From patchwork Wed Feb 28 21:10:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 879438 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amd.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="Qy/vybOY"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zs8B03HRxz9s23 for ; Thu, 1 Mar 2018 08:40:24 +1100 (AEDT) Received: from localhost ([::1]:47128 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1er9SX-000095-Uc for incoming@patchwork.ozlabs.org; Wed, 28 Feb 2018 16:40:21 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53778) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1er90Y-0001aU-Ml for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:28 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1er90U-0006BY-GW for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:26 -0500 Received: from mail-dm3nam03on0058.outbound.protection.outlook.com ([104.47.41.58]:25985 helo=NAM03-DM3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1er90U-00068d-8e for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:22 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=sD/c4kPsI0zoxDs+m39Kl6gPMdEKsY0VPe1OZ4/Dflg=; b=Qy/vybOYssWHJPq2hZUazyNOAsnwNkb1VREO5OMx+MO7eXfgx8h/XYXSrY5LH3KSUFJmPANhOJqyi1ZEoLmHrCDR+LQ9I5bBpwrJmHaAlDuRzgBZUeR1mC5onqtBm4Zsde0Hm5rfpwug3Ibli8rBMxosPmwTqtpErm4BzKyAbq4= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Wed, 28 Feb 2018 21:11:19 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Wed, 28 Feb 2018 15:10:27 -0600 Message-Id: <20180228211028.83970-28-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180228211028.83970-1-brijesh.singh@amd.com> References: <20180228211028.83970-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM5PR10CA0008.namprd10.prod.outlook.com (2603:10b6:4:2::18) To DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: c55a349e-5e7e-4482-5fe2-08d57eefd05e X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0155; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 3:YYhkkswQAlesyVAOLzxqKv0sU2/CuTjtEKs0a5dwIAdqyg56945feOaTByK1CTrC94QQQi4iz95OvXOXYQ5c2AxUnofCRgwvP+Kn7exASjL3HDXEVaQY37gqw4PCfy+Xb8SgoIuNgPveT7xM2hfgcqYNGD25IkhPH99hzta6jM6p4bW/9GRFysoN/+pyC2/p81gDoYWfl8jjKadjIkE/8jpl9TPIJdB0mwLXQs/tbMfBTBumk0cotuNagHeEaMIr; 25:cnXexNA5DmdodhI/Y1Uolua+v+galyT5xzVREx78qVdwZ1W1JLEkPN9Am38QiZYOAYfEkWTE6MuQtmC8yxW+aEokTxF8G2j+dki0EjORF1hTmzJfLH+8HV1ii76Jgia8yM6IfC3OE78eZjNkaGEsJT2+SgmEAS9rrXOdqlMKY9pvkiAPoEsrjiC3Cseo/X5b9FcKeEg+Sv09F9A3SoGiJF44tgKstTeznhKZ+DAi8DN7DD/xBN4o1qBkGxeBAFh7ATsl0Rc2yVMmgz+7FGF6hAmhg8Evlprfcj71VuTUjUsguo7qfamNGfd/BZWEnPH800VWV9poQwOYupRp36gDvg==; 31:iyIh6+3ekDmW5v44w9HHSHfx4MqilXE1MIgCNSAtPm7565hfimyUD9QwvcqUN79zpb6S8BGftqal2qcl0TA35dvJzhv57f0Kq96ffmIYSoDH9mtC6/UakUe2lV0ztH4Z9Auw+hl1fNlPv6E56BfFQMGdY3GOEH9QLgG46cEDVOYw3+LHMADKegkD6WUCDH7nHZ4PjzMg66ujbeQfx308a7Tj/aMG+mPTGhccqmOblAg= X-MS-TrafficTypeDiagnostic: DM2PR12MB0155: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:xhwLB1k7TZD0IkhICxFy/1Grqr4ZkCOSU32xI2VRFMWo/bo+E+HAv6/Iml7Z+n5rmDNeimaQ2ben3yLqoIS91euTTrtotIp6fE0IV/nVZM0LB0q79/ItPUhLpvTAu05xh2aUbS7mZwa5/iIgfPW+gzfQP8R/BM8c3BZ5PwBthWcZpCVcPtfmLTqlaT3eB1H8PK4MNsdM+pIvD+iArWTY0R78cvp/mmzlBrE7yK3Lqrak1Jog1UJ/png+Pvl+LcdvepHuDLX6avXPlvDnsfaK+AZ5i/TmJsbNCZnpM+q6LZOVKMrAvTVpy5mpSjDQ3/YVltoGUIdWYzn9wknri4B198uxaI9dNeZx2svSioaiCTUdh9HV4cyaomZU8WH1aax6K7DsPg5m6gSLJG2NC4ao5UC9CXEuhQRtlbzDtgs9G03m+40WcJeGE4sY30j0TN1to3eYfBUsWj7xpo1uo+dfLJ8QY7vuzNE2jAiwUhK0gOBlvoj3MjIp1XhnsZhVlUbu; 4:6b5P7sjD0iHrjiIKHbpd7PAykiTGEqfe/moFSul4E+8KBhyh6IGQgaQX+BZNqpSK3pc5HMAqCluYRgI3rUcfE+UipbjoHQ0SGyeu4ynCyiWE/otQOCnIlWxBS5if3QJOMRK+bP8vT0e0NofGOB+fxiq7waYroKroH+E0myGEFaBPOk5QXXlV5vE/ey688lqbq90htKqDzVD/UMzij1lSruEJs3lT8cgJcHV5ed4b/4z+kZYaklBWFxwqAbyNcTX9RiIL/u0p47WPUxzWubedE+sF9eJ/F3vi8Kdc1ii/GRby2e8je5tS87/izCHAuSh/ X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3231220)(944501219)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041288)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM2PR12MB0155; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0155; X-Forefront-PRVS: 0597911EE1 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39860400002)(39380400002)(396003)(346002)(366004)(376002)(189003)(199004)(6486002)(6116002)(1076002)(2351001)(36756003)(16526019)(16586007)(54906003)(53416004)(26005)(53936002)(66066001)(186003)(47776003)(59450400001)(2361001)(478600001)(8666007)(316002)(81166006)(50226002)(8676002)(8936002)(386003)(106356001)(97736004)(5660300001)(2950100002)(6666003)(305945005)(4326008)(76176011)(7736002)(39060400002)(8656006)(105586002)(68736007)(50466002)(575784001)(7696005)(51416003)(25786009)(48376002)(52116002)(3846002)(2906002)(86362001)(81156014)(7416002)(6916009); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0155; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0155; 23:SM3jod7xDgZQRl4326pU7K2K+Pby7Xj9qT8ZFZUs7?= Vf3ZNLpvISsDRpZbyo2dvWmx/fasGbpLiZwtfjXsrGBzs+iWrz4uy87voCHzE+ylRbjiLjPH+48C5tJh4OlUo3vmhfnO1i0jOTAjsrGTRTOp67gysj1dsft4/z7NW7HFJlcPtaSroKoIgY6vpfCnj2AAiEPuU9vLOMt1DOuZ//A7jQM7ZlfLNQjk+yjYPdjZ1agWvrYzAZBOyxlZHUGALVlvDmLqhCycsmc3i6fwZlyaHRA2o3GdT5KhD23gNdP4pcgI5SI9CfQHQn60OxS9llYl06N5Nr08eAq4lVCTrNIuE5yYJikY+Vvx9+ZdQCBIKe/QeIx+pRqMrfOwnWUa0IVllaTtpoLS8dsHjANM7Ng+1acAMu2nfc1kPNsLYwRYu4CX6MDTifaPy6LeBCYeEZqnvvLbeEXjAh/IlVoZqXYUYmDBBAoTmbIpFcjLwWXhETflo9+0UZzYVQLYBquVhIl2iSR8LUyCIV7Ak8yykvQdWCtwhIcHEkF7dyyk+B4ZVRWKMvJLTh/PIMuw9ZuwPmfGPsx7/1zWe5TZsFTPbvI02BpCMtzwcvrpUj7S1cYpsNsUlUoLLXOIiXoTII6b6vLJdCavE54r968l9NfWBZutNbEOHcEstXWVvtYoqD58aSqxaQaSiiyL0J3AvPyDpe0et9hZHrYZ4TOAMs37Z+OVQD/PZreRZwXqdFwu54zUKWQ6vJjeYMPLzAJYNILacoXH8oReUkMdq7xUk4mO4/w5UJ7KfJM/3mRqUOZzgwVRbeKMXoo4lcSG3wTFivrNNxMmEmCaOcA72n78PzvhA3zZnVXL7gkt/ens5S9kg3/rTZjQWGdq94T7G5JSGwe0G/V0DOJxPGibT0QrsspVqKFbaQYUB9kx8ws0jxZx+zyYnIMrq/TbNM5Ypi5HCy2biUnCZTv3S5+SNzcKHhT69cZRWDY2id3oDd3Z33P96cbYX0VuOOP4jX9wzpKv/iXeHHQ6bE1AgeKzB12NjyTQ+DyARa1MTYtG5pQ4MXSVSNglplrRpIvwGgYtOZBck688h97OyMdUxOiLpUYOa4WG/0VzxqqhicvnC/32PmaTZoaWPlzgtrNqBkTAB9qeG+XT5Eab73iBNnqWGf7zmptWEtBoSPbOeWdSeL23RhIG1ml4ju+HmEieJ3hAzJeQGcDeUbTeT2r7LT5paU8wjfV+p2Ox79ccMYsEDRYdeiMcXjyduP1wpMg31BCIHzJvNiSl4tqXr3d/p0V40TewzwDi1AdRQLq20fprbWbcFu60VjxWCfbmNuqyGCc8ywxkuln1ARM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 6:Z8LfNvV0SyG+guHXB9taXD7kzYOPsltdh/Gc6FBNh7OupAlBsaLdRUOw+y5wC0TDBtnQbd9ils6If4E/CJzGXhsL+N+X9je2dAQzW0ReNG/rZfKC5uhjcjGgfYdvzAUwERVP1WNza6NslYX14tObxHJ8CZOPAaWFkVtHnppFHi3q7a7drBblkV2lmfaI9a2wHFW1/vZ86YHTzGaWvKJ9HUefPW9WU7awEG0CPAVtt8UjYkRad2MGMrQuxEVZROhYXP9CQUNbRTpqTkNSUk+WirXL+0evymwdOwG2erNgIpMoHm/wGmlMiyvAsmaez7ZrlZeVJXTMXVH+fMhLEHQ3HGKkWqoMP8v9y4B7s25l2+A=; 5:BqqqMiGgCXKTMpkt8kUissU5hDHjXHf6bVoFVQz6g32GoDw5EbDSn9Gc/WUNYshzOQtNnCCK4VKPTlP1f6vFSufQo8U/LyKdP5lN80801guWtFY4FyHAockRvOtkcwSv8Ma1oSNVTvaQQbB6kNBxLg5nK/OF9YEUOIncl047Vuw=; 24:5ORopf/d9VFmC352nBHqDPiQfsIop0PpSRsyz9fBUJUlG8Ad5tCMPj5CdNTt5TPhBPyTTjbJvhp0DSqfZDPrqvPzQZtOWoxjOSxpX5eCEsc=; 7:CF8MZtHeVGf3ph/Pfi7iXjZq9v9e/4XFitL0SkCE4Gbw4LwEah/Gu1mSDUjR6T43wyxUt8bhoIfydY/9cd04jBfDyKUjnPrlbXYg3Jr5/dtcY0HhOe6p7+hd6bpNAQHFCKg28rqiiNd7fNaSQRE4TgrELlKn+khNkRFTY7tGc3du2O7XUrgILAp3pmnoJ3Q+iCG4Qs+NpaA8uG1Bn5f21eqF/AJxiiSOcBRJxi71dgsJXWhymPH/o2bbR5FASltT SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:NAUQZag+BABN5fS0LMWsi2kGsiJPgilmeRBWVdMpRwJchTKahln9cEAhkEwwPOPqtOODQ1VxC0+L7NFEZQfpbqlDvu/6o2d3fiutQnX9ZYZytJaIjMtfDxwyEyGrD4hwpDdDyYa6gMv5GjqkC3mpVpF3rXtSUusW5FR2Er1Red/25sr/zgiUf8vsHbvs1x4IgIvo080HgGxN/kTjGirNEp9mukgLBEhcgXTto3/+bs2/OdMAWTVBCDhXuHAJvCV0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2018 21:11:19.3422 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c55a349e-5e7e-4482-5fe2-08d57eefd05e X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.41.58 Subject: [Qemu-devel] [PATCH v10 27/28] sev/i386: add sev_get_capabilities() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The function can be used to get the current SEV capabilities. The capabilities include platform diffie-hellman key (pdh) and certificate chain. The key can be provided to the external entities which wants to establish a trusted channel between SEV firmware and guest owner. Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- target/i386/monitor.c | 10 ++++++- target/i386/sev-stub.c | 5 ++++ target/i386/sev.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++ target/i386/sev_i386.h | 1 + 4 files changed, 93 insertions(+), 1 deletion(-) diff --git a/target/i386/monitor.c b/target/i386/monitor.c index 1b55dd0fff88..b914915d9171 100644 --- a/target/i386/monitor.c +++ b/target/i386/monitor.c @@ -740,5 +740,13 @@ SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Error **errp) SevCapability *qmp_query_sev_capabilities(Error **errp) { - return NULL; + SevCapability *data; + + data = sev_get_capabilities(); + if (!data) { + error_setg(errp, "SEV feature is not available"); + return NULL; + } + + return data; } diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c index 2f61c32ec975..59a003a4ebe6 100644 --- a/target/i386/sev-stub.c +++ b/target/i386/sev-stub.c @@ -44,3 +44,8 @@ char *sev_get_launch_measurement(void) { return NULL; } + +SevCapability *sev_get_capabilities(void) +{ + return NULL; +} diff --git a/target/i386/sev.c b/target/i386/sev.c index ad94eeace1b0..20279177cdcd 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -421,6 +421,84 @@ sev_get_info(void) return info; } +static int +sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len, guchar **cert_chain, + size_t *cert_chain_len) +{ + guchar *pdh_data, *cert_chain_data; + struct sev_user_data_pdh_cert_export export = {}; + int err, r; + + /* query the certificate length */ + r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err); + if (r < 0) { + if (err != SEV_RET_INVALID_LEN) { + error_report("failed to export PDH cert ret=%d fw_err=%d (%s)", + r, err, fw_error_to_str(err)); + return 1; + } + } + + pdh_data = g_new(guchar, export.pdh_cert_len); + cert_chain_data = g_new(guchar, export.cert_chain_len); + export.pdh_cert_address = (unsigned long)pdh_data; + export.cert_chain_address = (unsigned long)cert_chain_data; + + r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err); + if (r < 0) { + error_report("failed to export PDH cert ret=%d fw_err=%d (%s)", + r, err, fw_error_to_str(err)); + goto e_free; + } + + *pdh = pdh_data; + *pdh_len = export.pdh_cert_len; + *cert_chain = cert_chain_data; + *cert_chain_len = export.cert_chain_len; + return 0; + +e_free: + g_free(pdh_data); + g_free(cert_chain_data); + return 1; +} + +SevCapability * +sev_get_capabilities(void) +{ + SevCapability *cap; + guchar *pdh_data, *cert_chain_data; + size_t pdh_len = 0, cert_chain_len = 0; + uint32_t ebx; + int fd; + + fd = open(DEFAULT_SEV_DEVICE, O_RDWR); + if (fd < 0) { + error_report("%s: Failed to open %s '%s'", __func__, + DEFAULT_SEV_DEVICE, strerror(errno)); + return NULL; + } + + if (sev_get_pdh_info(fd, &pdh_data, &pdh_len, + &cert_chain_data, &cert_chain_len)) { + return NULL; + } + + cap = g_new0(SevCapability, 1); + cap->pdh = g_base64_encode(pdh_data, pdh_len); + cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len); + + host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); + cap->cbitpos = ebx & 0x3f; + cap->reduced_phys_bits = (ebx >> 6) & 0x3f; + + g_free(pdh_data); + g_free(cert_chain_data); + + close(fd); + return cap; +} + static int sev_read_file_base64(const char *filename, guchar **data, gsize *len) { diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h index 2ecca66f6e64..cc89e273ccf6 100644 --- a/target/i386/sev_i386.h +++ b/target/i386/sev_i386.h @@ -43,6 +43,7 @@ extern SevInfo *sev_get_info(void); extern uint32_t sev_get_cbit_position(void); extern uint32_t sev_get_reduced_phys_bits(void); extern char *sev_get_launch_measurement(void); +extern SevCapability *sev_get_capabilities(void); typedef struct QSevGuestInfo QSevGuestInfo; typedef struct QSevGuestInfoClass QSevGuestInfoClass;