Message ID | 20180307165038.88640-18-brijesh.singh@amd.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show
Return-Path: <kvm-owner@kernel.org> Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id BFABA602BD for <patchwork-kvm@patchwork.kernel.org>; Wed, 7 Mar 2018 16:52:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AF2E8296B0 for <patchwork-kvm@patchwork.kernel.org>; Wed, 7 Mar 2018 16:52:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A3896296B2; Wed, 7 Mar 2018 16:52:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EBD66296B0 for <patchwork-kvm@patchwork.kernel.org>; Wed, 7 Mar 2018 16:52:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933704AbeCGQwY (ORCPT <rfc822;patchwork-kvm@patchwork.kernel.org>); Wed, 7 Mar 2018 11:52:24 -0500 Received: from mail-bl2nam02on0075.outbound.protection.outlook.com ([104.47.38.75]:30896 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S934069AbeCGQvy (ORCPT <rfc822;kvm@vger.kernel.org>); Wed, 7 Mar 2018 11:51:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=hswdwbRPMNmiaZsogZDUeqLXXHCPFLfZq54ztWs1Z9A=; b=astaWX8Vr7T0eavAyCD31Rmja2duXK90C9vuytlsdGXYYeB4cDgUE6HV1JH0xwoSdNTJRBOJbdFNvq//V8w13Ip9pZrxkaqgzTee1OpLsEV6n3/h+wCH+O8zrMHJYtsJYQn1hzp13tpd2GCxpRTsUcBWfxzheCGWQYO+Lz8Ay6k= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0158.namprd12.prod.outlook.com (2a01:111:e400:5144::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Wed, 7 Mar 2018 16:51:18 +0000 From: Brijesh Singh <brijesh.singh@amd.com> To: qemu-devel@nongnu.org Cc: Alistair Francis <alistair.francis@xilinx.com>, Christian Borntraeger <borntraeger@de.ibm.com>, Cornelia Huck <cornelia.huck@de.ibm.com>, "Daniel P . Berrange" <berrange@redhat.com>, "Dr. David Alan Gilbert" <dgilbert@redhat.com>, "Michael S. Tsirkin" <mst@redhat.com>, "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>, Eduardo Habkost <ehabkost@redhat.com>, Eric Blake <eblake@redhat.com>, kvm@vger.kernel.org, Marcel Apfelbaum <marcel@redhat.com>, Markus Armbruster <armbru@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, Peter Crosthwaite <crosthwaite.peter@gmail.com>, Peter Maydell <peter.maydell@linaro.org>, Richard Henderson <richard.henderson@linaro.org>, Stefan Hajnoczi <stefanha@gmail.com>, Thomas Lendacky <Thomas.Lendacky@amd.com>, Borislav Petkov <bp@suse.de>, Alexander Graf <agraf@suse.de>, Bruce Rogers <brogers@suse.com>, Brijesh Singh <brijesh.singh@amd.com>, Richard Henderson <rth@twiddle.net> Subject: [PATCH v11 17/28] target/i386: encrypt bios rom Date: Wed, 7 Mar 2018 10:50:27 -0600 Message-Id: <20180307165038.88640-18-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180307165038.88640-1-brijesh.singh@amd.com> References: <20180307165038.88640-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0095.namprd05.prod.outlook.com (2603:10b6:803:22::33) To SN1PR12MB0158.namprd12.prod.outlook.com (2a01:111:e400:5144::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 861c31f1-b153-4482-c800-08d5844ba61a X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:MExIcuNk2fBQKtDp2gsJ9+scEBqH5Yw+YiFVt8/y4uqDjhUrq9RzmWGKyZl1aI0HXBNo8gew1o3BG68Ht+WfJIEHkhgTBgR4OIVzGr4SdMP9+AQR7hq8qiYuBDiKaJYdEPioVBhF6wNucPWT6XYxM8XEyEJDOH/+uXLeGFMgVolo33fPudWAchLb9o4LpwSZGCSElxlD5y1yRt5kTPY6tyc/uxL/aAXRIq4aE2Jskl1Mp6U/aLxTa0fM8bt5OqAk; 25:AoJrXauyJwLQnUdBcgW1p/R988lWnRzS5iXievWEHV7hCjFDiAFfjqhuABPum7VXwS/ng9W+OFxvuL5YSTpvos462HS9iNd8JcdTxeAywwNqghQRiYQ9NCnOOFDfRYpG0u1745xp/nzBYPTa6BfZ50aR0goG07TFYa1daqoXOnqQavREz4suZdXxXe17oEnRVpoDzLucX747pgr8lhp90AKacWCe2z5m5naKgEirFOKUckQW0snBLOlEOUE1Z6knlf2xJbmo0WzeUpfSO5bc4b8uMA336jcA4XvfMVDQAtXxslgdq1jXhzldhkqeCvvzX7qAeUy4dIPYyxHe8Duu6Q==; 31:PAa2ZVem1fHXjqgqzv+MB6Y5jgntr0kwVnENb/ZINElJfygJFz6jq10/CY86WxEou64Xbo8M6zwa+S72VEoq9JnBaaEbL8i6JzoB9Y3/lvv1/alHyikhzGzpatYVvoRx94P9utMFXBjGWMxUHtCFQuFaywDFjGe31K5m1t949gm1RkqKy1EpZit3/cOXdC2YyCO+noVQgnUIEZtnQswCiXFIpalrz4zwCZGacIn2Ims= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:9sJG28cGOrcw31XZuJFVeOIGhNIW5PDLhivFf/gaPZjDOQopN5mj7k7EgWP4gTVBlTUHi6py7Mefy4wP1bliI9ELP0GWdz2og/jKwZvab6QD1ItocZj+jvbHSkF95/eVTZIyH3udj5TS2XFO0J8Kd/HinHNcIFgGUKlEVpzAM3wReFl93dbrTkrL1RF/VptPgfQVYWem7IXmYprrd3nYLW/Jp48b/EUUEloIFjegOtAdiHFOQ2y/sn75H4OoVllHMK2ybBNsXknATlRD3CUONAdI+Vbbm/UTRlzApKp07YaGj5atm8JD0nkyeN/EgP9xqKnl+3s3Bi+Ey+XSHnlUsrMRgcItCKraixiza0DNV0HmST/GxLj2Cy5rwzMU/2vb4nK2TIYmJw76ejGwtMGAuJ+H6ZMonyT1ergrV8qvcNpy5rsYBHbth8zSoMTHpYMqm8UK1I9SaJB3Vy9VkoVB3EXy8TAWFmS8g4poWNwbgxfrtzMXEaD1DB/A4UmyKg1Z; 4:H+vAxbGhQ+cjtxe0Qkcse1Nfg8mKdOkAx8J68zWx32Xmi6KIQRO+U7mcWufzzOu+i/vvbbHX/6RimGYTyG1t8a9qcxWUdXwRoTNajA6ujYEWKUYPk6nvFSWwC7z7tsiPF5T7s+W1nqNPL3TiGbmmS/GmsO6ueWwW8WtFAM1JNte8Sl7JRtJ2v6lRY9NewVqrJ6ig5Ud09ZKUYt5+mGnru02VvNxtS3IBNDKdR6Ytwi13U7768+fLSIFfml+v4sp3Fxm3BzVm9HhHdRba6w1sgLZM8pakWeVd8WuKhIbeE9dF4nPI5RmNhhSuH1izaJQs X-Microsoft-Antispam-PRVS: <SN1PR12MB01582727A6AC92175596F243E5D80@SN1PR12MB0158.namprd12.prod.outlook.com> X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(3002001)(6055026)(6041288)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(6072148)(201708071742011); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB0158; X-Forefront-PRVS: 0604AFA86B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39380400002)(39860400002)(376002)(346002)(396003)(366004)(189003)(199004)(53936002)(8666007)(2950100002)(6486002)(6666003)(6916009)(53416004)(3846002)(1076002)(6116002)(4326008)(54906003)(8656006)(2906002)(25786009)(386003)(68736007)(478600001)(48376002)(50466002)(105586002)(2361001)(2351001)(86362001)(66066001)(106356001)(47776003)(186003)(16526019)(51416003)(76176011)(52116002)(7696005)(26005)(16586007)(316002)(50226002)(8936002)(8676002)(81156014)(81166006)(36756003)(7416002)(97736004)(305945005)(7736002)(39060400002)(5660300001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158; 23:UBSdFI0NvOVApfGPFh2Fx0f8fSl3vxtieQk2Szq6w?= =?us-ascii?Q?zXCmTXR4Q9ZhN0m0mr72zIbmkXdyYsXKBr8tKcj23IDnBKQylshRBGlxITlH?= =?us-ascii?Q?mX2DuKTYS76XBC6Mye57IaFVVgtRaOeQMFn3pWVdHBeIijdvNdhbomWdlAoM?= =?us-ascii?Q?G/LzEIhHQ5RQft+Yrm4WZZu57XF6TpKDPvF1CogEmWfuA7aeeRbWZFnrSuOB?= =?us-ascii?Q?X1m5DF0B9zBvSn9MSUqd+5JAdkysQGjWY81706VOAZUQ1PzVHr9v87NWlG1u?= =?us-ascii?Q?ZxTcOj4aYXaWkd2vjw0+eTRPLpswmYi2gB0X9lC5h7IPlRM1KsIIdd+t5mW5?= =?us-ascii?Q?v7iX3HExoxz9pluknacjwp7L+XuWpUVM23sjzlvBnes2KN+lUVPwe5yFQFdW?= =?us-ascii?Q?/XaRDHRBsBmwCzz7xw8qhRuDCsUsw8pZDiOAa2m3wLo8a2EugdhIXScHtIB3?= =?us-ascii?Q?FWSzt3rVxdBZNb8A+XFk9T/5qW+KASGr0faayK3QTO6+gPOHlh8/K9PoXoRJ?= =?us-ascii?Q?Apr2cICIQFaNJ9D18iuIVM95gHAna/RkQWlXo/renuKFJ2pNamEqYRdhctJU?= =?us-ascii?Q?OLPICA+HdKMoMDl26BsUhX9MuvMC7/ILVmkLztRGPzQW6COVFNlfplDBxzDt?= =?us-ascii?Q?RjRwTGW9Rngo+jpJl3oEpCifRkhTamVLCtAPkBySkrW8q+IwBElgzJ2q3Rev?= =?us-ascii?Q?9B8sVh9vS2+l0/xLKZbM6cQctnNlEjoruQIzvbL1Cnkoxtn4Dg9Eq3DHTsja?= =?us-ascii?Q?3pXplHAXABd3ijRDG9kr8nzsiM22Wa7hDkxyfaEIjsJ+etfpgOQLU8vhEa7p?= =?us-ascii?Q?PYJe/8UStuYav8tzI5dE7p9pM9FT9xxajno93AR74u9gFY4Lh15+PGnXuaYk?= =?us-ascii?Q?FwQ7LPAbL+J2WnyLsNPyyX268by8A62oIBYayBJcaRMVN8kFv0OfsrlGy6bC?= =?us-ascii?Q?/fviVTyQfdw2ULmZm+MGBf/I5wZ0nyIPp0JtehxCM7diwMnkpaHlye2flyMR?= =?us-ascii?Q?SYzMp0aucCNoO2VR3YplYgvZ9ZvYULu1HHPvqXVIZRRjsdJxzybXhfEUHX2S?= =?us-ascii?Q?768EjoI5nlMpRyH74XS3MgzBVlVQ2DvnNpHvAU3FuFTH3uFJVVaKGDmsMI3o?= =?us-ascii?Q?dkTAUW8fpvXn7ia/ADj7ZNFzrhoCt+YItMRzsaucDxOyzkvhSKaJsCT5XY27?= =?us-ascii?Q?rCgd3W8KLIOzDoEu8pFGGcbKvxiT9qXkESXQyO+yR9MFi9HoGhrq/7/em+T/?= =?us-ascii?Q?tzP9A7FbGVnS8WZc8zurX8aJJ8hKQA7W6Zpy2zhnKA50tgJq0kzGRt25wUXg?= =?us-ascii?B?UT09?= X-Microsoft-Antispam-Message-Info: cHjkqi0vgDrgaeKvGIIwIAFr9bsQRxm4+9JQqI4lijEgRm9BGXp894yAOccR68thTH3stKxOxpXYtcZ/gMC17QfaQ7pGflAyaikyJkmqI6+Vhjcha4CXyz2eWjj+Boz8X4IWk2LcDj3n7TSwHlVFiHWFBP7FDy5u+VQYVmIVWtL4H2COh3AU2sU5fRiJUwPA X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:/c5ZdpEJZmnSU/uIwtP5VicUNFkgc2GzX3Cyg7AyfH/QUSbm+xsb2Y8YSmbRh67DtL1vMXox9d6eguXP6JS9GUQmiy0Qicy2NdC3YMAei+J97m/DnEMi49q940hJalhRaiK1idiuZi5Q6c4gfKSi4GKOxZKL9ubEBSSxDJ6YJQ/OOpJ5v2T1k9vh62VWrrcTVPxnEnuP9d3NdVzweuXTjqD0Hct3VOHCtxYThEX5KLE83F4MVvVJunOrJjjpYlFn1apenLHqVey5D3Pg89hI3TjBWgmR3yNRFDRWlehgV6mjsMvdPzIluQiQLiWy1rZgMEH0ScBesny9v2XoCfDmJ6acmHJbQm2l8kLehTTISkE=; 5:76TvIIlVkBrlENCm56V+3yTSxfDkwUWr7P20g5DxLO225tpjiOFgj2Og05RpsySbHnEMXpr4P5gQt1RBvMkIVooy1psCV88WZ0HxYZ2MDprycMrUzujzexHjqF5ZoojyVze3OXvBaDjfSBjT3o+nhhD7a2+ZDOKnoViFmB+m1E8=; 24:tJFJLLo2LpBFmQhUAAtTwJL4WflxWbm+BPqwTx1uH9fPM/hQ3cfpZJV5QstyrGvzVeK2TYHmhucRkHrB0twgl5Fy1HXm+FICQxR3QvOkFOQ=; 7:3W+r0Yxmw7BrLjP6dngXEtkWN3508wwpCUb7gcT+RhpbrkrYhv7e/8APkK4IjqQCoAG0+F0xY8Y4n9xTiS882pqIsQgZOhMbY3iCOT5FJkNG6w5mVzOM6xGGl5+Dnp8ypnvBpuYG1g0DpMJGHjp+JiR0O8zBJ/1BwxT5OdNOIPKfbfVG4ILxYKd44+WVb+v0o8Nq3M2HNioQ4iZ0YX+GuGDuwVOIKjLPVuHPMDKbBimGsR4p1JtC6mbVe6Mb0NFU SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:ffc/wr78XNSFGyjeFoalfDpHF3lp9hDH+DkB6r4Mj59xcVaF7pGIlNMmmHY+td735wZwINHBVdkyVx6seFbyyky350KrCUM0s5ucFPot+WlAvW9d35r+UC8vmM08w6UM/oU6R7xHL6q+RH7ECJ6QG2xrq5mf4BBC9yOs6ZDD256mxovRq7w1N2ttrMmJxafJhCEcTPcMHxKM2POBjjitbyA49CX9kSvs71cMpTNjyPlsagRcoxyoaFn5szkcYVxS X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Mar 2018 16:51:18.0261 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 861c31f1-b153-4482-c800-08d5844ba61a X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: <kvm.vger.kernel.org> X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP |
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index 4325575e7d82..73ac783f2055 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -113,6 +113,8 @@ static void pc_system_flash_init(MemoryRegion *rom_memory) pflash_t *system_flash; MemoryRegion *flash_mem; char name[64]; + void *flash_ptr; + int ret, flash_size; sector_bits = 12; sector_size = 1 << sector_bits; @@ -169,6 +171,17 @@ static void pc_system_flash_init(MemoryRegion *rom_memory) if (unit == 0) { flash_mem = pflash_cfi01_get_memory(system_flash); pc_isa_bios_init(rom_memory, flash_mem, size); + + /* Encrypt the pflash boot ROM */ + if (kvm_memcrypt_enabled()) { + flash_ptr = memory_region_get_ram_ptr(flash_mem); + flash_size = memory_region_size(flash_mem); + ret = kvm_memcrypt_encrypt_data(flash_ptr, flash_size); + if (ret) { + error_report("failed to encrypt pflash rom"); + exit(1); + } + } } } }
SEV requires that guest bios must be encrypted before booting the guest. Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> --- hw/i386/pc_sysfw.c | 13 +++++++++++++ 1 file changed, 13 insertions(+)