From patchwork Wed Mar 8 20:53:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 736731 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3vdmxH0q62z9sCX for ; Thu, 9 Mar 2017 08:33:55 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="T9ia98XC"; dkim-atps=neutral Received: from localhost ([::1]:58548 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cljDU-0003IU-Fu for incoming@patchwork.ozlabs.org; Wed, 08 Mar 2017 16:33:52 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52343) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1clj6p-0006qu-Tt for qemu-devel@nongnu.org; Wed, 08 Mar 2017 16:27:01 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1clj6m-0005kc-O9 for qemu-devel@nongnu.org; Wed, 08 Mar 2017 16:26:59 -0500 Received: from mail-sn1nam02on0051.outbound.protection.outlook.com ([104.47.36.51]:2592 helo=NAM02-SN1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1clj6m-0005jE-Eg for qemu-devel@nongnu.org; Wed, 08 Mar 2017 16:26:56 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=SHFJ2QwosDbiy+22Cie/Lp2QFrWkkWiW9Cl2OESatjQ=; b=T9ia98XCdnY+wQV0LhPJEYk7135XqdrheUrWmWR3hGMQT0LPaSgpE6GE2f6+fKdwf03NkR5/GeGd/KPr0cR/HNMDrwfekPZsubOUmVF2PdX5MBgKJJVbm8okA4BoS30drnhNwGxVvf/jmTxgiX6/uaw6oTt/6GMbZ4FPbSOFA9o= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from [127.0.1.1] (165.204.77.1) by DM5PR12MB1612.namprd12.prod.outlook.com (10.172.40.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.947.12; Wed, 8 Mar 2017 20:53:44 +0000 From: Brijesh Singh To: , , , , , , , , Date: Wed, 8 Mar 2017 15:53:35 -0500 Message-ID: <148900641547.27090.18164660067628886320.stgit@brijesh-build-machine> In-Reply-To: <148900626714.27090.1616990932333159904.stgit@brijesh-build-machine> References: <148900626714.27090.1616990932333159904.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR16CA0032.namprd16.prod.outlook.com (10.172.42.146) To DM5PR12MB1612.namprd12.prod.outlook.com (10.172.40.18) X-MS-Office365-Filtering-Correlation-Id: e7eeeb98-05ba-4df3-667a-08d4666535b3 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:DM5PR12MB1612; X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1612; 3:mXq/2XVaTJ+g1n6zG/+W0dFF+vJoqVR/KPhMgGptAxz0vfrLqi7K3FBmEg+ztPGit2BuKvw8VkwMebV5w3MDxWJcpohYVZCq3N87NcyZAJLSzHGxbUOXL7bcTxVmtCYfNbOk6IHFGxvpUVJPGPnEaz5c7ALqwP9QvJhJgXdZM5Zo4m0JPxNBJrCQrYfyz8yos69hvFK7L5nyaAUaTfZ4we1OqJPncB2sD4dX+l3r72K5VP/YsWHJXtRtyFlKoTf72BJt2qsV1cf+V3jStk2+iBI0C5Hz8bf6OHOvaSKavO0=; 25:B/gSeMdw8lUG4eXqZbJWW4nvKxZ1qPqSohhmV2+DF4TMm1XmlMu8TcmWqPHa18XyOI+/Ulidp2Tdu71MNvwZnKbOuULHmyIs6KWOdKx3mNKejtwZcuJ+htPfBWSESU7gRyKrUjEy5zbiKIrEc56bSis1oHv8ic9qj0WmjJfM2sL2IM8QAfFHwwz8/4+sBnUkp8PO903DDndgrfXEmf3e/YGAZgBVkQHDdXSIABjZ7lBPtNmEOLwthXzKtniC+95Kt+HY+Jhh9SSRg0LAHvdVqmbpEmPWZcBoBrT7N7X/kzTEHGXdeSYR8GO7P35JjvvYT6tmbh/+XX6YVPeRIWH/e2YTf5VlhpHZvfg4w4U5D47pR/AuOLFtFrhY3hmMLDXAoNpia6oyAICH2uHx8ZXwK+ouD92OjhQG9BEqZ6RTNC6M0Aw8AGGfpdIhdGMNdlpuAFAgxyKU3fFmVvdK1LJE0Q== X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1612; 31:D96JSdNsNGo9oPQ5RHtaC2awEw1vo5Y7G/o+UActjI5PLn6A8EmBQiwXlD5viYQAq72KsEnJ+7y1ev6TMlsNgwP2Dglo9N3tj0w0SuzyS7NTmGKJyByMyy/qFa+n5+g5d26u61AwnSkidwO3kwXxmHALwQsLkoyQhByAsRR2nc5Bpc7OGX0iDzcJs/zKjjw5vDbp/oW2ss7ZDSJyauzOblic5ORo7DLBUzB44lU/l5XdZb29FPv57vbLwjr6ocuy; 20:mM8uHr5/tUCpnyRoZtATT3annkudO6CK8HpO7xpBLabVq/eAJCMdiLuc7AxpFt9uM/kdgnZY6NCMmKi+QJPRnuEic8YTNDVlzrAnR7aZqgiyuOZvuPZ0fYf7qmCdmoRQzJRuxdHK6Qw30+LhQ4PgJEbRHuBytBhqgqp2gnY5N5z1wLEvwTi9mubagZ9STs3uusxh6zM50DQEO427H/7/iXbESPOyaJ6G1tF4MSXftynw00wtpTfqdOQEe3bmb1pY/L1aFp9ABFVCVMQHltgpdv0pZVAB3r8JeuQLFN0Hr/ElODuHtC/A7EjkV3H/au3PDWjdOCKwdFCNbPceYqGYI129yMaD76zbYBGgON/Hg/H8DH6GkHaqM1Tf+6LFCOUXBaOZf8Bvp+6odVTEdf4Jd+9eG8yvcg8ZTPT5lCbP/8fTeS48Sabj02pIoleIWZlhO5E72UQA1XULOq5hk9Fuk1kMaxKqtnwxgX0+FFjQct1wokvDaWM2nf01gnMrAgKJ X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123555025)(20161123560025)(20161123562025)(20161123558025)(20161123564025)(6072148); SRVR:DM5PR12MB1612; BCL:0; PCL:0; RULEID:; SRVR:DM5PR12MB1612; X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1612; 4:5XPZBqr7U8AKwY25pfhexQiwAtMdqiyOoiwm71vHlzlclFepu2cblZHOgrRnhogFpgH32MaKrE9EEA/DLDnT/U6/haUoLDZmQX/o/orMx8Bup70GI1rJqHOhoOZ4SK6mJ58YdXRSrVHE7YJpUvX/9w0uw6Bg3tXn+OAtVXXJJ2dkh+8KdLZNmqyv9aW4aMfNrLeUGBJj0rekPHVPC+e36iG/oCGTKBjy62F3OCnmPMBr7w/6frmFk/O565h5AoqN0YzCYMwpe+ImftTFdrF1uS9SnUZm5CglKDFHmk9n/BegEF04wrYpqmo6GEIlQtce8J/eE6++K4pWe6dPgrPxEgTEK1syg9J7FbinIqFfnJNhET/UOHp/YKR/SV3J0IgKnabxYWx5bsbmFw9wH411VzSEH2UnAKZelpFU3h+8SRmi7R7g2IliFBZKD6seE+V2qT7gJJPZ9D1APtGhzHY3iXImSZJXmWv0tLXoU8/V6IZTYPreh1wXpjeTKecanMMD0RPyuZTnWRaJst9u7ArPpk7Hw+Vh1vyu8ZX7KY4P5REEznMPb7rsujLMGc3P+qxSy5kqNyCKd4chJXJIT4AYGcvgjOK5sPe344vV7mpSbiq2mud/7ECI5s/lSAd0OApyXEqXwYwXTAz2qh+Qu0Ik/PJZ2xpZc7DR9kp0RS+qWMg= X-Forefront-PRVS: 02408926C4 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(6049001)(39850400002)(39860400002)(39840400002)(39450400003)(39410400002)(50986999)(76176999)(81166006)(3846002)(6116002)(23676002)(7736002)(8676002)(189998001)(305945005)(86362001)(66066001)(2201001)(83506001)(47776003)(230700001)(33716001)(33646002)(9686003)(54906002)(42186005)(6666003)(103116003)(54356999)(2950100002)(77096006)(6486002)(50466002)(38730400002)(90366009)(2906002)(53936002)(5660300001)(4326008)(25786008)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR12MB1612; H:[127.0.1.1]; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTVQUjEyTUIxNjEyOzIzOnJhdzRzTmYzbHVPeVJiTW90ejYyQ1hacXdi?= =?utf-8?B?QVk0N1p3Y0pDUVV0MEtLZU11S2lxNWNSQmVRVWZJVzJ5OUtDT3pldkR2dFRy?= =?utf-8?B?bHpzSWphKzZkZVdnYnV1ZitBZU05b1FSTnVobzdLdGc2ZHZBaFRTdmtKNnJa?= =?utf-8?B?amNzNFloU0hmaE9zQ28rczBuR0ltSFF0VTlvM2QxRHNPL1pkV3ZUaVNGNjRP?= =?utf-8?B?VkRPR1lod2ZWQW5hVlhnYUIwcVI1N3ptMW5sNk1wR2hvQzJUMTUwL0czckwy?= =?utf-8?B?MWRGRXIyZXhsMjhqTGlUTTFGL1poS1h4RnA5YUFYbXp0R1NUYWdrdGR5bm9y?= =?utf-8?B?UDVHQXQ2UkxMSHdtT09vQTNxUThRNTVEdk5zbkZoSGpPUXJXdE5WTDh1RWdE?= =?utf-8?B?TldrTnVSSER6ajArdG5DVUJ4RkRrZG9hWUFvU3hlYVpTT1I5aHZYTm5GOUF1?= =?utf-8?B?MWxwVndpRXNXU0tHcWFjWlV2aXFhSXRtNE9MSE1QalZobml4N3F1OEpuMlFX?= =?utf-8?B?RUcrS3E1UFJJSzZUL2s5YkRFTlovSy9jOVFPTVR4RVhBMEhCZzNHYWFIVFpy?= =?utf-8?B?YmxKMG5pT21MeXVKQ3Y2RzgvUCt5REsvOUlxcUVIUDhrRTVldUVRbCtjZllH?= =?utf-8?B?ZlhDcVA3RC9oMVVMSTR3bjNsZ2NjZVA1WlVFa0E2aDdseFRXbWlDOWczMVlR?= =?utf-8?B?S1lIWk03WHJXSjhyckFFWHBPQnVTcnI5a3JlOW1zVm1rNzBiVkFNNjNPbXNu?= =?utf-8?B?L08xRjkyR0sxOEhoR3I4K3ViRjd2dnh1NVJleTVjZFY5NVdueHFVZk5tOEZL?= =?utf-8?B?cEUveUFFMTlTeHRPSXphVGNCOHc3dU12L3RwM0M0bjRIb2RodElwdm5zY0JK?= =?utf-8?B?dzkxNDljd1YyR2lhTDVKMFZZYmFTdlJaQ1h0eGpiNGNqUHcvSlRXOWtNZkJ4?= =?utf-8?B?OURMbFJjR1A1d2F3WGVza2QwZCsyK0pJajQ2MXNJaWsvVHJxeGFMUjJXcURI?= =?utf-8?B?VWg0M043WS8wSlYwaG9wQ3FHeDkwMksvS2doNEl1K0xrUUxWZ2k5eUJLQWx2?= =?utf-8?B?ODd2U1BqTWJqd2RrbWRDTklQNzNMemZmbUxERCtwbjRsc3VPRjJoSDJlaStC?= =?utf-8?B?Tm5lM29sWFU4YXBPWEwyU1Q4eDlpbHpMOEhNZjB2aTdFRUpzVlJncHAwU2RJ?= =?utf-8?B?Wk1ldnJpRzVVeHEyZG84QkRsUUxldmk0ejZodGZ1Z21wd0Q0aTNjeFRNUUxm?= =?utf-8?B?MnhZT3lvQ0Y3U0krcGZTTnJac1YxdkpjK0ZydGJYRjhvTGowcTZHdFY3UnFG?= =?utf-8?B?elcrZ1M1dlRvdGdjUm4zdEhlUjMvUlNsZFAyNHFuQjB0SUJaRkl5VFVIc25U?= =?utf-8?B?WVJ4RXNtVWIyU3lEbm9YY0pENHlxUHFvMGYxRjRia0RxMWtOaWdoT0plOGlX?= =?utf-8?B?eFF1b1I0eGwyOUVmMXNXYWtob29wMHdJQ2pENXhDTW1CVWdTYmcrdS9wSFVq?= =?utf-8?B?UjVUQT09?= X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1612; 6:1vSABN6er2Jitsw4FP3LZ0toQnfQFH6Qt5wSoGdqRSUL0Anc8RLt5gjysdvNioBwTbBi4y42WmEwHRLczrpfYpAPCX2kE7FvA/8mZUci4g4xUThWq7G2JAmmIZ9xGP6RX8dQm7DSaMrGAIwXOvy9CqkKZIfr4UtAJ5gBqpM0IuAA5xPi/300RyBd5tYlQ504xphpSxYb0HRroqVDr06snP9R2nH+o3MmMc7C+E2I64LreCysEDnzk6+TSQYYfPYeljWMqkofcPOs7jf6RBAHCbZSe0Bp0E+ZdarpV5d+FDnXnqWM4iYHjz7w8cOLzih44xW6u3EVpO9dZIPlBL7yBIsibfJZBP7HGid3YF+NnuNwB78i8Hsokp7XOh1AyUefvyY52Q7WeX2+83SPLLlaB2FiT5L6gkWi+stIS5OQNNY=; 5:zeZ823I3G2UFi6TXxqe30LfwoLzBLVW7RCh8cl6Drm2nuh8NtSZwMzza3kyXBZfFMShhlQ9g3thuMg/TqNQGACObX+xWAIUvjvwZvMeD/jFHlcoJQC4WR4GAY7DYS8wDZxCokZyXSv8/W0dLcORimul7uTMV2/1/aY8Vgyz/2iI=; 24:/HlcelEo01S/83Hzb52TPMI9ukhbvw/FGMwWRpesof2i4EvOfUQt2SUer4cDMf0X0JGcfjeF+cbzCEGZxdrYvx8dWMC2bO2iocoflP2EBDE= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1612; 7:UiLPKyrUH3y869EJ7W72IDFzaTBRdLwyWicvzUfo8kLf9AV0qkdvxN+TAP+db79Tn2WFmOSkNUMeH2rIcChX7lKcwUGcxp6AYRWoAX8DOz6NQqLzjVVEcm8Y0+g3K14J17MaLqz+F0WZusWSH1lMGjSDyWv/ghE+FNJWzF6C0oCZlAUz1rSTpW1ut/tKw5684Xgn8fFlURCIw7HHeYPoIpAhgk0NsqbqSvJAx2m22YLaNgH5xovSmziW79IaVoytmMZpIW/HKA1M9x0RUPHSFIxmeRz7Vobs7zsf68ibrNlaxk2WleXoQb6Bf7FUHtccKA5Vpunphon7CoCVvvmbCw==; 20:g7zDQqwJrd1dE5zAiHCcud2bO6zU+5JGpy+dPT75PAXFWiqjl5luoggLc1IDDBiRvQCa54eurBoxuDHhHtt6eJwHALUSEqhqohyb9kxfTH+qIxoq4KwavFkVSR76KZGOXsVIYDO4lNtzo3tn4FPD5r7cUicHcFb/KjiO+jRnNukSAkWUpvXejZjKTWh+5AcCLWjQYgci+Mn3fWr7P49+ppfBxCXT7JEfsRyMHVDOUWMF93enh5VVseEU1y9vhRfW X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2017 20:53:44.1949 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1612 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.36.51 Subject: [Qemu-devel] [RFC PATCH v4 14/20] sev: add LAUNCH_FINISH command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas.Lendacky@amd.com, brijesh.singh@amd.com Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The command is used to finalize the SEV guest launch process. The command returns a measurement value of the data encrypted through the LAUNCH_UPDATE command. This measurement can be handed to the guest owner to verify that the guest was launched into SEV-enabled mode. Signed-off-by: Brijesh Singh --- include/sysemu/sev.h | 1 + kvm-all.c | 1 + sev.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 74 insertions(+) diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index c614cc0..7632202 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -97,5 +97,6 @@ void *sev_guest_init(const char *keyid); void sev_set_debug_ops(void *handle, MemoryRegion *mr); int sev_create_launch_context(void *handle); int sev_encrypt_launch_buffer(void *handle, uint8_t *ptr, uint64_t len); +int sev_release_launch_context(void *handle); #endif diff --git a/kvm-all.c b/kvm-all.c index 5e98534..92b4fbf 100644 --- a/kvm-all.c +++ b/kvm-all.c @@ -1828,6 +1828,7 @@ static int kvm_init(MachineState *ms) kvm_state->memcrypt_debug_ops = sev_set_debug_ops; kvm_state->create_launch_context = sev_create_launch_context; kvm_state->encrypt_launch_data = sev_encrypt_launch_buffer; + kvm_state->release_launch_context = sev_release_launch_context; g_free(id); } } diff --git a/sev.c b/sev.c index b391012..d32391e 100644 --- a/sev.c +++ b/sev.c @@ -253,6 +253,72 @@ err: return ret; } +static void +print_hex_dump(const char *prefix_str, uint8_t *data, int len) +{ + int i; + + DPRINTF("%s: ", prefix_str); + for (i = 0; i < len; i++) { + DPRINTF("%02hhx", *data++); + } + DPRINTF("\n"); +} + +static int +sev_launch_finish(SEVState *s) +{ + uint8_t *data; + int error, ret; + struct kvm_sev_launch_measure *measure; + + if (!s) { + return 1; + } + + measure = g_malloc0(sizeof(*measure)); + if (!measure) { + return 1; + } + + /* query measurement blob length */ + ret = sev_ioctl(KVM_SEV_LAUNCH_MEASURE, measure, &error); + if (!measure->length) { + fprintf(stderr, "Error: failed to get launch measurement length\n"); + ret = 1; + goto err_1; + } + + data = g_malloc0(measure->length); + if (!data) { + goto err_1; + } + measure->address = (unsigned long)data; + /* get measurement */ + ret = sev_ioctl(KVM_SEV_LAUNCH_MEASURE, measure, &error); + if (ret) { + fprintf(stderr, "failed LAUNCH_MEASURE %d (%#x)\n", ret, error); + goto err_2; + } + + print_hex_dump("SEV: MEASUREMENT", data, measure->length); + + /* finalize the launch */ + ret = sev_ioctl(KVM_SEV_LAUNCH_FINISH, 0, &error); + if (ret) { + fprintf(stderr, "failed LAUNCH_FINISH %d (%#x)\n", ret, error); + goto err_2; + } + + DPRINTF("SEV: LAUNCH_FINISH\n"); +err_2: + g_free(data); +err_1: + g_free(measure); + + return ret; +} + static int sev_mem_write(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs) { @@ -334,6 +400,12 @@ sev_encrypt_launch_buffer(void *handle, uint8_t *ptr, uint64_t len) return sev_launch_update_data((SEVState *)handle, ptr, len); } +int +sev_release_launch_context(void *handle) +{ + return sev_launch_finish((SEVState *)handle); +} + bool sev_enabled(void) {