From patchwork Mon Nov 6 18:11:16 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10044027 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 97AB9603FF for ; Mon, 6 Nov 2017 18:15:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8E64329E00 for ; Mon, 6 Nov 2017 18:15:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8276129E2E; Mon, 6 Nov 2017 18:15:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 392DE29E00 for ; Mon, 6 Nov 2017 18:15:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753867AbdKFSPJ (ORCPT ); Mon, 6 Nov 2017 13:15:09 -0500 Received: from mail-dm3nam03on0078.outbound.protection.outlook.com ([104.47.41.78]:9872 "EHLO NAM03-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932733AbdKFSMh (ORCPT ); Mon, 6 Nov 2017 13:12:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=UCno84UgAMmC9hHSN2snWIOFu5GehvfBOJA3wOgrPgA=; b=yESa1AHwnysD7j+F0bi8gh0RJDIuSybuocH0WPMWtxMLCHQAkhL5p3rLgArCwU+HTk3bI9ggLJ4RMZrf3lYr6x1RHesiWf37Mq8p3taCYc4O/xhLg5m4rMW9fTeSZlWCYFjO1m68DX11TZLAAUmxQw1diJ0K00eJqGCPDElFhyQ= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0159.namprd12.prod.outlook.com (10.162.3.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Mon, 6 Nov 2017 18:12:25 +0000 From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky , Jonathan Corbet , x86@kernel.org Subject: [Part2 PATCH v8 24/38] KVM: Define SEV key management command id Date: Mon, 6 Nov 2017 12:11:16 -0600 Message-Id: <20171106181130.68491-25-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171106181130.68491-1-brijesh.singh@amd.com> References: <20171106181130.68491-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR10CA0031.namprd10.prod.outlook.com (10.175.102.145) To SN1PR12MB0159.namprd12.prod.outlook.com (10.162.3.146) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7270d1ae-0503-4071-50e3-08d52541ef8f X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:SN1PR12MB0159; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 3:BwyDfOv+ObQjDiCoD7iz2QMNRWdueUq0qioPj+uT5Rri2Mhw1rFR9zvChzVaA1ewVjaoheUx8jQJqf8UzfcRxBJnnWgM014isBpnS012e8EkeTxncIK6vNAOeAMmKGNISTWqqk5n3swGsG1CZvOQR2fu7+Vp501OffTVPOL7aU+b/MU9k4HYnD3d4e03bQxl9DvyGheNCkopH0cQfO5ZP7g37Rl0R5GmIa0lM9n+nnY8R5GLtFU+RwUytrNwIAZr; 25:biypj2+/9F8Fn419H7oJA2zQV2esGEulDxjTdChwYExIIv+TdIvx4RmaWmCc9ed8gl9TnKhKTFB1tvH0tF5WHdwat/AJJjQraB45MMf028SZad0CKNYqihGvlyqnTwcwWBx9yQlU0jS3yI63IiP6dyBtAgQ1hyz7R255DCOjHrwaYYPLtAsQZDlOxu0GcuVqJa9Lvoy0azLtW5PNCUcnwkdJ7sJTsnfB/GpukkIrmBvpdbzLbstja05ZXYnIC9iJZpu9oDmRBzNwlcE9YYfaRhJlMiwG7mn8T64xWRiT7qo1NlqEUzKsgS9SQtdYNSWuk/IByWGX976NmNGS6BIldQ==; 31:1AM9BOK0ZAsgZcYMWCviSIq+Afae4pcDnS5bzelKpiOlVXzDkgj97E9y2mTJzOPZeJ0kJ+QKrpEmZ1qakUSb9gYPlijHD5/S0SN7jexljDJH02S0cI/hwalUl1p1/Trf8qU30xBtViD0uNSQ22GaWFju85vmTVzTM7nKUYtw7njaQYV89wkR7I2HI1/HLcbGFXm9aizbQP0z0KaWv3Ze3GkhWbE91ZFE3AgS+0vgbeM= X-MS-TrafficTypeDiagnostic: SN1PR12MB0159: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 20:/rH1qBNHDtItgRnNeUtC+yTxqJP3y6+Q9bAzqsMU2HsGMFZGjvTi5TRyZ6rC0c2C0aZuPC7I093hZGEKjc4Aim0wU/UJQNhZiFMhq2gKTnRUfaMB9RqtXMw84ujJKePgIjelAI9H5Li/5XSqB4ZDsrNjLOs5ho2wDm6X1LhKjmQD9MUUrH1umDMl0WDDM1+prbaK1APLpiXiT8H8iFV3CLCXnk7KifnhntsAu6PeOP1rqIx9vuWxxUxjruJdONcNlUUUiwFM4ezg1tpK06nyU5QJ4V1EB1Hqj3vTwBCp4SXdL9X6DTx5tnG40Nddaf4CCX5HhIhaJIsFp9pAz4BKPpadyRHipeiyWG/S2RCI1ixKHSCLLobKdOMcUF0hDR30F9AQY6dfgr57U+kEXPhLfimz0F1NhJdHkoeWPAmrUvhXfwKNeQ/Wyy0Q3gf9kXiBwx1T6A4u35/OihMO6ykczcJQHFg1Eh18mbJVPVLg2lfLiez+SjDDA4BMhDIHz66c; 4:EtYLbLmLMEJOjWOoh5Na9ntpGj1UIkzRtS7hKVCaZ9V5ehGaywNiJxfFlGm8ViFfyhG7rtIbActUs5je1VBhErmeV/Z59Js0A/yYt578hQllijllhXRuthL3SyI3evzQa2kyeuWcfqaKIolkQiXRD18g7bVJPQekDwPQbXPWnlSLCuDsyDkxHe4uNqB5gEw0UdCvTTUvQ4CJPSp7cRVbHuenx9kXY/5Yh4s4gZtAzSBWKYBlT7Qyt3kLmy/WlU/buP4vlGqPJASGJM8rbgqLO/Zdgo6wKGdzgkqe3qaax3BFAcd+hWQsQi3e36h3mjnDP4YOmmhsT0RqrAJ2x+SN+cDPVssn4IWK+MawJeFPvNPDGLQ6Iv8haWIDNzfb+fuO4/Xw9UjgJ/54CGpM80j6vfG8aTi80ruPlDAJho y6FBo= X-Exchange-Antispam-Report-Test: UriScan:(271806183753584)(9452136761055)(767451399110)(17755550239193); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231021)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041248)(20161123564025)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR12MB0159; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR12MB0159; X-Forefront-PRVS: 048396AFA0 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(189002)(199003)(68736007)(97736004)(4326008)(316002)(16526018)(54906003)(7736002)(8936002)(2906002)(81166006)(81156014)(25786009)(53936002)(8676002)(2870700001)(1076002)(6116002)(23676003)(50226002)(189998001)(305945005)(86362001)(3846002)(50466002)(33646002)(66066001)(36756003)(53416004)(47776003)(5660300001)(7416002)(76176999)(1720100001)(6306002)(478600001)(966005)(6486002)(105586002)(50986999)(2950100002)(101416001)(106356001)(6666003); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0159; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTU5OzIzOkQ3ZC84UnlYYlAxZVk5NVVLYWwxT3lYdTlo?= =?utf-8?B?OWx2TDBRSmhPL25IeDU4cDE5TzZVZjgvL0FKdFVaVU5HV0FVa3MrTHFjdTRS?= =?utf-8?B?QTlKZ1ZZcEFtWkI3NjhGUXkwblRVSVlDT25kd0EvSEJFQ1BBZndyR0ViRUtj?= =?utf-8?B?MkRWUmRyL3B4Nmsyd1YzMnA3OXd5eHVDaUJvMGdKeUtsbksrdDNqTHdpa2U1?= =?utf-8?B?R0NxbkVGU1VkN3plb3pVdzlCQjZVZHBiaDVZQ2ovTGNac2lzRzFIL0tDRkZ3?= =?utf-8?B?c1pJSzRONmErL0FjV3JVdzJkR3gwaWlXV09xQzAxR0svZGc3V05KQkpPYmwv?= =?utf-8?B?dDlnb1pHZk5hb3l4bk5CUnN6UjJDQzg1RnZ3UmIyR0R0dVQyZGZKajhnZ0Ev?= =?utf-8?B?UEkwNmFHZXVnZE9Ua1Z5MmlnUi9lSjJiL1FLczlPOGFnV2MwMXMxVzN5SU1S?= =?utf-8?B?dzZSemR2NGJIV2ZOYktqNzd1MmVob3E2dkNZT05Fc1hRT3Y0VFFVTndPejN0?= =?utf-8?B?bk1kWFkxLzdMcEdaRnJVUmd1cDJHNGFIVGlpNzJ0RXZyTjR6N2pJRHB1Q3RV?= =?utf-8?B?VCtFYU52ZTd3dGJUZkdkUlpDaHM5bFNuY0ttQ0pvd2lCdzVFNmU0bllwOVQx?= =?utf-8?B?U0QrOXQrWGZaMHh6TDIzckc5TXlDRk5SQjRZMG5WRENUcjViamcvdEhVWHpP?= =?utf-8?B?VE1yUjUyT0ZQeEdicVlVZ2grQ1dmS3lrWkZucVJSTE1IdVp0Q08wcmVTZE5E?= =?utf-8?B?MElzWXhtZ2M2VjgyZVJZUW1Qa1JOVHdqZkxmN2J0bm50cUNhNW94NFM0dUdv?= =?utf-8?B?S0E1cDJCeU9jNFZZU1NWaUZwalM4RkhhNUpWbktoR2pPdjd6ajE2dkRDRmNW?= =?utf-8?B?Tk4xZkZ0LzYvdUtLSzlmaVM1cEUyQ1d0UmJNNzR5SGVOUTFPUlNHQU14K1VM?= =?utf-8?B?U3hCWStVbHhKcThIczZIblZvQU84VTM2clJkNzJEK053V1RIY2pBZHcvc0VQ?= =?utf-8?B?OUtpVjZFaHpxU0Q4YzhLVTRKMmlCZmh6L2t5K3c1YzlDbjNOSGJTS01VeCt4?= =?utf-8?B?QzZsQmRXMjVhV0lKUmZSMlpUYW5GOHNWb2NuK0x5U1VQRnUwU2JqRnA1SDdj?= =?utf-8?B?bUVqMVd1NkVaNHVNQ3NhSVZDZGhldFVMa2UvbmxnQzVvaEcxSVpJUkVYZmd6?= =?utf-8?B?dEcvckFFOE53STZMUnFONGorRk9YRFRYWUZFWVhBWnBDYkllNlFqTnNWbXNj?= =?utf-8?B?ZE5OaW1sSVpwVlNpTllycVZyZWRBVUFycTdzWDlYdVcrY2RLTnRPWHFHTE95?= =?utf-8?B?T3JwN2J1SmtJZ0xVLy85S2UxZDJhaWUxd0VFRHBTTWxwSnVEV2Z4YUpHeHZ6?= =?utf-8?B?S1ZvekVhVWl6VTV3UUxIaFppc1h6ZGlCYVZUVFBtQ0hDRnU4VTI3cjNWbVY0?= =?utf-8?B?NThlNVdZeWQ4ZzZEWVpvQVJuK00wUHJJNW1OTWtkdVRqWENjVnVLK1JWd1Fu?= =?utf-8?Q?a8FEteokvPbzWIur2lbMAs3kv/rJGxk2OOR8f0EFR4DYC5?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 6:dstjA1aRy/4dqWcuVufhqtyNUF6RxJo63Xr9Qtu2s8lGlAidfumRBqpRi40nDjWH0JekjeZ/jCP0m4DMqZRbbX66RMID0wn3SH91q0XIlaKWtDlkMDiJMKG9Mi9TP3x9IT1cSn0iFIny5dJwpeVYq/dGGhJFiknfj4INMdIA/cHkDD4G4cDy1SgUp6AZ+SbAc75VOjZCrz4Pd14Tnik9KzT8DFcaT+17SMUUkyZBv8cURsGb+ywUWb1fS1cZGMjlf1iKebgUvcpTChHDULJ99VeFogKglOC3TYvFysyaOpYPrv46QywLeJEam5zlave8pTTFASgt9q+6qF0kF1d5w3HIgr2bmh00MwvwhPz3HmE=; 5:iODQKAPZc5+GC3Jh2fGz5ceKI3wSmFV21wgMuagp8oBaTF1y4gLSiYHCnVciJMXIFziQk2ehp0/wCy+1PtlqbWkbk3is0hTSjzwCeyWXC9SgKbjEZ/1qhiPEGbUfhRINyfYEbujiDQn9KlT3vZ0tgQFMZTaPWXwgX7GjVMHQBYw=; 24:8Bml+1INXvLDgyMncyS8B/VpMO3nSrPlBLcpPHkqBj8DW1TquSN8LsfrbUNYDt7CMJWPi87TbMs1pwS4dI2Ph43nXz1VG5v4GQr2oBCYK/4=; 7:hHhMVwdA8RZ5wRROx5t2oV6AwDQKHlM9e0OHKLWLhORW6kg5kZmKeyyFuPd72tBR0J1sD6k5Pd6DQ8XYrIgeRJjJfWDdHRde14GtcTLR//d8Zmc1PrKT43B1WOvS07DYXuPdL1xmwo5CTIYXMnlT+9VFeqiwCDFzEuSdeZs1k1qwJ14yaIR4BtKOEq0735J9ABXAVmcH64qdnLXQTWnQur5oi/weQO+9ssBCDWQEo5cQF+qxFvwChOjU+CI32oIw SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 20:/AZSOrZI45dD4otHmMgkMCs7xxgeB4V1lzSAxlRnCDZl9mB1/OTeEtQ72nK9b+pcBxeJXCLNZMjIQof8egQL9UhzACnDzB/828eR01X3dz91ONXycedtbIRlnbJF1EBNI4jYYx9VF18TlIOTQU5Merp5hFFswqQFJIgEu37Z0RZ9ue7JmSQj1VmgqO7vl4YT76kEByzvHbCt+co+/rQSfLzklbek80CedkzI/rTmEVYTSzN5Q47NoozeXbeV36y9 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2017 18:12:25.3635 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7270d1ae-0503-4071-50e3-08d52541ef8f X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0159 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Define Secure Encrypted Virtualization (SEV) key management command id and structure. The command definition is available in SEV KM spec 0.14 (http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf) and Documentation/virtual/kvm/amd-memory-encryption.txt. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: Jonathan Corbet Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- .../virtual/kvm/amd-memory-encryption.rst | 202 +++++++++++++++++++++ include/uapi/linux/kvm.h | 80 ++++++++ 2 files changed, 282 insertions(+) diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst index a8ef21e737db..71d6d257074f 100644 --- a/Documentation/virtual/kvm/amd-memory-encryption.rst +++ b/Documentation/virtual/kvm/amd-memory-encryption.rst @@ -43,3 +43,205 @@ setting the SEV bit before executing VMRUN.:: SEV hardware uses ASIDs to associate a memory encryption key with a VM. Hence, the ASID for the SEV-enabled guests must be from 1 to a maximum value defined in the CPUID 0x8000001f[ecx] field. + +SEV Key Management +================== + +The SEV guest key management is handled by a separate processor called the AMD +Secure Processor (AMD-SP). Firmware running inside the AMD-SP provides a secure +key management interface to perform common hypervisor activities such as +encrypting bootstrap code, snapshot, migrating and debugging the guest. For more +information, see the SEV Key Management spec [api-spec]_ + +KVM implements the following commands to support common lifecycle events of SEV +guests, such as launching, running, snapshotting, migrating and decommissioning. + +1. KVM_SEV_INIT +--------------- + +The KVM_SEV_INIT command is used by the hypervisor to initialize the SEV platform +context. In a typical workflow, this command should be the first command issued. + +Returns: 0 on success, -negative on error + +2. KVM_SEV_LAUNCH_START +----------------------- + +The KVM_SEV_LAUNCH_START command is used for creating the memory encryption +context. To create the encryption context, user must provide a guest policy, +the owner's public Diffie-Hellman (PDH) key and session information. + +Parameters: struct kvm_sev_launch_start (in/out) + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_start { + __u32 handle; /* if zero then firmware creates a new handle */ + __u32 policy; /* guest's policy */ + + __u64 dh_uaddr; /* userspace address pointing to the guest owner's PDH key */ + __u32 dh_len; + + __u64 session_addr; /* userspace address which points to the guest session information */ + __u32 session_len; + }; + +On success, the 'handle' field contains a new handle and on error, a negative value. + +For more details, see SEV spec Section 6.2. + +3. KVM_SEV_LAUNCH_UPDATE_DATA +----------------------------- + +The KVM_SEV_LAUNCH_UPDATE_DATA is used for encrypting a memory region. It also +calculates a measurement of the memory contents. The measurement is a signature +of the memory contents that can be sent to the guest owner as an attestation +that the memory was encrypted correctly by the firmware. + +Parameters (in): struct kvm_sev_launch_update_data + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_update { + __u64 uaddr; /* userspace address to be encrypted (must be 16-byte aligned) */ + __u32 len; /* length of the data to be encrypted (must be 16-byte aligned) */ + }; + +For more details, see SEV spec Section 6.3. + +4. KVM_SEV_LAUNCH_MEASURE +------------------------- + +The KVM_SEV_LAUNCH_MEASURE command is used to retrieve the measurement of the +data encrypted by the KVM_SEV_LAUNCH_UPDATE_DATA command. The guest owner may +wait to provide the guest with confidential information until it can verify the +measurement. Since the guest owner knows the initial contents of the guest at +boot, the measurement can be verified by comparing it to what the guest owner +expects. + +Parameters (in): struct kvm_sev_launch_measure + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_measure { + __u64 uaddr; /* where to copy the measurement */ + __u32 len; /* length of measurement blob */ + }; + +For more details on the measurement verification flow, see SEV spec Section 6.4. + +5. KVM_SEV_LAUNCH_FINISH +------------------------ + +After completion of the launch flow, the KVM_SEV_LAUNCH_FINISH command can be +issued to make the guest ready for the execution. + +Returns: 0 on success, -negative on error + +6. KVM_SEV_GUEST_STATUS +----------------------- + +The KVM_SEV_GUEST_STATUS command is used to retrieve status information about a +SEV-enabled guest. + +Parameters (out): struct kvm_sev_guest_status + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_guest_status { + __u32 handle; /* guest handle */ + __u32 policy; /* guest policy */ + __u8 state; /* guest state (see enum below) */ + }; + +SEV guest state: + +:: + + enum { + SEV_STATE_INVALID = 0; + SEV_STATE_LAUNCHING, /* guest is currently being launched */ + SEV_STATE_SECRET, /* guest is being launched and ready to accept the ciphertext data */ + SEV_STATE_RUNNING, /* guest is fully launched and running */ + SEV_STATE_RECEIVING, /* guest is being migrated in from another SEV machine */ + SEV_STATE_SENDING /* guest is getting migrated out to another SEV machine */ + }; + +7. KVM_SEV_DBG_DECRYPT +---------------------- + +The KVM_SEV_DEBUG_DECRYPT command can be used by the hypervisor to request the +firmware to decrypt the data at the given memory region. + +Parameters (in): struct kvm_sev_dbg + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_dbg { + __u64 src_uaddr; /* userspace address of data to decrypt */ + __u64 dst_uaddr; /* userspace address of destination */ + __u32 len; /* length of memory region to decrypt */ + }; + +The command returns an error if the guest policy does not allow debugging. + +8. KVM_SEV_DBG_ENCRYPT +---------------------- + +The KVM_SEV_DEBUG_ENCRYPT command can be used by the hypervisor to request the +firmware to encrypt the data at the given memory region. + +Parameters (in): struct kvm_sev_dbg + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_dbg { + __u64 src_uaddr; /* userspace address of data to encrypt */ + __u64 dst_uaddr; /* userspace address of destination */ + __u32 len; /* length of memory region to encrypt */ + }; + +The command returns an error if the guest policy does not allow debugging. + +9. KVM_SEV_LAUNCH_SECRET +------------------------ + +The KVM_SEV_LAUNCH_SECRET command can be used by the hypervisor to inject secret +data after the measurement has been validated by the guest owner. + +Parameters (in): struct kvm_sev_launch_secret + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_secret { + __u64 hdr_uaddr; /* userspace address containing the packet header */ + __u32 hdr_len; + + __u64 guest_uaddr; /* the guest memory region where the secret should be injected */ + __u32 guest_len; + + __u64 trans_uaddr; /* the hypervisor memory region which contains the secret */ + __u32 trans_len; + }; + +References +========== + +.. [white-paper] http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf +.. [api-spec] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf +.. [amd-apm] http://support.amd.com/TechDocs/24593.pdf (section 15.34) +.. [kvm-forum] http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 1f9f26a8e111..027153971c97 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1367,6 +1367,86 @@ struct kvm_enc_region { #define KVM_MEMORY_ENCRYPT_REG_REGION _IOR(KVMIO, 0xbb, struct kvm_enc_region) #define KVM_MEMORY_ENCRYPT_UNREG_REGION _IOR(KVMIO, 0xbc, struct kvm_enc_region) +/* Secure Encrypted Virtualization command */ +enum sev_cmd_id { + /* Guest initialization commands */ + KVM_SEV_INIT = 0, + KVM_SEV_ES_INIT, + /* Guest launch commands */ + KVM_SEV_LAUNCH_START, + KVM_SEV_LAUNCH_UPDATE_DATA, + KVM_SEV_LAUNCH_UPDATE_VMSA, + KVM_SEV_LAUNCH_SECRET, + KVM_SEV_LAUNCH_MEASURE, + KVM_SEV_LAUNCH_FINISH, + /* Guest migration commands (outgoing) */ + KVM_SEV_SEND_START, + KVM_SEV_SEND_UPDATE_DATA, + KVM_SEV_SEND_UPDATE_VMSA, + KVM_SEV_SEND_FINISH, + /* Guest migration commands (incoming) */ + KVM_SEV_RECEIVE_START, + KVM_SEV_RECEIVE_UPDATE_DATA, + KVM_SEV_RECEIVE_UPDATE_VMSA, + KVM_SEV_RECEIVE_FINISH, + /* Guest status and debug commands */ + KVM_SEV_GUEST_STATUS, + KVM_SEV_DBG_DECRYPT, + KVM_SEV_DBG_ENCRYPT, + /* Guest certificates commands */ + KVM_SEV_CERT_EXPORT, + + KVM_SEV_NR_MAX, +}; + +struct kvm_sev_cmd { + __u32 id; + __u64 data; + __u32 error; + __u32 sev_fd; +}; + +struct kvm_sev_launch_start { + __u32 handle; + __u32 policy; + __u64 dh_uaddr; + __u32 dh_len; + __u64 session_uaddr; + __u32 session_len; +}; + +struct kvm_sev_launch_update_data { + __u64 uaddr; + __u32 len; +}; + + +struct kvm_sev_launch_secret { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + +struct kvm_sev_launch_measure { + __u64 uaddr; + __u32 len; +}; + +struct kvm_sev_guest_status { + __u32 handle; + __u32 policy; + __u32 state; +}; + +struct kvm_sev_dbg { + __u64 src_uaddr; + __u64 dst_uaddr; + __u32 len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)