[RFC,v1,09/22] sev: add SEV launch finish command

Message ID	147377809806.11859.4375323376894641953.stgit@brijesh-build-machine (mailing list archive)
State	New, archived
Headers	show Return-Path: <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org> From: Brijesh Singh <brijesh.singh@amd.com> To: <ehabkost@redhat.com>, <crosthwaite.peter@gmail.com>, <armbru@redhat.com>, <mst@redhat.com>, <p.fedin@samsung.com>, <qemu-devel@nongnu.org>, <lcapitulino@redhat.com>, <pbonzini@redhat.com>, <rth@twiddle.net> Date: Tue, 13 Sep 2016 10:48:18 -0400 Message-ID: <147377809806.11859.4375323376894641953.stgit@brijesh-build-machine> In-Reply-To: <147377800565.11859.4411044563640180545.stgit@brijesh-build-machine> References: <147377800565.11859.4411044563640180545.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwNjcwOzIzOkxQcFlxS2F4WUpPR0s3RnU5aE1OaGdKNlJF?= =?utf-8?B?QTVDMmhDSWZGblQ5RkhiQlh4L29oR0tkOEZwWTRtMng2b2p0dVNNU0FsaEFs?= =?utf-8?B?MVV4L0lZb2FScmhTN3ZlSUdlOHlyQWhQMHBRaTQ2MndTRFZCUG9ZZ3JXL1V0?= =?utf-8?B?ck1DdjduM2NFT0txeHhKb21HbGRDSUZDRjM0ZHRqeFZjdGZ3Zk5FWGRGUWxJ?= =?utf-8?B?U212WnI5aDhhaEdJazVlZ05KQXNTbUVvREZRTFdhL0RCVTNtamw0ZStkZ1hl?= =?utf-8?B?QkdLR3l5OXE1dXhuMnBEcTVTcnppRHA0TnY3Q2hKSHJTZ2psdHNSVzZaUWJ2?= =?utf-8?B?U2w2TERpMXN5UGp0RmZCaGJhZlpnSDJDVmF5RDdobFpmTjB2SGNEMENKNXkv?= =?utf-8?B?bU5GbWpIR3hiYWdyMnY5ZUhxSHZqVjR5ZStEcDNCMUxXck1mcldXcjhvN25B?= =?utf-8?B?M0g0SnU1SnhNbTA5a3ZzL3ZVby8xdTYrUVhEREVOOE83QlpUVWd1dkhTOVpk?= =?utf-8?B?VmNHWTFLSW5LNzZuZlBGMmxjZHFMdDQ5THlQZmpBLys0RkMwckRXTnFkNDlw?= =?utf-8?B?cTZicmlhSTFET1plM29HL3FHUU00dy92VDJwd1Y0Q3RER1FXNEM1MlN6NmJT?= =?utf-8?B?eXR4MG5kTVVZMU5RZDJUbDN5cG0xa1pOUUJaYUtNSXFLZTVxLzY5RVJvNGUv?= =?utf-8?B?MU5ha2NzY1UxR2haV2pvdFRhM3dMdlZSWEpPNVZRN1QwYS9wRzU0N25RMjRs?= =?utf-8?B?RGF6bGhkSVhCdit0emVJbVVsVlVpUmRmU05kWmt6OWVuamROcXBhbmg5bUFa?= =?utf-8?B?TmdjMDN4WDZlUlhDRzhPZVNTbUs0THhFclVwRG1FZnczQmZFZGFOdWxIRUN2?= =?utf-8?B?R2xFQnN0NkpnTVZTc1hNVWVScVFkQzQ4MVZSZWRFNXA0aUlWVndKa25CZXVi?= =?utf-8?B?SHBkRkdKUUZ0a3Biak9ZSkFxWEdVU0Raa3hKN3RFckwyNC8xb3NSQ0w1YjFv?= =?utf-8?B?NG5RMFd5QWdvQXBxYlVZZ1hWYW0zVm5xL1RzdHQxYkhoS09VY2NCelJpVGcv?= =?utf-8?B?WUl1c3lVOVFBWEs5RUhCVFkxWFhOU1pXYjJaYUYzbXRHTGIrRVJ3WnBUa1Fi?= =?utf-8?B?ZkhGUWxZM0pxT2MwMlRjSlowMFNSbWFqemoyM3g4TEltSzllQWVyMUx3U2Fs?= =?utf-8?B?OW5XMTE0eVF3eFFHL3NQSm1oSzdBQnpua0p1UTBwcUFxNnF5cHBraFp2TS9H?= =?utf-8?B?WmdORHZ2ZjRkTUFxSVZWY0RES0RsaWZ1Z3hzbjkzZ1NHN1Bla0lqSmFlZm5B?= =?utf-8?B?alJ2K2hvUk1yb0ljd2tobFpMdEZTZUE1Tk5Fb0VSSm51ZVdEK1lNZjhDRzIy?= =?utf-8?B?em9hdFU0K2RlK1V0bEpmMkd0c3FMS0doWDZsR3AwZ2Jmb0FCd2pQcTVMczJG?= =?utf-8?B?NjJqT3hlRTZFYUhtSkYyZ2FCNnFFREhhSEJIZzBhQXJHZHhKRnM2SlgyeHVO?= =?utf-8?B?QUdRamtxeGQrT2JOZmlrZGhnbGNhUjVlUEppZzhwY0x2Rm0xN3QvWVJ3TGVv?= =?utf-8?B?amlQSVJIaFdjb3RKWlRZaVBDWjNhWkRvUzVJeDVHOEhDRHNjMVd1QUliQXpk?= =?utf-8?B?eWRXelhkTkVZZTFRQnVJbHN5eHU2L2ZNV0tTOUEwMDZhTkJIYTFleWxrcy9C?= =?utf-8?B?QmJzYUlHbTU2ZDY3R0I2ZmlxT2NKZ0ZTOUhuOGRQaXpQeERMV0hjSTRrWHVV?= =?utf-8?B?cHRWZjBWdFRnQ0lSR3d1ZTd4TGJzRlNrdGVzUmRIR1hPTGdXYU5KWWJLMmFF?= =?utf-8?Q?BFxkC61kGzSV3?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0670; 6:e/auFIjrEHkRVizRAJDy3UZn4eS/rDD1L8EGr9BFEJTta6ZmHERRltXvNYL9T3+WEX0Isu3hF0SDjb8R0gZl5YI1qpf05o31WSFAnEitrXkVWQLIo3F27/jrTS7kXqXfwOBuTvEyh9Y9chMloiu7daVyDQeKhoi5G/9+ApC+PNECYpteUQmh/sgrtCB82Y4TjoQ0WMrVwu17R8MCDCheReF9LWJriL8KUmxZ9kOLfgeMMmJ/pjPim9KQbtLxO/nzHmSUDxUkLtxHTOT17xMZ/rjJ9kRzeGiOL2YHEyyxd9g2m1r5GbL0M1bE4C0FDVKWKq0Ip4/AKtG0E3i/YiIeQw==; 5:DPZ9sVr34qX12N898smJSfyVGx5zb2jgG46a2b/UWkEeWGOaRKj33K1Yv2cJ60/rPYaCPbXVYXwjdjZVlxzP/wKA8S5lwbH5eboWTePkz1Yus08XMZT3ahix2d0HGF1u8PAbjfQEKLh1yk8EF0wumQ==; 24:B8aW0T2HpmSt54wHs3YSbLtG9wqv/M638/b1tTJEDPIhV3/hO1iAjWO2LK3DuEJQX39T9zsUunzQC5Wak4ZJExG5AtZkcdbnqOBhPCMKAwc=; 7:iz/0kbW2JYKM0Ev+8/K7ggU98oni9QsExENmBi/49VJFAxjCMCYWzHtJ1ZsKBdayBVHv+kL2HC+d2jJOGwLoQSXiHZMmMFUFiGC8lIjRedpT0lpyiMXVGU7z8R9Y1mC6ULHiLv78YGBjqf8QXd1nOsSdnUta299R2jG0Z2JqlNwImDVKohK8dJ5jRV9EQGPstTqI494EVWspvHTXyaaMOlB2Xa878jFuVSneUUtRYPlRBtO8vbOVLw82nG41uMD+ SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0670; 20:lEK0eTeBL1E3wKy09XYw2q877J2YC/eZirEFgZ/am4qUrLHmmHq4h0z56G0Wbd6PyBBYB9cxwQkI/uSMEY/WA4R74hJQXGnPl1HVYGRIi+FL2ch8YxKCRdIQJ3CsyT+aUAbGqUJIdoN60HOFAssDiUCx9vSe8s3MIO+5X8/Rg8EfyFj39tAO+Dhqb+zTvXZEsf2eeTNxw4wnYRTcQwjJZS8ibK3r1IEjlFPleVrs/l6pIXvArS4njDARF6+y0dXA Subject: [Qemu-devel] [RFC PATCH v1 09/22] sev: add SEV launch finish command Precedence: list Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

Message ID

147377809806.11859.4375323376894641953.stgit@brijesh-build-machine (mailing list archive)

State

New, archived

Headers

From: Brijesh Singh <brijesh.singh@amd.com>
To: <ehabkost@redhat.com>, <crosthwaite.peter@gmail.com>, <armbru@redhat.com>,
	<mst@redhat.com>, <p.fedin@samsung.com>, <qemu-devel@nongnu.org>,
	<lcapitulino@redhat.com>, <pbonzini@redhat.com>, <rth@twiddle.net>
Date: Tue, 13 Sep 2016 10:48:18 -0400
Message-ID: <147377809806.11859.4375323376894641953.stgit@brijesh-build-machine>
In-Reply-To: <147377800565.11859.4411044563640180545.stgit@brijesh-build-machine>
References: <147377800565.11859.4411044563640180545.stgit@brijesh-build-machine>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2016 14:48:22.2901
	(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0670
X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy]
X-Received-From: 104.47.42.64
X-Mailman-Approved-At: Tue, 13 Sep 2016 11:45:46 -0400
Subject: [Qemu-devel] [RFC PATCH v1 09/22] sev: add SEV launch finish command
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Commit Message

Brijesh Singh Sept. 13, 2016, 2:48 p.m. UTC

The SEV LAUNCH_FINISH command is used for finalizing the guest launch
process. The commad returned a measurement value that can be handed to
the guest owner to validate the guest before vmrun.

For more information see [1], section 6.3

[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf

The following KVM RFC patches defines and implements this command
http://marc.info/?l=kvm&m=147190852423972&w=2
http://marc.info/?l=kvm&m=147190856623987&w=2

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 include/sysemu/sev.h |   17 +++++++++++++-
 sev.c                |   61 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 77 insertions(+), 1 deletion(-)

Comments

Eduardo Habkost Sept. 13, 2016, 10:15 p.m. UTC | #1

On Tue, Sep 13, 2016 at 10:48:18AM -0400, Brijesh Singh wrote:
> The SEV LAUNCH_FINISH command is used for finalizing the guest launch
> process. The commad returned a measurement value that can be handed to
> the guest owner to validate the guest before vmrun.
> 
> For more information see [1], section 6.3
> 
> [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
> 
> The following KVM RFC patches defines and implements this command
> http://marc.info/?l=kvm&m=147190852423972&w=2
> http://marc.info/?l=kvm&m=147190856623987&w=2
> 
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
[...]
> +int kvm_sev_guest_measurement(uint8_t *out)

I don't see any code calling this function yet. Do you have any
plans on how exactly this will be handed back to the guest owner?
A QMP command?

> +{
> +    SEVInfo *s = sev_info;
> +    struct kvm_sev_launch_finish *finish = s->launch_finish;
> +
> +    if (!s) {
> +        return 1;
> +    }
> +
> +    if (s->type == UNENCRYPTED_GUEST &&
> +            s->state == SEV_LAUNCH_FINISH) {
> +        memcpy(out, finish->measurement, 32);
> +    } else {
> +        return 1;

Probably it would be more appropriate to use Error** to report
errors in most of the code in this series.

> +    }
> +
> +    return 0;
> +}
>

diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h
index b58a9d7..ab03c5d 100644
--- a/include/sysemu/sev.h
+++ b/include/sysemu/sev.h
@@ -39,5 +39,20 @@  int kvm_sev_guest_start(void);
  */
 int kvm_sev_guest_update(uint8_t *address, uint32_t len);
 
-#endif
+/**
+ * kvm_sev_guest_finish - finialize launching guest into SEV mode.
+ */
+int kvm_sev_guest_finish(void);
 
+/**
+ * kvm_sev_guest_get_measurement - get measurement from launch finish command.
+ *
+ * @measurement: measurement values returned from the SEV. Its 32-byte value
+ * and buffer must be allocated by caller.
+ *
+ * Returns: 0 on success and @measurement will contain the value, or
+ *          1 on failure.
+ */
+int kvm_sev_guest_measurement(uint8_t *measurement);
+
+#endif
diff --git a/sev.c b/sev.c
index a451dc0..055ed83 100644
--- a/sev.c
+++ b/sev.c
@@ -48,6 +48,7 @@ 
 
 enum {
     SEV_LAUNCH_START = 0x1,
+    SEV_LAUNCH_FINISH,
 };
 
 struct SEVInfo {
@@ -326,6 +327,32 @@  static int sev_launch_update(uint8_t *addr, uint32_t len)
     return 0;
 }
 
+static int sev_launch_finish(void)
+{
+    int i, ret;
+    SEVInfo *s = sev_info;
+    struct kvm_sev_issue_cmd input;
+    struct kvm_sev_launch_finish *finish = s->launch_finish;
+
+    input.cmd = KVM_SEV_LAUNCH_FINISH;
+    input.opaque = (__u64)finish;
+    ret = kvm_vm_ioctl(kvm_state, KVM_SEV_ISSUE_CMD, &input);
+    if (ret) {
+        fprintf(stderr, "SEV: launch_finish failed ret=%d(%#010x)\n",
+                ret, input.ret_code);
+        exit(EXIT_FAILURE);
+    }
+
+    DPRINTF("SEV: LAUNCH finish measurement=0x");
+    for (i = 0; i < 32; i++) {
+        DPRINTF("%02x", finish->measurement[i]);
+    }
+    DPRINTF("\n");
+
+    s->state = SEV_LAUNCH_FINISH;
+    return 0;
+}
+
 int kvm_sev_guest_start(void)
 {
     SEVInfo *s = sev_info;
@@ -371,3 +398,37 @@  int kvm_sev_guest_update(uint8_t *addr, uint32_t len)
 
     return 1;
 }
+
+int kvm_sev_guest_finish(void)
+{
+    SEVInfo *s = sev_info;
+
+    if (!s) {
+        return 1;
+    }
+
+    if (s->state == SEV_LAUNCH_START) {
+        return sev_launch_finish();
+    }
+
+    return 1;
+}
+
+int kvm_sev_guest_measurement(uint8_t *out)
+{
+    SEVInfo *s = sev_info;
+    struct kvm_sev_launch_finish *finish = s->launch_finish;
+
+    if (!s) {
+        return 1;
+    }
+
+    if (s->type == UNENCRYPTED_GUEST &&
+            s->state == SEV_LAUNCH_FINISH) {
+        memcpy(out, finish->measurement, 32);
+    } else {
+        return 1;
+    }
+
+    return 0;
+}

[RFC,v1,09/22] sev: add SEV launch finish command

Commit Message

Comments

Patch