| Message ID | 20240419155709.318866-16-jean-philippe@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | arm: Run CCA VMs with KVM | expand |
Jean-Philippe Brucker <jean-philippe@linaro.org> writes: > The Realm Personalization Value (RPV) is provided by the user to > distinguish Realms that have the same initial measurement. > > The user provides up to 64 hexadecimal bytes. They are stored into the > RPV in the same order, zero-padded on the right. > > Cc: Eric Blake <eblake@redhat.com> > Cc: Markus Armbruster <armbru@redhat.com> > Cc: Daniel P. Berrangé <berrange@redhat.com> > Cc: Eduardo Habkost <eduardo@habkost.net> > Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> > --- > v1->v2: Move parsing early, store as-is rather than reverted > --- > qapi/qom.json | 15 +++++- > target/arm/kvm-rme.c | 111 +++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 125 insertions(+), 1 deletion(-) > > diff --git a/qapi/qom.json b/qapi/qom.json > index 623ec8071f..91654aa267 100644 > --- a/qapi/qom.json > +++ b/qapi/qom.json > @@ -931,6 +931,18 @@ > 'data': { '*cpu-affinity': ['uint16'], > '*node-affinity': ['uint16'] } } > > +## > +# @RmeGuestProperties: > +# > +# Properties for rme-guest objects. > +# > +# @personalization-value: Realm personalization value, as a 64-byte hex string > +# (default: 0) docs/devel/qapi-code-gen.rst: For legibility, wrap text paragraphs so every line is at most 70 characters long. > +# > +# Since: FIXME 9.1 > +## > +{ 'struct': 'RmeGuestProperties', > + 'data': { '*personalization-value': 'str' } } > > ## > # @ObjectType: > @@ -1066,7 +1078,8 @@ > 'tls-creds-x509': 'TlsCredsX509Properties', > 'tls-cipher-suites': 'TlsCredsProperties', > 'x-remote-object': 'RemoteObjectProperties', > - 'x-vfio-user-server': 'VfioUserServerProperties' > + 'x-vfio-user-server': 'VfioUserServerProperties', > + 'rme-guest': 'RmeGuestProperties' > } } > > ## With the doc comment issues addressed, QAPI schema Acked-by: Markus Armbruster <armbru@redhat.com> [...]
On Fri, 19 Apr 2024 at 16:59, Jean-Philippe Brucker <jean-philippe@linaro.org> wrote: > > The Realm Personalization Value (RPV) is provided by the user to > distinguish Realms that have the same initial measurement. > > The user provides up to 64 hexadecimal bytes. They are stored into the > RPV in the same order, zero-padded on the right. > > Cc: Eric Blake <eblake@redhat.com> > Cc: Markus Armbruster <armbru@redhat.com> > Cc: Daniel P. Berrangé <berrange@redhat.com> > Cc: Eduardo Habkost <eduardo@habkost.net> > Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> > --- > v1->v2: Move parsing early, store as-is rather than reverted > --- > qapi/qom.json | 15 +++++- > target/arm/kvm-rme.c | 111 +++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 125 insertions(+), 1 deletion(-) > > diff --git a/qapi/qom.json b/qapi/qom.json > index 623ec8071f..91654aa267 100644 > --- a/qapi/qom.json > +++ b/qapi/qom.json > @@ -931,6 +931,18 @@ > 'data': { '*cpu-affinity': ['uint16'], > '*node-affinity': ['uint16'] } } > > +## > +# @RmeGuestProperties: > +# > +# Properties for rme-guest objects. > +# > +# @personalization-value: Realm personalization value, as a 64-byte hex string > +# (default: 0) > +# > +# Since: FIXME > +## > +{ 'struct': 'RmeGuestProperties', > + 'data': { '*personalization-value': 'str' } } > > ## > # @ObjectType: > @@ -1066,7 +1078,8 @@ > 'tls-creds-x509': 'TlsCredsX509Properties', > 'tls-cipher-suites': 'TlsCredsProperties', > 'x-remote-object': 'RemoteObjectProperties', > - 'x-vfio-user-server': 'VfioUserServerProperties' > + 'x-vfio-user-server': 'VfioUserServerProperties', > + 'rme-guest': 'RmeGuestProperties' > } } This list is in alphabetical order. Are we obliged to add new items to the end for some compatibility reason, or should this new item be filed in its correct place with the other 'r's ? thanks -- PMM
On Tue, Apr 23, 2024 at 01:20:20PM +0100, Peter Maydell wrote: > On Fri, 19 Apr 2024 at 16:59, Jean-Philippe Brucker > <jean-philippe@linaro.org> wrote: > > > > The Realm Personalization Value (RPV) is provided by the user to > > distinguish Realms that have the same initial measurement. > > > > The user provides up to 64 hexadecimal bytes. They are stored into the > > RPV in the same order, zero-padded on the right. > > > > Cc: Eric Blake <eblake@redhat.com> > > Cc: Markus Armbruster <armbru@redhat.com> > > Cc: Daniel P. Berrangé <berrange@redhat.com> > > Cc: Eduardo Habkost <eduardo@habkost.net> > > Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> > > --- > > v1->v2: Move parsing early, store as-is rather than reverted > > --- > > qapi/qom.json | 15 +++++- > > target/arm/kvm-rme.c | 111 +++++++++++++++++++++++++++++++++++++++++++ > > 2 files changed, 125 insertions(+), 1 deletion(-) > > > > diff --git a/qapi/qom.json b/qapi/qom.json > > index 623ec8071f..91654aa267 100644 > > --- a/qapi/qom.json > > +++ b/qapi/qom.json > > @@ -931,6 +931,18 @@ > > 'data': { '*cpu-affinity': ['uint16'], > > '*node-affinity': ['uint16'] } } > > > > +## > > +# @RmeGuestProperties: > > +# > > +# Properties for rme-guest objects. > > +# > > +# @personalization-value: Realm personalization value, as a 64-byte hex string > > +# (default: 0) > > +# > > +# Since: FIXME > > +## > > +{ 'struct': 'RmeGuestProperties', > > + 'data': { '*personalization-value': 'str' } } > > > > ## > > # @ObjectType: > > @@ -1066,7 +1078,8 @@ > > 'tls-creds-x509': 'TlsCredsX509Properties', > > 'tls-cipher-suites': 'TlsCredsProperties', > > 'x-remote-object': 'RemoteObjectProperties', > > - 'x-vfio-user-server': 'VfioUserServerProperties' > > + 'x-vfio-user-server': 'VfioUserServerProperties', > > + 'rme-guest': 'RmeGuestProperties' > > } } > > This list is in alphabetical order. Are we obliged to add new > items to the end for some compatibility reason, or should this new > item be filed in its correct place with the other 'r's ? Ordering has no bearing on compatibility, so this should be at the correct alphbetical position. With regards, Daniel
Peter Maydell <peter.maydell@linaro.org> writes: > On Fri, 19 Apr 2024 at 16:59, Jean-Philippe Brucker > <jean-philippe@linaro.org> wrote: >> >> The Realm Personalization Value (RPV) is provided by the user to >> distinguish Realms that have the same initial measurement. >> >> The user provides up to 64 hexadecimal bytes. They are stored into the >> RPV in the same order, zero-padded on the right. >> >> Cc: Eric Blake <eblake@redhat.com> >> Cc: Markus Armbruster <armbru@redhat.com> >> Cc: Daniel P. Berrangé <berrange@redhat.com> >> Cc: Eduardo Habkost <eduardo@habkost.net> >> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> >> --- >> v1->v2: Move parsing early, store as-is rather than reverted >> --- >> qapi/qom.json | 15 +++++- >> target/arm/kvm-rme.c | 111 +++++++++++++++++++++++++++++++++++++++++++ >> 2 files changed, 125 insertions(+), 1 deletion(-) >> >> diff --git a/qapi/qom.json b/qapi/qom.json >> index 623ec8071f..91654aa267 100644 >> --- a/qapi/qom.json >> +++ b/qapi/qom.json >> @@ -931,6 +931,18 @@ >> 'data': { '*cpu-affinity': ['uint16'], >> '*node-affinity': ['uint16'] } } >> >> +## >> +# @RmeGuestProperties: >> +# >> +# Properties for rme-guest objects. >> +# >> +# @personalization-value: Realm personalization value, as a 64-byte hex string >> +# (default: 0) >> +# >> +# Since: FIXME >> +## >> +{ 'struct': 'RmeGuestProperties', >> + 'data': { '*personalization-value': 'str' } } >> >> ## >> # @ObjectType: >> @@ -1066,7 +1078,8 @@ >> 'tls-creds-x509': 'TlsCredsX509Properties', >> 'tls-cipher-suites': 'TlsCredsProperties', >> 'x-remote-object': 'RemoteObjectProperties', >> - 'x-vfio-user-server': 'VfioUserServerProperties' >> + 'x-vfio-user-server': 'VfioUserServerProperties', >> + 'rme-guest': 'RmeGuestProperties' >> } } > > This list is in alphabetical order. Are we obliged to add new > items to the end for some compatibility reason, or should this new Since order does not matter, we should keep it sorted. Same for enum ObjectType. Thanks!
diff --git a/qapi/qom.json b/qapi/qom.json index 623ec8071f..91654aa267 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -931,6 +931,18 @@ 'data': { '*cpu-affinity': ['uint16'], '*node-affinity': ['uint16'] } } +## +# @RmeGuestProperties: +# +# Properties for rme-guest objects. +# +# @personalization-value: Realm personalization value, as a 64-byte hex string +# (default: 0) +# +# Since: FIXME +## +{ 'struct': 'RmeGuestProperties', + 'data': { '*personalization-value': 'str' } } ## # @ObjectType: @@ -1066,7 +1078,8 @@ 'tls-creds-x509': 'TlsCredsX509Properties', 'tls-cipher-suites': 'TlsCredsProperties', 'x-remote-object': 'RemoteObjectProperties', - 'x-vfio-user-server': 'VfioUserServerProperties' + 'x-vfio-user-server': 'VfioUserServerProperties', + 'rme-guest': 'RmeGuestProperties' } } ## diff --git a/target/arm/kvm-rme.c b/target/arm/kvm-rme.c index b2ad10ef6d..cb5c3f7a22 100644 --- a/target/arm/kvm-rme.c +++ b/target/arm/kvm-rme.c @@ -23,10 +23,13 @@ OBJECT_DECLARE_SIMPLE_TYPE(RmeGuest, RME_GUEST) #define RME_PAGE_SIZE qemu_real_host_page_size() +#define RME_MAX_CFG 1 + struct RmeGuest { ConfidentialGuestSupport parent_obj; Notifier rom_load_notifier; GSList *ram_regions; + uint8_t *personalization_value; }; typedef struct { @@ -54,6 +57,48 @@ static int rme_create_rd(Error **errp) return ret; } +static int rme_configure_one(RmeGuest *guest, uint32_t cfg, Error **errp) +{ + int ret; + const char *cfg_str; + struct kvm_cap_arm_rme_config_item args = { + .cfg = cfg, + }; + + switch (cfg) { + case KVM_CAP_ARM_RME_CFG_RPV: + if (!guest->personalization_value) { + return 0; + } + memcpy(args.rpv, guest->personalization_value, KVM_CAP_ARM_RME_RPV_SIZE); + cfg_str = "personalization value"; + break; + default: + g_assert_not_reached(); + } + + ret = kvm_vm_enable_cap(kvm_state, KVM_CAP_ARM_RME, 0, + KVM_CAP_ARM_RME_CONFIG_REALM, (intptr_t)&args); + if (ret) { + error_setg_errno(errp, -ret, "RME: failed to configure %s", cfg_str); + } + return ret; +} + +static int rme_configure(void) +{ + int ret; + int cfg; + + for (cfg = 0; cfg < RME_MAX_CFG; cfg++) { + ret = rme_configure_one(rme_guest, cfg, &error_abort); + if (ret) { + return ret; + } + } + return 0; +} + static void rme_populate_realm(gpointer data, gpointer unused) { int ret; @@ -98,6 +143,11 @@ static void rme_vm_state_change(void *opaque, bool running, RunState state) return; } + ret = rme_configure(); + if (ret) { + return; + } + ret = rme_create_rd(&error_abort); if (ret) { return; @@ -231,8 +281,69 @@ int kvm_arm_rme_vm_type(MachineState *ms) return 0; } +static char *rme_get_rpv(Object *obj, Error **errp) +{ + RmeGuest *guest = RME_GUEST(obj); + GString *s; + int i; + + if (!guest->personalization_value) { + return NULL; + } + + s = g_string_sized_new(KVM_CAP_ARM_RME_RPV_SIZE * 2 + 1); + + for (i = 0; i < KVM_CAP_ARM_RME_RPV_SIZE; i++) { + g_string_append_printf(s, "%02x", guest->personalization_value[i]); + } + + return g_string_free(s, /* free_segment */ false); +} + +static void rme_set_rpv(Object *obj, const char *value, Error **errp) +{ + RmeGuest *guest = RME_GUEST(obj); + size_t len = strlen(value); + uint8_t *out; + int i = 1; + int ret; + + g_free(guest->personalization_value); + guest->personalization_value = out = g_malloc0(KVM_CAP_ARM_RME_RPV_SIZE); + + /* Two chars per byte */ + if (len > KVM_CAP_ARM_RME_RPV_SIZE * 2) { + error_setg(errp, "Realm Personalization Value is too large"); + return; + } + + /* First byte may have a single char */ + if (len % 2) { + ret = sscanf(value, "%1hhx", out++); + } else { + ret = sscanf(value, "%2hhx", out++); + i++; + } + if (ret != 1) { + error_setg(errp, "Invalid Realm Personalization Value"); + return; + } + + for (; i < len; i += 2) { + ret = sscanf(value + i, "%2hhx", out++); + if (ret != 1) { + error_setg(errp, "Invalid Realm Personalization Value"); + return; + } + } +} + static void rme_guest_class_init(ObjectClass *oc, void *data) { + object_class_property_add_str(oc, "personalization-value", rme_get_rpv, + rme_set_rpv); + object_class_property_set_description(oc, "personalization-value", + "Realm personalization value (512-bit hexadecimal number)"); } static void rme_guest_instance_init(Object *obj)
The Realm Personalization Value (RPV) is provided by the user to distinguish Realms that have the same initial measurement. The user provides up to 64 hexadecimal bytes. They are stored into the RPV in the same order, zero-padded on the right. Cc: Eric Blake <eblake@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Cc: Daniel P. Berrangé <berrange@redhat.com> Cc: Eduardo Habkost <eduardo@habkost.net> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> --- v1->v2: Move parsing early, store as-is rather than reverted --- qapi/qom.json | 15 +++++- target/arm/kvm-rme.c | 111 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 125 insertions(+), 1 deletion(-)