From patchwork Thu Feb 15 15:39:41 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 873949 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="4aBeRPdi"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zj12c0tpvz9t1t for ; Fri, 16 Feb 2018 02:50:48 +1100 (AEDT) Received: from localhost ([::1]:60779 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1emLo6-0003qV-4p for incoming@patchwork.ozlabs.org; Thu, 15 Feb 2018 10:50:46 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35764) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1emLeb-0004QK-41 for qemu-devel@nongnu.org; Thu, 15 Feb 2018 10:40:58 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1emLeX-0003ZM-54 for qemu-devel@nongnu.org; Thu, 15 Feb 2018 10:40:57 -0500 Received: from mail-cys01nam02on0050.outbound.protection.outlook.com ([104.47.37.50]:26711 helo=NAM02-CY1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1emLeW-0003Yu-Sf for qemu-devel@nongnu.org; Thu, 15 Feb 2018 10:40:53 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=HOlCjhvnRYmh5Gp6yMt04nUG0lGp/gG33Y/+cm/60lI=; b=4aBeRPdilC0kbacfiJTriGv2GgMb412BMl9KksBu2vESVnJ+8GcD4tG28KQbl2lJld+IoGpT48ONKHjzayLFu1MeSY3cMu6EjSJzwZiKH76aB6/BhkPqOwPfvo9y7ja4EuqwlYT9ZdvHBnRISXaVSGiz0GnkWVH+93xNassd2qo= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Thu, 15 Feb 2018 15:40:47 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Thu, 15 Feb 2018 09:39:41 -0600 Message-Id: <20180215153955.3253-16-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180215153955.3253-1-brijesh.singh@amd.com> References: <20180215153955.3253-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR04CA0044.namprd04.prod.outlook.com (10.172.133.30) To SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: b8c888f7-448c-494d-9eb7-08d5748a7d11 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:SN1PR12MB0157; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 3:aWPybAQuqeAqE5ARnz8QhUP4OnI/UCa2f5ciaLEyBHLkcjKl4M1KgtxzD7k4htPPwHrcA/qkSBD0opbB2FPLktj42Fs1a728bSlcZtMh1rQkj1EhMPHyabmYdPLMAJeIYOGptrweV8O73TwmV4V1CX3WylEWTEp3dfpvKpLnWvLcmXlGnnZomv9xt9stMd3zxm/6bL6TKtXaqAx3LdAPGjYIoR1K4meHD1icBV7x+8HZ3hr7ekwg7T75x2bs7jxR; 25:aXYSmKAzeyR0WPFQ2IcUdNM0JbPvetWUUw/3uyThcdGKqEJzhuFmdk0Jq02mR13euu4GwSfenS1lkDtoZTAKvnZ0a05fq1DPYWVSgvthtfNKGm4ZQSin2LFiEkrgEkYLE+JB9offe2ryuZpQ/sdQ4NPiFoxp+FfOxDQSwpJ0OSlX00m+2jFCmCZnvYMAomBwcU0triuUfZD+ru0a4w+lZ/3Q2ecEy/68hfbgYyMgDDzwyY4W/rdy66dCw8j0WqiJEdoYqPHFMRLW47xAUMREzgVk5lnPBNJsCNnlxnMEusXShBEuR/5q+2w+kC3CTo3RiOhA7pH/bVBSMFmy2W6TEw==; 31:39lSqiX/2lJHBK4UloVEG5ooRo1vl389XJubSXqppj3kLAEIjeXsSdVmKfx8gUBopWgRVUgYPPj/YifkmKp6yzf0yu93ej0OWi36quk8xuorRBG615VzhKlpKo7ngu4dNGvNWoCZte8FA1B9IjI7ysmOYXuUnM/7h8zNNmdcRdzFSuyYZsIkPHyX2Evnj3Zyg5HAHWrz5G7R20RH4kfTfHH8S2JM649vJ7/v5v5/jQw= X-MS-TrafficTypeDiagnostic: SN1PR12MB0157: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:HkCI0mg0P72x/QuHUVuUodB3/WIcFQuSnuFc4tFLyq8pneEJnSWeTNdCc7Yn/l7fYOXYQlt0JgiRs0QBx8+CKRa7oCcLRX9ZIu5+oOueBdfpM4z6sG4zdd2i5F/nVEW/d6sNDhk5EpzUhnzExmvrqkTzschxM29epbCqb0c/2tHIrNNM2DeVXWQtepkgLY5woS4EKVz271t3QybRNC/sfazKs+0Wa/kUDalrJSDfnfe21kTOJXOFpggm9hNw9REfDXS2s2S4OelpO2CuxNNx4IjVxtElngApogzMVF7OxHtrjkaItUznqTVsQIvmdo+H0Wh6K6Qmkc9lk9AMaYkkapbf1R0ikxDxnMXYWrPMApa6WOvweFWYS1XxSLkTcXmX5uAqZ12Pu0fbYomNqLYQEmIzNANZXRuMGmKosKYDM+tcgsUIK3qZ7zI0u8uZxFBs48TurxfY4Bx2bZXm/PF8x7ki6PsZ7DSA8ZDMEapbVRTeWAbaqkDf6IeT6y8MaBsB; 4:cBf8ga5lnmGiCuHTzc9OgJkg81upqnUn9PrNok0wgvX/qdazbdmznFAtI5WP9N2DqUy79xclfrVuRYGrOaqUgsRk1M1Pj6nY4D2h9bJuo064LAJhNzX4ZehdNbcwzFdMVC+bV3FFVOvwzQoR9qtaPZWyd5SN2EhQilntFsp2fN5H17a+WsZxV05ZBvdNuOqlUQt50hYVSfmGjLDufJ/nmkQB4DJp2zKQNWScqPeCJcUJT5d6PIjfOBh2AmF8JjFBqtSSqX6bdja7yNISdO4knMRxA8sGQ98eDU44bQOt0GbfTEY8nkzGOkytpu+tkMg8 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231101)(944501161)(6055026)(6041288)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:SN1PR12MB0157; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB0157; X-Forefront-PRVS: 058441C12A X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(376002)(39380400002)(346002)(396003)(39860400002)(366004)(189003)(199004)(26005)(3846002)(386003)(8936002)(5660300001)(186003)(16526019)(316002)(6666003)(8666007)(1076002)(54906003)(6116002)(48376002)(50466002)(7416002)(478600001)(59450400001)(8676002)(68736007)(86362001)(16586007)(2906002)(50226002)(39060400002)(2351001)(6916009)(7736002)(106356001)(51416003)(8656006)(52116002)(25786009)(4326008)(97736004)(2950100002)(6486002)(2361001)(36756003)(76176011)(81166006)(53416004)(66066001)(53936002)(81156014)(47776003)(305945005)(105586002)(7696005); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0157; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0157; 23:hueaJeMYRCVdhXGG15if+yVH9Rax5PDHc9D2P7/zi?= hxYjvd40C651JIRRFWjOd7MvW2z1tDTE4w6ElYmL99z0eyfNJAFMccdSA3xMuvbPrhFF1+Uvx6kahfTwf6JYgWmnVB0Mlkkb4HSqTj0diCAC4lnqezuOTwzKRIzvyZzzUdFbIkkyRdNgVpEw9veww9NRz/M7tS2otU+8wNnU3wi6sSyLOO3DB8Bb4kv5+1Tm3WalauSRpB/JP0FLiwe9BBhXo/87ZARx/4MF7dAk8LA7SARxZwZj+EWYixdEPP7CIEnhvbbGIXYPyF650GUpKtXFQLJy/++jzkvq7tcvVLf17kxYetWWGWw1EGlzXfeAeyr2BW7RxMcAGrinvAMEFAcfT1zWYiB9U3IwOe+pHcD/GGwda6ByeValRTMFF6wgZBFPPQA8rHCVPrk5PYCBv/7+aGBDV1skvOMSFesRqsUowCBGZ2i/CbfX0nkj02i3zd1HpTF5sV1dV0cQlNKqOeQ8xcnVi8yhIt25SZJddxZ3KGX0w+TNp7jvZJ4PZGJoMpH41xtJU+N+Ie6KNur+7FYiBtZfEJO2q1SpszNU9cChjidPbVa6z5yD5qaqGgRUBA5e2n93Ol3yYSrDzKtTTIPcqUiPH23IUxmsJlVrWF+apFzswQe3QtcmzXsINfnjRkItwXRkQ1fYmAbI8OqnJxtbB768J7ua99ShDfGmdJgRqOt2EODRaOuzhfSmZoCbUKcYRqjUKREELNan1b4vYfJFJVjbxWHoZ5Dt4jaHqOB/ZsRV1cr3kw8DXkwIVwgKMFBtC6pHTSXKORVmCtyidKpUx+fdS4rs8lQwuP4tJCY/k5bzghqzWjD00bKEUrQpuykAqxNeIxAvfHL5oEG5lJT/YDJOgirCqk13VT4YgCXGlr96mYhQt9IA5fYTeaL9bS6HtPaJWLUje5WTuHyoeoTQxd4FVVBmZ0SOSdAnr2yGZ16Lo90RSL8bK/TNvgQ46Cik2Ns6zahhtCTE3mYGmqMRicIX5+X07rc7OhMMp6PmLz9TMNdA6MIDVdTGKyUCOGYH12PgT6xYtTISvtBv0mdUyQHT0IvZEkVv7k4cBz1muPdEPxt4gASB29hrU5o1aW37/Yoj/VpLsZBun5TK98ATSKECvbHiekp/CzNe65WVrsY40iIYWXGiP7ONLEtdS3rbOL5XncoV8eQebuzEojjZxEMEjbfO88MydMxPjx4ihR6xtl9om+3shFlHE8jS5Jekt46HAkYtyzchRdXw5hEp32i+2AigccKzVeJVp8i5yo2Se+xK6An/l/G9frz/LA= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 6:UeWsu3gpK65aXIAqHJqit+6QvecsaNOuGUyUn4f0jKIDUSZ3ZDNA+g5aR7xYa27dh6wT3G9Sf7y//erGJCBDVJDsEdQLFY5zERyWPw59sLVZBoHDyTK6P0/5Qpdz25nfUVcSkOfFL6bhzN7aPZGlOgQ854i67rppcrN6Zv9HSk58llqu5MYSxicSF53Qbu/BfZmt3fke71KK4DTY874JLP65iSTJ0EUfRai1t+TXByoOPDIX3HOkuZVHZceG5V0k1NtrKatX7RTjrNHs+oMOg329d4hDVH18PHqBtL9QCKZIEtyvwHGhVR1g2SGKPGhP3/8jLhrodUvwN0KA02U3zlad+T/JL4ShqzX0yHFQWgU=; 5:8OcZjTxHCYluvk1KXkf0qsjqC9g9rbfmluPl1MgCxTCOzFN6MkX9MMXA65N9vsHLU3NCO4EcZaUZ+TaQqxXxfy2kRmkIOL1dknx+5abf8taz+JwPJYUbE153AZLzoK3tGL/93Wa+bdcUKOwRymtQcPwHJgXCSq9JPqEIUtOOBQk=; 24:OTBr7ajqFhAugfleXgBksUGwqa9ZqfJrT4qHF5bUPXvOrFwsYJ2lPnQ3dINH9dQZC+FZAbe80pZmvv/A2FLqcuZFbMDiDzh9ESOluX8UuM4=; 7:1+AxCPLj5OicbFrRU09t8cTxeVInUtYXGRhofDaNKUke2k5C+PBJVQCvH7wN6d6kgHErmmmPDTdZvPKX/GpQhbIxVXEmpk+BHnotjxC5z2uvqSIBEPSUgk6A+6DDd88mwO2RE2S0S0/XBkqhIcsrdi0IPZDdtjlwyyb/DUS8BzDR5J5R1/oMZpGmtAJ71zbm9o/YYHCOtrv2rNbO0X9k3LYi3VCXRj500tL0xMFCJTqUt36YjxSN0fdwX38imfe3 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:XH+lrv2vPJTjk+byaVE59EjAE2UYrfajp3au1heN52Wql5HQxDw4zdMAiHc2x+xLLaDx1KsCaoWpM6h3U8naHp/onHv9vFKn0q0a4c1GfsCQfY15FcM7vaE68DHF4/lUsKivjzhWpjTunbytyBhWq23Ohu01c5yw0pnftiFS+8giRizljAJTV37+IvRFveTG0jBr9WNMRRk9//hJL2PxDEkAOlgy1X+qMs6ZsyilxRvwpI68T8+gt0mTUDHX/vfu X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2018 15:40:47.8533 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b8c888f7-448c-494d-9eb7-08d5748a7d11 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0157 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.37.50 Subject: [Qemu-devel] [PATCH v9 15/29] sev/i386: add command to create launch memory encryption context X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The KVM_SEV_LAUNCH_START command creates a new VM encryption key (VEK). The encryption key created with the command will be used for encrypting the bootstrap images (such as guest bios). Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- target/i386/sev.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++- target/i386/trace-events | 2 ++ 2 files changed, 92 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index de5c8d4675a6..6f767084fd57 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -29,6 +29,8 @@ static int sev_fd; static uint32_t x86_cbitpos; static uint32_t x86_reduced_phys_bits; +static SevState current_sev_guest_state = SEV_STATE_UNINIT; + static const char *const sev_fw_errlist[] = { "", "Platform state is invalid", @@ -88,6 +90,16 @@ fw_error_to_str(int code) return sev_fw_errlist[code]; } +static void +sev_set_guest_state(SevState new_state) +{ + assert(new_state < SEV_STATE__MAX); + + trace_kvm_sev_change_state(SevState_str(current_sev_guest_state), + SevState_str(new_state)); + current_sev_guest_state = new_state; +} + static void sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size) { @@ -365,7 +377,7 @@ sev_get_reduced_phys_bits(void) SevState sev_get_current_state(void) { - return SEV_STATE_UNINIT; + return current_sev_guest_state; } bool @@ -384,6 +396,76 @@ sev_get_policy(uint32_t *policy) { } +static int +sev_read_file_base64(const char *filename, guchar **data, gsize *len) +{ + gsize sz; + gchar *base64; + GError *error = NULL; + + if (!g_file_get_contents(filename, &base64, &sz, &error)) { + error_report("failed to read '%s' (%s)", filename, error->message); + return -1; + } + + *data = g_base64_decode(base64, len); + return 0; +} + +static int +sev_launch_start(SEVState *s) +{ + gsize sz; + int ret = 1; + int fw_error; + QSevGuestInfo *sev = s->sev_info; + struct kvm_sev_launch_start *start; + guchar *session = NULL, *dh_cert = NULL; + + start = g_malloc0(sizeof(*start)); + if (!start) { + return 1; + } + + start->handle = object_property_get_int(OBJECT(sev), "handle", + &error_abort); + start->policy = object_property_get_int(OBJECT(sev), "policy", + &error_abort); + if (sev->session_file) { + if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) { + return 1; + } + start->session_uaddr = (unsigned long)session; + start->session_len = sz; + } + + if (sev->dh_cert_file) { + if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) { + return 1; + } + start->dh_uaddr = (unsigned long)dh_cert; + start->dh_len = sz; + } + + trace_kvm_sev_launch_start(start->policy, session, dh_cert); + ret = sev_ioctl(KVM_SEV_LAUNCH_START, start, &fw_error); + if (ret < 0) { + error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + return 1; + } + + object_property_set_int(OBJECT(sev), start->handle, "handle", + &error_abort); + sev_set_guest_state(SEV_STATE_LUPDATE); + + g_free(start); + g_free(session); + g_free(dh_cert); + + return 0; +} + void * sev_guest_init(const char *id) { @@ -439,6 +521,13 @@ sev_guest_init(const char *id) goto err; } + ret = sev_launch_start(s); + if (ret) { + error_report("%s: failed to create encryption context", __func__); + goto err; + } + + me_mask = (1UL << cbitpos); x86_reduced_phys_bits = reduced_phys_bits; x86_cbitpos = cbitpos; diff --git a/target/i386/trace-events b/target/i386/trace-events index ffa3d2250425..9402251e9991 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -10,3 +10,5 @@ kvm_x86_update_msi_routes(int num) "Updated %d MSI routes" kvm_sev_init(void) "" kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu" +kvm_sev_change_state(const char *old, const char *new) "%s -> %s" +kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p"