnhjaEVNb2tYcHFLQk9xWUlZ?= =?utf-8?B?YkZQTXJKK0tSTmRubVJPSUp3VDdza0dDdmkwamY5Tkd4aUd4L0EvMTBUUTRX?= =?utf-8?B?ZnBTN0xXaTRnVlFHbmdhSWlkTExYS3JNNFVMVkRUMlgycWx4SkVVQlRBcVl5?= =?utf-8?B?RUVIb1MrVWQ3L05lZTNJWHVqZVQwZU5haFd6K3FDUG5uNlFnSy9GSlFWSXI2?= =?utf-8?B?WW41UVlHQkk5eWVoSkR5bjg3VGJIdVlPSndNYU82R0pMMnZ1UFdqNEYzdUI5?= =?utf-8?B?eGxROGhkaVhhVWRkQStVcVROenBzemdKQlUvamhaY0FOZWRXcUY0dWZkZ25o?= =?utf-8?B?SE1na0NLQkwzWmpOcElSRXozMzhuOS82cUFMOHFVTVhudVc5TFI5NDBtWjNi?= =?utf-8?B?YjZjRTF1VjhHZER6RTcxbDdNNFkzaWwwMjU4L3NhSXozUWdzdVoxYnBqM2Yv?= =?utf-8?B?aVRucnBWaTJSYkg3TU84YXI1S1J1VkFXRTJBdXIvOVo5dFpPekxpemRPbzRz?= =?utf-8?B?QTlWbU9md3Q4MDRQN1R0aUlSVTJTMFBDU3RZK2tmZHhxQlRDbDNFY0dZNFc3?= =?utf-8?B?ZTdTdUJqQWZ2eUkxRzNPRHRYeWg4VmdDSGRvRGlJNmRibEF4NU8xWVhNcnkw?= =?utf-8?B?M1hZWUxDY0dxMDFNaWROQnpiNmhSWENkWVFmdktjMUdLTmRxRkpSSUZZUTVV?= =?utf-8?B?VHJzbU1zaFVaYW0wS2h3MTc4SkxqVGFyWFZNTWNOWFlvZVZ2L2orZFYxUDJG?= =?utf-8?B?Y2E1Q1Q5ZEVPVEdBSTIydTlhUDNycWcvVXZQVHlsd1BBWlRPNXRJQnI2ZjRw?= =?utf-8?B?NUs0OFh2ZGlQTHNxajRlREJqOTd1d0dkM1V5cXZ4dnp1WVJTajBIYTdqcDRj?= =?utf-8?B?bEdkOG9mb1ptL1pzRW93blZNV2gzVTdkZSswd0pMQXkwblRvV3daVCtnYTBn?= =?utf-8?B?T0J1YTd6UFZvanRzLzl5Mm95YkcxNGxZS3FPQzNxbjdQd2s2UUUwOTVBTm1n?= =?utf-8?B?SVYxb3BoOUpuTVpzckpaNnBiL2NhbXFBbGtJYUh2YzRGRDJDZjhxSGtRaWhB?= =?utf-8?B?am5UWVNNRlkvQm5YU3V6WklrcWlVVXJFSmFVbGptem5ZbWIvV2U2Y3VublFs?= =?utf-8?Q?pqdqA571pHFkY+zcjnD6UdyZDQ+0MmRvNzZjSC5?= X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1605; 6:c18L+EeqERaxp8IZ1K9Q6YOCPFKjM4tlZQ4GXdL5T5dF3d97uvNEFwvzaVlGHjclW1u2+dKutEQmIY/rsFKCMtPBanY1MZCfAvAGzoWq/g0aY3L0oAbV6ZUhsNkh7obRUiOq+pCqn0a1ebFR5Na6SJo4YMcMr5blvcuJijxFoDiNa/9o6Alb8reijeu+FioPz/v1mBGbn71UK4O+m3re8K8GWoiWFaaBMGG65P6tCNNupVvmVtniIvHLeyiY2Q9y2F0/+2pIquLXWqe3KQEFz5XAXQzHXPXEduthD8ktdheo9MmhWL9jWGA/yCgTqQvlcZIe5KxOBApHhfsLFQSTE0pxPbnpsFz/jIPY017T8VYmc9N8/uxt0HteEb+HTR4MEgzEPVfwP+B/6iSFohc4bLDizi8K9QP4O+H4GN4V1Vw=; 5:K6iFmIDSxuCBI6uLX014oUxeJWjFuzUv0RNUcrtpVlY1XmJLWvFgBri2tkpbQoN4+R/OVF8tf2d+oCUIFoXDNfPOB6Mko6ukrbWilulkshvyByteoE9uNkId9WRL0dhtyHwZepoVnEkBb4NtnOu9m7YWIOc+XHChrfSIrWRPcbk=; 24:+eOV7OAZ0w3cpUz96S775cfVF0tjtUQwiQLQUMgPaoezvyHgCLA4LwUUemtctTF3/vpMoE6jwexWV+Kd1NWrr9b0T9cPGH2S428Me30EfsM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1605; 7:KsAoDFNZhkhci+qdqw16sn8kZlvY7n+xF7pClZtayLtSMcap6FW7hTDnqH4i1MSrH5uCKiSktynaOqBNtx44qjm6ymaog+s3dWLXXs2kA/S53ssIILPCKwc9G3/2xAJJVAznc2Z+ay04duQkWmyZ5PBdnIfcpxuSbF1WlBpR+odEvBothSsd/dc/T032zatX4EQI1nnaSsdNItuPoQPWjQhYifCWuR4G8jXcKOyMzfsV+dZn5v9hQS4JUkAlKKGBc7+rGDZ1+Q6wV8k/mpCo6tMqthe4r7Q9GViYtMN1dBoghM4XsgdoQCkeeubr//rTGrC9TdJzvyuJbs/MseszWA==; 20:qPEdgqMaKIueT/TdKt/s8l1LwoAwrNzoKWku1n6wrlnsj3MQpfuub4NMwVpuCZBE8gQhyhTHVnKxw55ha19xfcR/wd2GXyfq9zM/JnfTC/hh8pucMd1GMwCoD8M71puV7fC9KHgJXkf4sIgSVxKch0zVfzgpGZx6AR51O08B9DnDUsgQqzBgVXM4Iz8GoovVNr5fFukHhuEQ19gJ/ZizQNPvNUKK5BCuXRJ6t9TDZdfszxgnw8jenS9Fp+gMIhRJ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2017 20:52:21.1159 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1605 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.42.67 Subject: [Qemu-devel] [RFC PATCH v4 06/20] core: add new security-policy object X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas.Lendacky@amd.com, brijesh.singh@amd.com Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The object can be used to define global security policy for the guest. object provides two properties: 1) debug: can be used to disable guest memory access from hypervisor. e.g to disable guest memory debug accesses # $QEMU \ -object security-policy,debug=false,id=mypolicy \ -machine ...,security-policy=mypolicy 2) memory-encryption: if hypervisor supports memory encryption then this property can be used to define object for encryption. # $QEMU \ -object sev-guest,id=sev0 \ -object security-policy,id=memory-encryption=sev0,id=mypolicy \ -machine ...,security-policy=mypolicy The memory-encryption property will be used for enabling AMD's SEV feature. Signed-off-by: Brijesh Singh --- exec.c | 7 ++ hw/core/Makefile.objs | 1 hw/core/machine.c | 22 +++++ hw/core/security-policy.c | 165 ++++++++++++++++++++++++++++++++++++++ include/hw/boards.h | 1 include/sysemu/security-policy.h | 75 +++++++++++++++++ qemu-options.hx | 21 +++++ 7 files changed, 292 insertions(+) create mode 100644 hw/core/security-policy.c create mode 100644 include/sysemu/security-policy.h diff --git a/exec.c b/exec.c index 772a959..2c7c891 100644 --- a/exec.c +++ b/exec.c @@ -40,6 +40,7 @@ #else /* !CONFIG_USER_ONLY */ #include "hw/hw.h" #include "exec/memory.h" +#include "sysemu/security-policy.h" #include "exec/ioport.h" #include "sysemu/dma.h" #include "sysemu/numa.h" @@ -2926,6 +2927,12 @@ static inline void cpu_physical_memory_rw_debug_internal(AddressSpace *as, hwaddr addr1; MemoryRegion *mr; + /* Check if debug accesses is allowed */ + if (attrs.debug && + !security_policy_debug_allowed(current_machine->security_policy)) { + return; + } + rcu_read_lock(); while (len > 0) { l = len; diff --git a/hw/core/Makefile.objs b/hw/core/Makefile.objs index 91450b2..3c413b1 100644 --- a/hw/core/Makefile.objs +++ b/hw/core/Makefile.objs @@ -18,6 +18,7 @@ common-obj-$(CONFIG_SOFTMMU) += qdev-properties-system.o common-obj-$(CONFIG_SOFTMMU) += register.o common-obj-$(CONFIG_SOFTMMU) += or-irq.o common-obj-$(CONFIG_PLATFORM_BUS) += platform-bus.o +common-obj-$(CONFIG_SOFTMMU) += security-policy.o obj-$(CONFIG_SOFTMMU) += generic-loader.o obj-$(CONFIG_SOFTMMU) += null-machine.o diff --git a/hw/core/machine.c b/hw/core/machine.c index 0699750..c14f59c 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -332,6 +332,23 @@ static bool machine_get_enforce_config_section(Object *obj, Error **errp) return ms->enforce_config_section; } +static char *machine_get_security_policy(Object *obj, Error **errp) +{ + MachineState *ms = MACHINE(obj); + + return g_strdup(ms->security_policy); +} + +static void machine_set_security_policy(Object *obj, + const char *value, Error **errp) +{ + MachineState *ms = MACHINE(obj); + + g_free(ms->security_policy); + ms->security_policy = g_strdup(value); +} + + static void error_on_sysbus_device(SysBusDevice *sbdev, void *opaque) { error_report("Option '-device %s' cannot be handled by this machine", @@ -493,6 +510,11 @@ static void machine_class_init(ObjectClass *oc, void *data) &error_abort); object_class_property_set_description(oc, "enforce-config-section", "Set on to enforce configuration section migration", &error_abort); + + object_class_property_add_str(oc, "security-policy", + machine_get_security_policy, machine_set_security_policy, NULL); + object_class_property_set_description(oc, "security-policy", + "Set the security policy for the machine", NULL); } static void machine_class_base_init(ObjectClass *oc, void *data) diff --git a/hw/core/security-policy.c b/hw/core/security-policy.c new file mode 100644 index 0000000..4d4658e --- /dev/null +++ b/hw/core/security-policy.c @@ -0,0 +1,165 @@ +/* + * QEMU security policy support + * + * Copyright (c) 2016 Advanced Micro Devices + * + * Author: + * Brijesh Singh + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qom/object_interfaces.h" +#include "qemu/base64.h" + +#include "sysemu/security-policy.h" + +static SecurityPolicy * +find_security_policy_obj(const char *name) +{ + Object *obj; + SecurityPolicy *policy; + + if (!name) { + return NULL; + } + + obj = object_resolve_path_component( + object_get_objects_root(), name); + if (!obj) { + return NULL; + } + + policy = (SecurityPolicy *) + object_dynamic_cast(obj, + TYPE_SECURITY_POLICY); + if (!policy) { + return NULL; + } + + return policy; +} + +bool +security_policy_debug_allowed(const char *secure_policy_id) +{ + SecurityPolicy *policy = find_security_policy_obj(secure_policy_id); + + /* if id is not a valid security policy then we return true */ + return policy ? policy->debug : true; +} + +char * +security_policy_get_memory_encryption_id(const char *secure_policy_id) +{ + SecurityPolicy *policy = find_security_policy_obj(secure_policy_id); + + return policy ? g_strdup(policy->memory_encryption) : NULL; +} + +static bool +security_policy_prop_get_debug(Object *obj, + Error **errp G_GNUC_UNUSED) +{ + SecurityPolicy *policy = SECURITY_POLICY(obj); + + return policy->debug; +} + + +static void +security_policy_prop_set_debug(Object *obj, + bool value, + Error **errp G_GNUC_UNUSED) +{ + SecurityPolicy *policy = SECURITY_POLICY(obj); + + policy->debug = value; +} + +static char * +sev_launch_get_memory_encryption(Object *obj, Error **errp) +{ + SecurityPolicy *policy = SECURITY_POLICY(obj); + + return g_strdup(policy->memory_encryption); +} + +static void +sev_launch_set_memory_encryption(Object *obj, const char *value, + Error **errp) +{ + SecurityPolicy *policy = SECURITY_POLICY(obj); + + policy->memory_encryption = g_strdup(value); +} + +static void +security_policy_init(Object *obj) +{ + SecurityPolicy *policy = SECURITY_POLICY(obj); + + policy->debug = true; +} + +static void +security_policy_finalize(Object *obj) +{ +} + +static void +security_policy_class_init(ObjectClass *oc, void *data) +{ + object_class_property_add_bool(oc, "debug", + security_policy_prop_get_debug, + security_policy_prop_set_debug, + NULL); + object_class_property_set_description(oc, "debug", + "Set on/off if debugging is allowed on this guest (default on)", + NULL); + object_class_property_add_str(oc, "memory-encryption", + sev_launch_get_memory_encryption, + sev_launch_set_memory_encryption, + NULL); + object_class_property_set_description(oc, "memory-encryption", + "Set memory encryption object id (if supported by hardware)", + NULL); +} + +static const TypeInfo security_policy_info = { + .parent = TYPE_OBJECT, + .name = TYPE_SECURITY_POLICY, + .instance_size = sizeof(SecurityPolicy), + .instance_init = security_policy_init, + .instance_finalize = security_policy_finalize, + .class_size = sizeof(SecurityPolicyClass), + .class_init = security_policy_class_init, + .interfaces = (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { } + } +}; + + +static void +security_policy_register_types(void) +{ + type_register_static(&security_policy_info); +} + + +type_init(security_policy_register_types); diff --git a/include/hw/boards.h b/include/hw/boards.h index 269d0ba..a1c99a0 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -153,6 +153,7 @@ struct MachineState { /*< public >*/ char *accel; + char *security_policy; bool kernel_irqchip_allowed; bool kernel_irqchip_required; bool kernel_irqchip_split; diff --git a/include/sysemu/security-policy.h b/include/sysemu/security-policy.h new file mode 100644 index 0000000..6d3789d --- /dev/null +++ b/include/sysemu/security-policy.h @@ -0,0 +1,75 @@ +/* + * QEMU security policy support + * + * Copyright (c) 2016 Advanced Micro Devices + * + * Author: + * Brijesh Singh + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#ifndef SECURITY_POLICY_H +#define SECURITY_POLICY_H + +#include "qom/object.h" + +#define TYPE_SECURITY_POLICY "security-policy" +#define SECURITY_POLICY(obj) \ + OBJECT_CHECK(SecurityPolicy, (obj), TYPE_SECURITY_POLICY) + +typedef struct SecurityPolicy SecurityPolicy; +typedef struct SecurityPolicyClass SecurityPolicyClass; + +/** + * SecurityPolicy: + * + * The SecurityPolicy object provides method to define + * various security releated policies for guest machine. + * + * e.g + * When launching QEMU, user can create a security policy + * to disallow memory dump and debug of guest + * + * # $QEMU \ + * -object security-policy,id=mypolicy,debug=off \ + * -machine ...,security-policy=mypolicy + * + * If hardware supports memory encryption then user can set + * encryption policy of guest + * + * # $QEMU \ + * -object encrypt-policy,key=xxx,flags=xxxx,id=encrypt \ + * -object security-policy,debug=off,memory-encryption=encrypt,id=mypolicy \ + * -machine ...,security-policy=mypolicy + * + */ + +struct SecurityPolicy { + Object parent_obj; + + bool debug; + char *memory_encryption; +}; + + +struct SecurityPolicyClass { + ObjectClass parent_class; +}; + +bool security_policy_debug_allowed(const char *name); +char *security_policy_get_memory_encryption_id(const char *name); + +#endif /* SECURITY_POLICY_H */ diff --git a/qemu-options.hx b/qemu-options.hx index 2292438..536db1b 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4140,6 +4140,27 @@ contents of @code{iv.b64} to the second secret @end table +@item -object security-policy,id=@var{id}[,debug=@var{bool}][,memory-encryption=@var{string}] + +Create a security policy object, which can be used to define guest security. +The id parameter is a unique ID that will be used to reference this +object when security-policy is applied via -machine argument. + +The 'debug' parameter can be defined to tell whether the debugging or memory +dump is allowed through qemu monitor console. + +e.g to disable the guest memory dump +@example + # $QEMU \ + -object security-policy,id=secure0,debug=off \ + -machine ...,security-policy=secure0 +@end example + +if hardware support guest memory encrytion, then 'memory-encryption' parameter +can be set to the unquie ID of memory encryption object. + +On AMD processor, memory encryption is supported via 'sev-guest' object. + ETEXI