From patchwork Mon Jan 29 17:41:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 867236 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="qY6tNj+t"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zVcZC21K4z9s7M for ; Tue, 30 Jan 2018 04:53:39 +1100 (AEDT) Received: from localhost ([::1]:53708 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egDcf-0006Gl-9K for incoming@patchwork.ozlabs.org; Mon, 29 Jan 2018 12:53:37 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49146) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egDRg-0005k3-Dp for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:42:17 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1egDRb-0003Zy-Gm for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:42:16 -0500 Received: from mail-dm3nam03on0059.outbound.protection.outlook.com ([104.47.41.59]:40630 helo=NAM03-DM3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1egDRb-0003Zf-A4 for qemu-devel@nongnu.org; Mon, 29 Jan 2018 12:42:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=COwGJwlt5C2eybd5w3q1STSCXHleKIFgH8iI2YWRszI=; b=qY6tNj+tCaOb8N9In2s0gyZnGcQzKIRPwxC6LFNECcND0TBMP/9ercsLVLftMugxBYtmuQlJu4pHCt2Kcf6Wf3bZs9jTIOBmJeSVbDpXiRi5GXjzY16Momi82y1vuZ74xpzJyclmUx6YaOHxE0n/Ly+AkDDpqn1hwnNfG04lBTQ= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.444.14; Mon, 29 Jan 2018 17:42:08 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Mon, 29 Jan 2018 11:41:23 -0600 Message-Id: <20180129174132.108925-15-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20180129174132.108925-1-brijesh.singh@amd.com> References: <20180129174132.108925-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR17CA0018.namprd17.prod.outlook.com (2603:10b6:404:65::28) To DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 380b71d4-ecb0-4314-0ca0-08d5673f9f20 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0154; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 3:yAa+0pL90/C5Ovq0dLxEcoiOX6VNBJjvTEajvNtpobOAXT2bpQbURuljglrUxdB3EsIo0OptGUvesBHJLHjF+ROKXSIIUEh+urYeedzvrXC7xYBnA5CBMwETI8AUz2SL9/8r/Wvupg/oVeS3xjgBtigrIVL6glO46eEiSZGIAn9OgT74lRZY5pJbm3D4DwopS1uoRXZHvWFmMLAYriBKf+CANvXr2yQ3krSTIZ3iLpoDYWKrQpCdbLzJiBiY4Q+d; 25:xD3YTI2agqPqYbTay4b+vaSdIgEOyzDLdPop2u6v6Mqj1VK8zgB0e6s6A/uUfwygpK9pPoiLtcI08+L1T8TGbUGit5whAiKDaD876IoW3ZELofiLCYGWix1DDvVgyf8Z+rFXNgDsLUgKytwA5n+J+sSh2+DTY77mZeMbowwPsZ/O1LCBz1CRjuSpDniS/lq3dZaVI/igSqp5y5cXQsaNdnXe/899cfM1NtnvHO1/4/+0yFs8kFaWsbbr/dFdaVdFq6Dh3RFUfwoiEUMnh7TUrC1p19csPvzph1pdjEkSvFkssy1z3ZcQVlKEXjvt+oxOpS0HQBMiAcZ6ZzR9cIegtA==; 31:qqWkiQC9YtFz1MC5N/DdE6SLN7b/3WG3thdSB/zuU4ZIxSfyBdjvO2vVsLeqbFE3x/eV1JKHR88nG+YqS7gfouc3iMVh3whjYeFu++L7ubfq/YS5pD0XiKmGH+i8fl0l5bjaD3uvVwhf7kRftO6TlhAHc7dl7LQp5SG+vV1FnHRkyJ2No+in3p1rDHaXVKNJy5cAPfhzPv3Ym3nocANskaoEtuWy34rsjCUfw+JIlZQ= X-MS-TrafficTypeDiagnostic: DM2PR12MB0154: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:YTSMZVyVtWxle1sk9z7ZMTM/KaUjTmZVHkVppxDRPD+Jgb7NkZhXvfUzCoUpEDQxm31s3+jKLmKfjHV8MIvL9EV+VAHLs7e2rDFY8kUiOLhae6vis9J2uRmxh1ifC4WK/MgapbMHNMjuTIsEnY682/VR9yPxLYZfkvvBzAkL3YT85cMMAT6pqpwJpaKflWnmzn4KLn1Y3l5LYtpA2T+khcb0jbYcGJYxYQF3dtaUpUsB5EJRfJ9Xvp/lLO29xhgESEOB2TiedeYMZGokhQKwGD6nHMIRnWS2prEqVKk5yKlEBV8SgjjxVcYPPIZvBjEokrBa5it6N+I0Gh26GsKFfoOPNihkkyM7KpiO9TtJ76GYezuE9bvU09MjD5GDzwQTuCEhR0rjL1D3jgCtCr7Mg9JPFYm9Yc2/XOebprUAgIw/tNmgegmCRpr/tDbwOY1LlrT7Uo/1iEnm6+dgP6SFV4HG76zgahwnTsdvvf+cFAu6A/9r4n0Kp+1kdoN/jm3j; 4:J6hMAj6Sra4Z96DrOSVqFuym/dsis1JYsfiPV+RigsvnUoyZGXPduLatiOalTsTryK6/uVu6DmO7noGJpaqNyypuvVu5rVAQNobC3vBU3xA2VOgxGmPhx0hiUuy7vVdiLJadexz8fZaaXYvFoc2fyuULs3SS/T38nqUNME5hNfyIBt0V0e/tmy9+hgzOYzimTY2m1PvYAkLsirmNhfOp7T19GfAzfNbSjocL5+0aiZfrQzibSsGZQXrV6mJKB76m4cmb1XvNCkUu3N0QzGEJEHlUboJqgS4iFJmQOEVEHTpaxMQvn1wYWMc8N8o34x4RLopQXKcOTwpY2p75ZB8bzQ== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(10201501046)(3231101)(944501161)(93006095)(93001095)(3002001)(6055026)(6041288)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(6072148)(201708071742011); SRVR:DM2PR12MB0154; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0154; X-Forefront-PRVS: 0567A15835 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(39380400002)(396003)(366004)(346002)(199004)(189003)(48376002)(8656006)(39060400002)(4326008)(6486002)(68736007)(36756003)(478600001)(26005)(97736004)(16526019)(53936002)(386003)(50466002)(86362001)(25786009)(8666007)(16586007)(54906003)(186003)(47776003)(316002)(7416002)(305945005)(7696005)(105586002)(106356001)(76176011)(51416003)(2906002)(81156014)(66066001)(81166006)(8676002)(2361001)(53416004)(3846002)(50226002)(52116002)(6116002)(2351001)(1076002)(8936002)(7736002)(6666003)(6916009)(5660300001)(2950100002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0154; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0154; 23:SmsQ/eOl7JKMxQQzxGJ/kTJYTQaw0rLBnqWbBn4am?= 8j70jrpa8i6WloczceEueKnWKqju74I8+32gc/3ZZa7Z1uExySh3ex+TwTLx7YeQuQrH8wy82aq2Xoq6Mf4k7sWSqgoxoXarx0BKle1W0LIKklhSNgrwcEl4JurZu1Er2JhcLF6DQ6Cu8rG/2Q/96nuty90EaBxjJPlgOYbkVymjhCDcdMADbPLnxzshKMEAJCPZugT2boUms1X162uTvpROZzYNjTlD+LImsKgZmTNZU8WzRmLVmwcF9dvpKkrLeCVc739TH7lJtLUW/QyR8uNYQAOKv/HkaLyBrVQlAADcpuGyRVwSUymld1woGFOk+u1KS2vJVh/G9k+vy4eWOfewWpusvw1GG8hLvrAh+CaAucZd8hZF9pRPqW6rnGB1O1gMt5UHI6+NZ1c55lANCk1kON9LDB+GIEOWsm+lvFP1RdhAdr1ujp8lsV1bqe4zePtXsWGLD1HU7v11nE2rV13ra5Gb7i7DPY1vT1Y92UuNPAnDKWhJ/NyI9APQDEiHxHdNTO0lIWuCWathdQDJ7+CnmAb6pLKpBDWhAk6bA7tK6xuZjc5cScuqjuuaUKD2k1Q8w6lyAh9mn2l4LInS4u/Hxd/z1we6dA3iLMSD5HRao4t1iNaPe5vOK6KU5I04BucT3EleEpcxhotFB/VHH74E6YjtKu/RghjumwWiCZbtsti+vul8J0595PxJLcAcOpj4ecmKVjv9KNQZatruRNGr18Dw5oVJSgXrc0Y8NxeJv6T9bVYeD3cptoLOeOST42U7Njo8aVhxTOI5g+TKJvNYDGt4NQ93ayq+wUVL7JmUDIoR2G8FF8lWUAaT8hhtWWjPVZi30G9wZOs7CJMRJp3bJ0+fB22A2bQ5uw1T68ngZkB5Q7amL8pYD6iEF4ytW4O1EUBgBDCzjV/9yQSw9QBk3yZFTAQPTKriZr1BXhfSelI4i3fxQzczZyWzlzDeHxBePLA7FzjugQXuTIZcWyfCHWItVe5VQVkHjQsEfQ8uO8NaH/AW5+l94JTn1F9GagVJybm2E09I+j7tHJiNzrJFAJUQIpn9y+Vo1T50wWqzV1N8uNT1+ZkopZjsr2c1kbn7IMbydlXt7H2H0TnVF57E/cUSMeboFarLCAs8JEhneTLoOc3HdXsEbb6sFooX63Zz8XJ5G/YYwn9ldwMmahZfALugWbbrzDHI3gGKdTN+1IlRRhhQl2m7aRFF/ZHD5lJDovc7sYFcmum7TXVxLRd X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 6:sX8v31oe6ZMrVbLYMOIJPx0nSsnmHE2c9ZpHsC9Is8I8JNBFhdxJA8UDtP+PrT2sedVfmO5phoseN+wDDKHrZKLUOAJH+7xVsCv0w2uus67wmWhYWUOtIsv/HRxwrCLzLlGD3LF9KgaVzDSVo9Ovyfuu0HS/Z9zRX5w49DvF/YfdXLX4a6lecjOufNlhCAOlJaEhf/8yKwCs88oGOhylY/C9ri/INn5RR021OmCAfilsPzZOm1R9hyfoQ0gD3c/b737oCBK7b4S1kb3p5/lAhST7XhRkpPyoxMOQiyRAE8YKlbZFSbPxrO2H2NbtOocUVBn1YO0GlN7a4dVYk1ZoMnBtLd3leFeFt8cEiLieswg=; 5:AzJdnXdtdoEKT++o5ZiMCViVHf1iijpnS08jf96TRE2Mx/sfL4hF0IQS7WUAlVzjy/lsrAokOi0IikmFKCZm5rtuOCoC9/ymdEwSWa7r0p6ut7QNR9bxQGDWi6zPhiTiQ+3XmbF7ejrV4tNmQQt7kpKa3sLVgrN5iDSe5dOqjzw=; 24:1btPDKAywueM0l6hFb+yxcaw9omPUhGuN5nzKV2QZ4wDo03SI85HgWOZAuCefRJ9RMgw7rCw+54ic5+wbBdbaOU9aEpE44gSdgULPNrFtZw=; 7:n25cYS3eBJLdQjkYQJi8S+yPgShROayS6/ObsYOzlQqLz4aoxi1kLktKsZLPBJ52A2WaWs8sqmuCFz1mPN+njV1QqPmaP9z5BJnN/n2ytVzc2oZY7eXR/s2IDAVNvjkv/VUbxKAaFiTDJcqE6Qe7yTGK1gd3Ne0F9U1enJwO+ljdF1T8S2qDSLnOXzf3vCM2kD5/Ehl1jb63D18b1MJH02T4QE8s42lBDs3k+2E+gFcqlI85eUAFA4WwzHMr02H0 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:2/RkeHcAhgC/aFeG1yX+r3ymPQygODDN5WtJkTnLvUrl1H38YIOoREuNxU3EC2QKfFA+BtTkJWtg/aHQxukBnG296ekEVQUEE9LaFYxFhimdKvvPBW6BF00TvBYGdr9B7gCcDMMtjI2oseQ8CkUXQRbMsBg+36NH7vwo3Wk1deRP3u7/ANZd1M5Qz1v5VI5CjEXzUEx8XMQLxlOiuKygogi65kGJGLEQZkkyg0zhbDgvies0X4hSqe0WGxzroF5/ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jan 2018 17:42:08.0259 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 380b71d4-ecb0-4314-0ca0-08d5673f9f20 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0154 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.41.59 Subject: [Qemu-devel] [PATCH v6 14/23] sev: add command to create launch memory encryption context X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Edgar E. Iglesias" , Peter Maydell , Eduardo Habkost , kvm@vger.kernel.org, Tom Lendacky , Stefan Hajnoczi , "Michael S. Tsirkin" , Richard Henderson , "Dr. David Alan Gilbert" , Brijesh Singh , Paolo Bonzini Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The KVM_SEV_LAUNCH_START command creates a new VM encryption key (VEK). The encryption key created with the command will be used for encrypting the bootstrap images (such as guest bios). Cc: Paolo Bonzini Cc: kvm@vger.kernel.org Signed-off-by: Brijesh Singh --- accel/kvm/sev.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++++++ accel/kvm/trace-events | 2 ++ include/sysemu/sev.h | 10 ++++++ 3 files changed, 109 insertions(+) diff --git a/accel/kvm/sev.c b/accel/kvm/sev.c index 5ae37caeb361..eea07ac9642f 100644 --- a/accel/kvm/sev.c +++ b/accel/kvm/sev.c @@ -27,6 +27,17 @@ static int sev_fd; #define SEV_FW_MAX_ERROR 0x17 +static SevGuestState current_sev_guest_state = SEV_STATE_UNINIT; + +static char sev_state_str[SEV_STATE_MAX][10] = { + "uninit", + "lupdate", + "secret", + "running", + "supdate", + "rupdate", +}; + static char sev_fw_errlist[SEV_FW_MAX_ERROR][100] = { "", "Platform state is invalid", @@ -85,6 +96,16 @@ fw_error_to_str(int code) } static void +sev_set_guest_state(SevGuestState new_state) +{ + assert(new_state < SEV_STATE_MAX); + + trace_kvm_sev_change_state(sev_state_str[current_sev_guest_state], + sev_state_str[new_state]); + current_sev_guest_state = new_state; +} + +static void sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size) { int r; @@ -291,6 +312,76 @@ lookup_sev_guest_info(const char *id) return info; } +static int +sev_read_file_base64(const char *filename, guchar **data, gsize *len) +{ + gsize sz; + gchar *base64; + GError *error = NULL; + + if (!g_file_get_contents(filename, &base64, &sz, &error)) { + error_report("failed to read '%s' (%s)", filename, error->message); + return -1; + } + + *data = g_base64_decode(base64, len); + return 0; +} + +static int +sev_launch_start(SEVState *s) +{ + gsize sz; + int ret = 1; + int fw_error; + QSevGuestInfo *sev = s->sev_info; + struct kvm_sev_launch_start *start; + guchar *session = NULL, *dh_cert = NULL; + + start = g_malloc0(sizeof(*start)); + if (!start) { + return 1; + } + + start->handle = object_property_get_int(OBJECT(sev), "handle", + &error_abort); + start->policy = object_property_get_int(OBJECT(sev), "policy", + &error_abort); + if (sev->session_file) { + if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) { + return 1; + } + start->session_uaddr = (unsigned long)session; + start->session_len = sz; + } + + if (sev->dh_cert_file) { + if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) { + return 1; + } + start->dh_uaddr = (unsigned long)dh_cert; + start->dh_len = sz; + } + + trace_kvm_sev_launch_start(start->policy, session, dh_cert); + ret = sev_ioctl(KVM_SEV_LAUNCH_START, start, &fw_error); + if (ret < 0) { + error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + return 1; + } + + object_property_set_int(OBJECT(sev), start->handle, "handle", + &error_abort); + sev_set_guest_state(SEV_STATE_LUPDATE); + + g_free(start); + g_free(session); + g_free(dh_cert); + + return 0; +} + void * sev_guest_init(const char *id) { @@ -327,6 +418,12 @@ sev_guest_init(const char *id) goto err; } + ret = sev_launch_start(s); + if (ret) { + error_report("%s: failed to create encryption context", __func__); + goto err; + } + ram_block_notifier_add(&sev_ram_notifier); return s; diff --git a/accel/kvm/trace-events b/accel/kvm/trace-events index 364c84bd7a73..a4ea1c382ec2 100644 --- a/accel/kvm/trace-events +++ b/accel/kvm/trace-events @@ -17,3 +17,5 @@ kvm_irqchip_release_virq(int virq) "virq %d" kvm_sev_init(void) "" kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu" +kvm_sev_change_state(char *old, char *new) "%s -> %s" +kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p" diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 6aec25bc05e5..392b21fafbd3 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -51,6 +51,16 @@ struct QSevGuestInfoClass { ObjectClass parent_class; }; +typedef enum { + SEV_STATE_UNINIT = 0, + SEV_STATE_LUPDATE, + SEV_STATE_SECRET, + SEV_STATE_RUNNING, + SEV_STATE_SUPDATE, + SEV_STATE_RUPDATE, + SEV_STATE_MAX +} SevGuestState; + struct SEVState { QSevGuestInfo *sev_info; };