From patchwork Thu Aug 26 22:26:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 1521415 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=amd.com header.i=@amd.com header.a=rsa-sha256 header.s=selector1 header.b=oriKxKGz; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Gwd0N1tWwz9sVw for ; Fri, 27 Aug 2021 08:33:08 +1000 (AEST) Received: from localhost ([::1]:49022 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mJNvl-0001zW-P7 for incoming@patchwork.ozlabs.org; Thu, 26 Aug 2021 18:33:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59346) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mJNqP-0000fA-Pj for qemu-devel@nongnu.org; Thu, 26 Aug 2021 18:27:33 -0400 Received: from mail-dm6nam11hn2244.outbound.protection.outlook.com ([52.100.172.244]:22689 helo=NAM11-DM6-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mJNqO-0005L3-30 for qemu-devel@nongnu.org; Thu, 26 Aug 2021 18:27:33 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=B4rioBrvZYvLA4gN5pZmwnvgxRUijVm/Y0N268ZYy7iHvDp94/BvNtKYIEdpW1vczrF1tQORIVlAkwyNStevV5UDnYYvWCgu05+MXuyxyaEuzOe4fzG/1RntOBuLPCTI6lbcLpPSZe0FvXDaHe45aL+fye4f/p8HxZdfOZni3Q+Na+WB/VVqadcjCW5m5RzjNnys20onZmPuAd6OHGdp4uxsKHETG650lz6O/FS6m3vRM8BBut2592uzBAfyC3c/gVlGf885HE4DxWtPZ7yUy/WmUcgz+wGXtyWIqhaCQ9wmZOTj9WQw3F2PbwRN1VIpfIdKjfUlnPvfOfskckJLaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LjJvoPFWhDmiaCLBg0LOzFdUkaf1IvaS55eMyY66ytk=; b=WBy6gtOa1SBmluwA7vLVrTmwJM5iSthpT4SXa7ykp+aDeesVzRqFXi4afNocrdkuk/3C0+K3IYEBd0hq2u99UWsb0BC8TJT8+9Mm5tP677GXDF6kIwlv4v52dkziBV28meOGqeTmwiuhgOv/Twoqw6F4DUD4hfOGZu2kssoP9KTIBSeV7ULmNv4gpvXJVo/SwF0yzACoaeCUHoFgqAoWZUPxFtPI2VdVoCywetsA3i2K8nO9y5/xiImExToEGndsPrW9c+f085UZsCjzEXa02FvXb2fXRlNNlHVUKHpKGpBDM+C3smYEpiFYRjpwu8M6Cn/KeMAF0jiPqX/TWbsOzw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LjJvoPFWhDmiaCLBg0LOzFdUkaf1IvaS55eMyY66ytk=; b=oriKxKGzk/l+PnMtYSslrRJPBe+kcSOzmrqqMAUMRL2newgZf+4nXAUjE1XXizNEmXkg/kxPObD8GR0tqEGJ1xrdvip4/q4Qk6GD7SlRPkIWBdnA82k9As0h5GuGGgB+Y9bb/KOZdfFyCqTbuHGFdsXNMYOS+GOpjEel7HH+UXc= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; Received: from CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) by CH2PR12MB3925.namprd12.prod.outlook.com (2603:10b6:610:21::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.22; Thu, 26 Aug 2021 22:27:23 +0000 Received: from CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0]) by CH2PR12MB4133.namprd12.prod.outlook.com ([fe80::d19e:b657:5259:24d0%8]) with mapi id 15.20.4436.019; Thu, 26 Aug 2021 22:27:23 +0000 From: Michael Roth To: qemu-devel@nongnu.org Cc: Connor Kuehl , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , "Michael S . Tsirkin" , James Bottomley , "Dr . David Alan Gilbert" , Tom Lendacky , Paolo Bonzini , Dov Murik , David Gibson , =?utf-8?q?Daniel_P_=2E_Berrang?= =?utf-8?q?=C3=A9?= , kvm@vger.kernel.org, Eduardo Habkost , Brijesh Singh , Markus Armbruster , Eric Blake Subject: [RFC PATCH v2 05/12] i386/sev: add the SNP launch start context Date: Thu, 26 Aug 2021 17:26:20 -0500 Message-Id: <20210826222627.3556-6-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210826222627.3556-1-michael.roth@amd.com> References: <20210826222627.3556-1-michael.roth@amd.com> X-ClientProxiedBy: SA9P221CA0017.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::22) To CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (165.204.77.1) by SA9P221CA0017.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19 via Frontend Transport; Thu, 26 Aug 2021 22:27:23 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c9b19e41-cd6f-48ad-6cc4-08d968e0acf1 X-MS-TrafficTypeDiagnostic: CH2PR12MB3925: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:208; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Pd8BhcIR53efWglYYhb6lqUAoMMQ8IfHZp+R63sLWKntsHFG2LPu0X/HXiRR+l3B92ZyW8mEMKFJ3+wwczQu3w4JBkOyx3olaOy7ZC1HWMYljMebr57HYm1l4ZrDW6gGOAGVMjZWfm/HhhUpMMbBnzYtNLEe+BrIGE+5wU7QUxoDazrMimKl9PW1RN5XruosbJ4fm6a91RMAHaiBurxbJNI9g/O287w5lulwObHrDEpzvjeuFi9hFyBCEucNEAjzufJcpDw84sPcplRUfAUntq6g/D4/ka1QobAkJOK6sTWSqa9Yp5TcfFEyJq1hKg9DpJead+LZPidDEf2I4ff4z54m/wo3S7OgAlLU13GYnUBiyZY4DSl1lEOanMxV7l5Iehw9cIzXPIT39yYLoteqiumrB31M/LJxzcL2nFRWwue5FvI1GzVHADnHEpkJKbV5ElkaW53vfdbTUYiOmmxXf0v5DQrXMjVmWu2oS1SIC1L1wLMyDDnta9CLUYHy+EyDxgj83zmnuf5LrOFpLossxMq5OfQHSkrrP/iSKLqe/EqZQGpnOz+ZecxzEVz9J0Kk6ZBOTJum1XR7DjDYNr2rffAKU+NCzq/AMDe285OYc1ip9amZq2NuopZd5AllgsUaF+zCzvkwAA0NvcgBBES/dfzWaoH1pk5YfS11tVZm0+mh0cen5ILJal1fnf7Nh3dnXh1XyXDadIbhGcEVHjzf2Ofqk/K5i/wvtEAlRqYdDJ1p4fd/K6a7s9JN5Z9dtXnNF3gaSiywE2v0KpIE8hR2SRchMbJ3sidW2oD+p+6zjInRP0nUFWOZtm64U7myGHISynVHpvm/3hVsS2Hax+Rmv+sbZhH7IGDc01uS4IDDtDPcXpNKCQzPmc5gw2XZ9G5/Cy7oB9ibIitu7JaaOxW6rrib49iCUKYoKmqKFklNmoSsdWXMSvZlpAoEapKodoe8126R8OkiFfB2qfr7WahNhj1ozZFoz+LEo+OHKU2dx6cR7k4lTKbcV7icEms71nBciaYSyNX/UPCPhigrdsodhzoAlsTmAPOrGkLwzI0Lekk= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:5; SRV:; IPV:NLI; SFV:SPM; H:CH2PR12MB4133.namprd12.prod.outlook.com; PTR:; CAT:OSPM; SFS:(4636009)(376002)(396003)(346002)(136003)(39860400002)(366004)(8676002)(38350700002)(66476007)(38100700002)(956004)(2616005)(66556008)(83380400001)(186003)(6916009)(478600001)(36756003)(316002)(4326008)(44832011)(54906003)(66946007)(52116002)(6496006)(2906002)(86362001)(1076003)(6486002)(5660300002)(7416002)(8936002)(26005)(23200700001); DIR:OUT; SFP:1501; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: mzxR+ILaO6WFdS3FbiLgqe33VP3CHlQXD49a4zRwYAbgfZcMPB/AgoU0qv5T5fLSrwEsE2SGotsr7+B1X1W3y1q6mmE4XYnRVcZbuUKiwjFzH7VfqlKHor8SrAuCEpQwYAeoeyuKKpbcxyVtjBTgr1vj1bftNqZl3jyLJzwUwEdDU0g/IzVFYwxJY328BS+LaF3quxVv4inNCd7JE6RvX/OFyEdzmc0VrFqPqSKEk3oobM4WWSAdxcZEkeya/nZzVaGddk8Lqeppx36/OfivQnzC11GmM+HvRGSUllqOh+l+QSvVb8TM5s622K63UDcN3AX8TF8Y3sTRCM77ZfQDzOFAHW+WmQnfe9/D4+8eWDWbvKzjlq+g07+iJB3tjUWpkhOGKFqmPGlMSXP/SYu9k2Na33XY/d3+OObxz8CwH8MhwGwBLWWacoDYzPh68K+eaakA4Xj6eJNM153mP8JMg5P2l/Nf/LQYVHTIoqEjNZcXSkmROGp68Bh/D3ulUQ14GM9Wiiq4RI1878X/2miWwHs2RzqqiG2sw3Kyk8sKV3F/j1DjTtJ/Ca7t6JjUo9Qk0tyL3t9n3Dux1ufAjMzrh6KKMRLy5NsTDe/yETwxNP2QkAl3vkIDtBBZuD7dytlW9kCV4DssP30CsdWzYqCDa2U5GOZ3ytpToiI4gGJwPFrLj67a5Z2BD/cYRXE256l11hXH5Y6ecUasuCBNjcHqkOoF/yAmJCBTGU/9+BCpXKJNQrCduGJfKPJYjb6gn+yu1fnTIrHgkKx0kaJiqyLu44xvsyPojGNUhAAOmjOcaCmTGlELb9cLGDaJCHi85EHvjuoe7DY35m2hEMwst6wlVLR3TO4nwNdCVHHP8eJgSCL6mTwcZ++1jW/CQEyYq7lq4e7iaIH8IgzNGG13dLwcdYEXgQR81t68nKQu90ODSzQg5aJ1wwrVAOUubNCffmBCjJkopVLgC6yRcVNSCgd9NA+h20wDpr7xh5xV4vqdCgaH6tSdSCLVu/gDvNZXoMVsk6BHRHkSOln8/eZGUcRDY7fOPi1DOJffWL4XSKpsG7zYHsoN6csbnjrL+1dO6tAW3vPhfoGOK9iGmiG+dHwuggWyioMtoDME/sQkHkdRQTX0dw8Fk7KM9Im/X0IkqSPo10eXuFWpya9TgJcRiagPXK9hdSq4WByP26QEicuONMcRxjtfMHLlfpvhto4MLlU+YXdW/lA978II70CCRijy//i0hTY/ZI+TztLz5Q9XJOyxRlih+vZfckK2vjzwy1DGgIn9kLPAobHNar4fqYQrHrKt1yqV+Qz4g2zEv1gxH/nfUnZy+JJxazHEV8yZAWvT X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c9b19e41-cd6f-48ad-6cc4-08d968e0acf1 X-MS-Exchange-CrossTenant-AuthSource: CH2PR12MB4133.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Aug 2021 22:27:23.4197 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: PChnfB8Z8DURP0i/4EB4yA/6wTo5H0vOTxJLM28vaadEwtxflcAfY4cbTxVopm408qFFlNnnT3hBUV/sy3IItQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB3925 Received-SPF: softfail client-ip=52.100.172.244; envelope-from=Michael.Roth@amd.com; helo=NAM11-DM6-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" From: Brijesh Singh The SNP_LAUNCH_START is called first to create a cryptographic launch context within the firmware. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth --- target/i386/sev.c | 29 ++++++++++++++++++++++++++++- target/i386/trace-events | 1 + 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index b8bd6ed9ea..51689d4fa4 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -875,6 +875,28 @@ sev_read_file_base64(const char *filename, guchar **data, gsize *len) return 0; } +static int +sev_snp_launch_start(SevSnpGuestState *sev_snp_guest) +{ + int fw_error, rc; + SevCommonState *sev_common = SEV_COMMON(sev_snp_guest); + struct kvm_sev_snp_launch_start *start = &sev_snp_guest->kvm_start_conf; + + trace_kvm_sev_snp_launch_start(start->policy); + + rc = sev_ioctl(sev_common->sev_fd, KVM_SEV_SNP_LAUNCH_START, + start, &fw_error); + if (rc < 0) { + error_report("%s: SNP_LAUNCH_START ret=%d fw_error=%d '%s'", + __func__, rc, fw_error, fw_error_to_str(fw_error)); + return 1; + } + + sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_UPDATE); + + return 0; +} + static int sev_launch_start(SevGuestState *sev_guest) { @@ -1173,7 +1195,12 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) goto err; } - ret = sev_launch_start(SEV_GUEST(sev_common)); + if (sev_snp_enabled()) { + ret = sev_snp_launch_start(SEV_SNP_GUEST(sev_common)); + } else { + ret = sev_launch_start(SEV_GUEST(sev_common)); + } + if (ret) { error_setg(errp, "%s: failed to create encryption context", __func__); goto err; diff --git a/target/i386/trace-events b/target/i386/trace-events index 2cd8726eeb..18cc14b956 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -11,3 +11,4 @@ kvm_sev_launch_measurement(const char *value) "data %s" kvm_sev_launch_finish(void) "" kvm_sev_launch_secret(uint64_t hpa, uint64_t hva, uint64_t secret, int len) "hpa 0x%" PRIx64 " hva 0x%" PRIx64 " data 0x%" PRIx64 " len %d" kvm_sev_attestation_report(const char *mnonce, const char *data) "mnonce %s data %s" +kvm_sev_snp_launch_start(uint64_t policy) "policy 0x%" PRIx64