From patchwork Tue Dec 5 01:04:24 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10091879 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2511560327 for ; Tue, 5 Dec 2017 01:10:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 17422294C3 for ; Tue, 5 Dec 2017 01:10:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0BC5C294D1; Tue, 5 Dec 2017 01:10:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DA1EA294C3 for ; Tue, 5 Dec 2017 01:10:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752611AbdLEBKp (ORCPT ); Mon, 4 Dec 2017 20:10:45 -0500 Received: from mail-bn3nam01on0088.outbound.protection.outlook.com ([104.47.33.88]:33708 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752538AbdLEBFs (ORCPT ); Mon, 4 Dec 2017 20:05:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=MrMkbz8HVJY2AC9umeuqAyXKXD0NOJHBenRiAWyMBAQ=; b=pOhG4z2tHOcaz2z9rYiwgSfFPtSmOez1sn+jt6ktDGfcHkdxPWKCVgczvxOpMckNR7l9S4FwHG9CyTYViWFx0yhqCsSyNyHATG1BkWnjNmCCMKQD+Lvuh+lIzpdm1aEbWTui7Z0uah9O21NxErQyY3iVmYMm/upTL1PbxP4yKEk= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by CY1PR12MB0149.namprd12.prod.outlook.com (10.161.173.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Tue, 5 Dec 2017 01:05:16 +0000 From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky , Jonathan Corbet Subject: [Part2 PATCH v9 24/38] KVM: Define SEV key management command id Date: Mon, 4 Dec 2017 19:04:24 -0600 Message-Id: <20171205010438.5773-25-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171205010438.5773-1-brijesh.singh@amd.com> References: <20171205010438.5773-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR0601CA0087.namprd06.prod.outlook.com (52.132.96.156) To CY1PR12MB0149.namprd12.prod.outlook.com (10.161.173.19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3c617f6a-ec85-4cf3-4b98-08d53b7c3f49 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603286); SRVR:CY1PR12MB0149; X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 3:lUZApHke2Qnu7LL8WPPEZwQ3itG8pTh2ALBwilE1KH7eAwlseMRVJABqD14N+xz20xI1aQAWgCspYnsnIZ50tE7a9BhvbYajqn6rXvMC5v8hagJk/Jb1+W/f733mdxXPGaHVxDQ/GWRMTBifRt6v2ixrgBX0n9rRN/5nFoQgs6vgHnQYRnFN58mZeVlqrrnxBGeeZQTtlOgzFBl4N+9s94mlRtbdq13//5wyEO3ofU+gjnd8KiQENN9N5jerjfcz; 25:RLMwAPg9aD4eG7o4UhHPuerf2pujjwWX7HR+WFfkGFIJToDfiWWQzkrD45bIivm3C5EDaKVPa1S+XXNj1AdBkp+iZwzLApb7D9DmCLeC1QxOaNg/tw+vveywWxXDMuSZAaLlP6pvkSLvh4VYUwnt+t+pdK+8k/mWXSdpKr8BeBtloLEwoTFn9GGfeT6yDx+TSmyew0u2kZe4EmwqgEwqMMjzo+ZCw1QJ2VAWXjCTsGdFrZnxMlT54t+XNUQe6Vixt1aHOiD8BM/V0GDu1c9wy9UT2cLs9qvbTGswTRG6oW9W1wU7gGDq/ACMgN1UrmlHaeLAJ48jIRR5wvnF0poWQA==; 31:fCx58EeKs48Rfv/Y19r0ylrcvIB9z8i/IZVs+DtR72NKyYTkmMWlSsNVFU7YaUdK/UhTS/j9i+UGwX7+lSjvxyJsS3B80cqfs/VwgMmHBT/tVAyYqVEDQCNTibWWRd1kbA8nqzOf0KePVB8iUkaqZz7YJ9n0ZTsaXvPYK+NYFoKh62osoyjhKMqNFdECb+s7SxgxLXb4RQysccQwSkDbrEmMk/zAMJzVl2vmZpzWqMI= X-MS-TrafficTypeDiagnostic: CY1PR12MB0149: X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 20:fkWOok3IRQvgD2vUAq0hKcmsFLAUnennBVJJj/2uewwBXsLm9dyBww5/EGB7dHgSf3Y6wh/6xIVQ3gu7T8Iki5rfJTjO8wMlMxrHiu7WRQsAl47icWXUvTZDzhiwSzSBR4k/jdAmvwS2fHRNqJIQf/eL9sSIgUuT0SxzaZFY0GDOTygZsQQU6oDOBvwnse8lR9VYDrMnBOPt2RqqxGt0Dq+Vwvm/aXVOzZn3kAoW63St+OF8RZg32N+RutfroYvjE9EtlGkSQYP6XVO88nM2Ax4ccUNvF+hPDBMD3EWZF7sBPsw/xKh8g91a313TKbTytI6VXP6BZT8PI/OGlsuMrl8R9P690cyHkWY/AxS002cKn3qo0KGFpwhZlPytiw3kqS2gRGuo+HKcCblRfT5d6OfnQE90GnJWg5e62yYoPlpU6KGST5/ZZAaOiE8oyuvPEYubJSXJZzk4nNrSsewUVHfNKkGKkY7sF5jdx9DRMs53kzY3FQnBqpjeXBI2Lq4M; 4:UiVTz/rJVFl2vwcoW4l6YJqCWZqIYoVdDhPyxFTM5ZBRkbZTfzj+lJn9ItLGM+ebpABX/EzS51vLXnD8+riBqhecVCTpGioFGurXorvjn8ZRV0FIUL9RpFtTwHNZjZAkqu8O8eS2rngaeWbsOXTGOo5/xWzb545AJ/uEWpclsnNuwe5NzoCnae0ug4ToHR1l4UIzI9yaq2VZ/iIEU98g2SiCfOQa/wRVcdYXBx2zRtzhRZt7pgYxAsquYmhnYeO+gjr+VV5rtHtgKs7hcClDDOCh363aZF5vgle1faGsWaRSz36Lj47KYIR4Hj/rNMLH0BJjQsaC5Onsip2YfiB8zAGbFqE5fj8fDeTinSjYPBZZaz49luwDQCwADhNA8GPeK2v2oNiGfKcdfDxEX7N2UpUf/Md9mjHKwy+P25 0wa6s= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(271806183753584)(9452136761055)(767451399110)(17755550239193); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123558100)(20161123555025)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6072148)(201708071742011); SRVR:CY1PR12MB0149; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY1PR12MB0149; X-Forefront-PRVS: 0512CC5201 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(366004)(39860400002)(346002)(376002)(189002)(199003)(16526018)(189998001)(106356001)(478600001)(7416002)(2870700001)(101416001)(23676004)(52116002)(97736004)(966005)(86362001)(7696005)(33646002)(54906003)(25786009)(105586002)(76176011)(316002)(6306002)(2950100002)(6666003)(7736002)(1720100001)(2906002)(6486002)(50226002)(81166006)(81156014)(8936002)(53936002)(8676002)(4326008)(1076002)(305945005)(66066001)(6116002)(53416004)(5660300001)(47776003)(68736007)(3846002)(50466002)(36756003); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR12MB0149; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTFQUjEyTUIwMTQ5OzIzOlJMb1RyZzNmbDkrcHJ3b3dPRC9ZMlBsTUZj?= =?utf-8?B?YURMcHdSRUozTW5jZnJtcUN4eENDMkZzRmJwSU04YzIwb0R0V1ZDNTVETS9j?= =?utf-8?B?SVRYMTgrUFdJb3pUS1drV3V5VGJOMERKaWRzMmdOWlpwajZwRjU1dDV5M1F3?= =?utf-8?B?TlM4dXM3UWFkYjdoaDhqd2JiSWNLVlRXVkdnQTZ1RERVdHVOdGJDZ1BJanVB?= =?utf-8?B?cEVIK2ZBMW9BazhoNDRMUzUweGdZSk5tWGJvdjl4R2JjcVE5TFMvcWdzckhI?= =?utf-8?B?YVE3UnRMVDFXZ3MrVnBnYkdlTDdFSEptU2ZnNy9remlCMFovYnJRdDJnTXpy?= =?utf-8?B?SVZud0V1RHM5dFgzWnRQRzk5U2lhQStEbkpQR2psNnIwaklieVdwUE9ZSXc1?= =?utf-8?B?d3F1bytxNmJ5Y2RDVmQxbUYyUC8wcDFMVHZ4TzBCM2pXSk1ZbTNSMDNyVElt?= =?utf-8?B?dWh3Q3RoeXBIbStOay9Demp2Y3hUUisyOUk3eHJUNllzWkRQM1FXSE5weUhp?= =?utf-8?B?eEVBbmxXTHk3Y1ZHTlRPeER2VDM0eEw4b2JFVGllQVpwUXlZcjI4TmNPTEdD?= =?utf-8?B?TFF0bHhXWGFkNjNpRjJBUVRNNmVVb1hJdHFNeHk2ZkRXeHVBcDlHSVprbXVK?= =?utf-8?B?VUhlWnBnb3ZPSFUyMElVbDZUZUk4N0pLb2hFZ2NNakpEamJGQTROY1NGRnRW?= =?utf-8?B?QlFXT1dzZHREeDV1WXZQNklQeERpQ3hnU3FsTHFicVg3RVUvZDZlY3k3c2RM?= =?utf-8?B?bi9qZVR6cFFOSE1lSU9JNkU4K2V2VlpDZGEzT2sxYVdTS3V3WjZkUCtqVEdX?= =?utf-8?B?Vy9zdGVlaHNnYnNUOWk2ellVWVB6TU5zZWxlZFp6Ukx4MlFoMDhMWEJ2d0tt?= =?utf-8?B?UVdldXl4MjdvcWN4dm8yZFA4SkM0SFFnMTB2QkZwWWszb3l0TU1kQ0hMMmtX?= =?utf-8?B?MmZidFUvYm85QVFEbWVWaFVoNUhuMmpWYm9IUWlpdXZJS3NQN3Q1KzltQ2FO?= =?utf-8?B?UGxGdHRyZU1VYllkdTBhdXRvQlhwbWUvaDQ1eGllUWRpRDdWVE15eS9kZjBu?= =?utf-8?B?YUIzVDlXaFJPbjR2azZ2K2c2MGRLSERPWTRuMjRCVDduUllwS3BuM2laYysy?= =?utf-8?B?Y1E2dGhOTDlLTUkrSnJPNWlkZHFFV1RSazUrbndrb3pJM2tiemlnYjlGTDhV?= =?utf-8?B?MzdVZWszZmgwK3BRVTZ4czdkWWVuMENaM3JUYzNDY1VFRStEZW9GcFhGTXNW?= =?utf-8?B?bjZPSVorejRGSFZrSzc4cFRpYk9uZVZQU295TnA5SmlKTjZVbUJ2d2xrdXlw?= =?utf-8?B?Ukt6R2lpRTZzTndlWVJsMjc4V0hLOHd6TGJkZmJNckdRbm5Ba2MyTjRMZjBN?= =?utf-8?B?UHhVbmozeE5VdXlyMjUyUzJCUXNaVFc0dDZRcnBKb25jaVBpaG4zNUlhdXZV?= =?utf-8?B?bkJKM256cFN4OFFoSXExc0pQVkhuVmV0cEVwZzJTU2g1M21IcDd1R2IwaWtT?= =?utf-8?B?MmRFdEFPUStQTnlmZXdsUGwvMms1K1ZTSlVyeTN0eis4WEJoNUNycWk3cmh0?= =?utf-8?Q?wCbwy4IWLrm1ZhoqceDp4tJdE6yEdmnzH+8l4gSjSzac=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 6:IjJJMVHLDss/rYOy5cCPZahoxrxPFWmk9RxlnCLskHlWnxBXdeIkRVNY4cUgGdqHGll/yNDdQVulg3awAO2z1kU5ClBgu8UCbg8ay1l843Y4jctl2s2v8rXPiNJ9wqLehAvk622MECD3N6b131AsZIbEdWXStRvDh9NeCoAu5snKIdRBQh/gM8puwx8o/7b2vyMXouWR5dhkbo1nIwLyQJ2m/bXoH1okGJuU5RTmU8/YvTPBTCu8h1rhdCTjzxDQIdeqFdK+rWkCou+5uHGVrK9RD3tt7ufBk+tbwvv4MhliI0F4CmAEvv1RempIKI9FxazSjDFKtCJn/wOUM8fNYLC2F+PA1ro68hNvXi52EZ8=; 5:FtJj1img8i8luv/yL9o5Ql4B7EJaqJ0i7hhAOtkFa2AdAwiwyh3nQaa/RsF16QHxOT32EdlAYdcxUH0qei/Rp3wGjNpHEVOTQXO+4GXlWVcBCOs2ialp+0NqSHjsxXjwyEd+Sp3qDDwsvOvVXPkLbborENE1fJS0u+dMNeA+ZRs=; 24:NpO1Nj/qyyBaVnYEm9CPDkzs1pC+FiO8fQV8YZjIawzQ5Moq9kPJhRbnRiYREbskOhauZALdRrhO/AXk+c8wSim5gb2OFwwDdpFDjM/TGTw=; 7:BOhFdlwzR79NDCBRbCYrs6zLKF+fuFsZbgWUb7toj50V1RlRCWyQN91W4+UrXge6oIPHhuyo0DDTI3eRWHscCFisnYJoo+zJbzSX8nP9M0Ptn0/9ZV3+HUF+pKn0Hn/utKoLZqSC+v2NXEg4RqZm3EyoczAYS8JNdFYx+R9ZHHjoeg/A22Bzy/PhCslDr/kfs977Sh+pN8aw8nmrYELiFnvOqIEERVEsSvkzEhI6fW7A34KuZssk21ZnlyEB7zBa SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 20:D5c+Pm0MsZpR5Y9wR7A2TnTX8EBqZl8G6c0ygMjq0JuNT5bIe7EoCio/pLHVXTdUq68daoh5E4Br3NlkfpUeGGHgfF5YTzimiAJFbGyTgDO05kNabGNl+OHdky+7mlbH1yekyTCRxFkZIF6RR/W82IW3mgO4czIUcwTucRw6X+xdMkbJHm85NsEBQbetvcxfPMYDRu096LB3pQeG/+BkxRBtlOAtxkUuPB1k6xPFJlymaNPYC+q15NhqDDAwNjzV X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Dec 2017 01:05:16.0138 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3c617f6a-ec85-4cf3-4b98-08d53b7c3f49 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0149 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Define Secure Encrypted Virtualization (SEV) key management command id and structure. The command definition is available in SEV KM spec 0.14 (http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf) and Documentation/virtual/kvm/amd-memory-encryption.txt. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: Jonathan Corbet Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- .../virtual/kvm/amd-memory-encryption.rst | 202 +++++++++++++++++++++ include/uapi/linux/kvm.h | 80 ++++++++ 2 files changed, 282 insertions(+) diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst index a8ef21e737db..71d6d257074f 100644 --- a/Documentation/virtual/kvm/amd-memory-encryption.rst +++ b/Documentation/virtual/kvm/amd-memory-encryption.rst @@ -43,3 +43,205 @@ setting the SEV bit before executing VMRUN.:: SEV hardware uses ASIDs to associate a memory encryption key with a VM. Hence, the ASID for the SEV-enabled guests must be from 1 to a maximum value defined in the CPUID 0x8000001f[ecx] field. + +SEV Key Management +================== + +The SEV guest key management is handled by a separate processor called the AMD +Secure Processor (AMD-SP). Firmware running inside the AMD-SP provides a secure +key management interface to perform common hypervisor activities such as +encrypting bootstrap code, snapshot, migrating and debugging the guest. For more +information, see the SEV Key Management spec [api-spec]_ + +KVM implements the following commands to support common lifecycle events of SEV +guests, such as launching, running, snapshotting, migrating and decommissioning. + +1. KVM_SEV_INIT +--------------- + +The KVM_SEV_INIT command is used by the hypervisor to initialize the SEV platform +context. In a typical workflow, this command should be the first command issued. + +Returns: 0 on success, -negative on error + +2. KVM_SEV_LAUNCH_START +----------------------- + +The KVM_SEV_LAUNCH_START command is used for creating the memory encryption +context. To create the encryption context, user must provide a guest policy, +the owner's public Diffie-Hellman (PDH) key and session information. + +Parameters: struct kvm_sev_launch_start (in/out) + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_start { + __u32 handle; /* if zero then firmware creates a new handle */ + __u32 policy; /* guest's policy */ + + __u64 dh_uaddr; /* userspace address pointing to the guest owner's PDH key */ + __u32 dh_len; + + __u64 session_addr; /* userspace address which points to the guest session information */ + __u32 session_len; + }; + +On success, the 'handle' field contains a new handle and on error, a negative value. + +For more details, see SEV spec Section 6.2. + +3. KVM_SEV_LAUNCH_UPDATE_DATA +----------------------------- + +The KVM_SEV_LAUNCH_UPDATE_DATA is used for encrypting a memory region. It also +calculates a measurement of the memory contents. The measurement is a signature +of the memory contents that can be sent to the guest owner as an attestation +that the memory was encrypted correctly by the firmware. + +Parameters (in): struct kvm_sev_launch_update_data + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_update { + __u64 uaddr; /* userspace address to be encrypted (must be 16-byte aligned) */ + __u32 len; /* length of the data to be encrypted (must be 16-byte aligned) */ + }; + +For more details, see SEV spec Section 6.3. + +4. KVM_SEV_LAUNCH_MEASURE +------------------------- + +The KVM_SEV_LAUNCH_MEASURE command is used to retrieve the measurement of the +data encrypted by the KVM_SEV_LAUNCH_UPDATE_DATA command. The guest owner may +wait to provide the guest with confidential information until it can verify the +measurement. Since the guest owner knows the initial contents of the guest at +boot, the measurement can be verified by comparing it to what the guest owner +expects. + +Parameters (in): struct kvm_sev_launch_measure + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_measure { + __u64 uaddr; /* where to copy the measurement */ + __u32 len; /* length of measurement blob */ + }; + +For more details on the measurement verification flow, see SEV spec Section 6.4. + +5. KVM_SEV_LAUNCH_FINISH +------------------------ + +After completion of the launch flow, the KVM_SEV_LAUNCH_FINISH command can be +issued to make the guest ready for the execution. + +Returns: 0 on success, -negative on error + +6. KVM_SEV_GUEST_STATUS +----------------------- + +The KVM_SEV_GUEST_STATUS command is used to retrieve status information about a +SEV-enabled guest. + +Parameters (out): struct kvm_sev_guest_status + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_guest_status { + __u32 handle; /* guest handle */ + __u32 policy; /* guest policy */ + __u8 state; /* guest state (see enum below) */ + }; + +SEV guest state: + +:: + + enum { + SEV_STATE_INVALID = 0; + SEV_STATE_LAUNCHING, /* guest is currently being launched */ + SEV_STATE_SECRET, /* guest is being launched and ready to accept the ciphertext data */ + SEV_STATE_RUNNING, /* guest is fully launched and running */ + SEV_STATE_RECEIVING, /* guest is being migrated in from another SEV machine */ + SEV_STATE_SENDING /* guest is getting migrated out to another SEV machine */ + }; + +7. KVM_SEV_DBG_DECRYPT +---------------------- + +The KVM_SEV_DEBUG_DECRYPT command can be used by the hypervisor to request the +firmware to decrypt the data at the given memory region. + +Parameters (in): struct kvm_sev_dbg + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_dbg { + __u64 src_uaddr; /* userspace address of data to decrypt */ + __u64 dst_uaddr; /* userspace address of destination */ + __u32 len; /* length of memory region to decrypt */ + }; + +The command returns an error if the guest policy does not allow debugging. + +8. KVM_SEV_DBG_ENCRYPT +---------------------- + +The KVM_SEV_DEBUG_ENCRYPT command can be used by the hypervisor to request the +firmware to encrypt the data at the given memory region. + +Parameters (in): struct kvm_sev_dbg + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_dbg { + __u64 src_uaddr; /* userspace address of data to encrypt */ + __u64 dst_uaddr; /* userspace address of destination */ + __u32 len; /* length of memory region to encrypt */ + }; + +The command returns an error if the guest policy does not allow debugging. + +9. KVM_SEV_LAUNCH_SECRET +------------------------ + +The KVM_SEV_LAUNCH_SECRET command can be used by the hypervisor to inject secret +data after the measurement has been validated by the guest owner. + +Parameters (in): struct kvm_sev_launch_secret + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_launch_secret { + __u64 hdr_uaddr; /* userspace address containing the packet header */ + __u32 hdr_len; + + __u64 guest_uaddr; /* the guest memory region where the secret should be injected */ + __u32 guest_len; + + __u64 trans_uaddr; /* the hypervisor memory region which contains the secret */ + __u32 trans_len; + }; + +References +========== + +.. [white-paper] http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf +.. [api-spec] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf +.. [amd-apm] http://support.amd.com/TechDocs/24593.pdf (section 15.34) +.. [kvm-forum] http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index c8c65190907d..571431d3384b 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1369,6 +1369,86 @@ struct kvm_enc_region { #define KVM_MEMORY_ENCRYPT_REG_REGION _IOR(KVMIO, 0xbb, struct kvm_enc_region) #define KVM_MEMORY_ENCRYPT_UNREG_REGION _IOR(KVMIO, 0xbc, struct kvm_enc_region) +/* Secure Encrypted Virtualization command */ +enum sev_cmd_id { + /* Guest initialization commands */ + KVM_SEV_INIT = 0, + KVM_SEV_ES_INIT, + /* Guest launch commands */ + KVM_SEV_LAUNCH_START, + KVM_SEV_LAUNCH_UPDATE_DATA, + KVM_SEV_LAUNCH_UPDATE_VMSA, + KVM_SEV_LAUNCH_SECRET, + KVM_SEV_LAUNCH_MEASURE, + KVM_SEV_LAUNCH_FINISH, + /* Guest migration commands (outgoing) */ + KVM_SEV_SEND_START, + KVM_SEV_SEND_UPDATE_DATA, + KVM_SEV_SEND_UPDATE_VMSA, + KVM_SEV_SEND_FINISH, + /* Guest migration commands (incoming) */ + KVM_SEV_RECEIVE_START, + KVM_SEV_RECEIVE_UPDATE_DATA, + KVM_SEV_RECEIVE_UPDATE_VMSA, + KVM_SEV_RECEIVE_FINISH, + /* Guest status and debug commands */ + KVM_SEV_GUEST_STATUS, + KVM_SEV_DBG_DECRYPT, + KVM_SEV_DBG_ENCRYPT, + /* Guest certificates commands */ + KVM_SEV_CERT_EXPORT, + + KVM_SEV_NR_MAX, +}; + +struct kvm_sev_cmd { + __u32 id; + __u64 data; + __u32 error; + __u32 sev_fd; +}; + +struct kvm_sev_launch_start { + __u32 handle; + __u32 policy; + __u64 dh_uaddr; + __u32 dh_len; + __u64 session_uaddr; + __u32 session_len; +}; + +struct kvm_sev_launch_update_data { + __u64 uaddr; + __u32 len; +}; + + +struct kvm_sev_launch_secret { + __u64 hdr_uaddr; + __u32 hdr_len; + __u64 guest_uaddr; + __u32 guest_len; + __u64 trans_uaddr; + __u32 trans_len; +}; + +struct kvm_sev_launch_measure { + __u64 uaddr; + __u32 len; +}; + +struct kvm_sev_guest_status { + __u32 handle; + __u32 policy; + __u32 state; +}; + +struct kvm_sev_dbg { + __u64 src_uaddr; + __u64 dst_uaddr; + __u32 len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)