From patchwork Wed Dec 6 20:03:39 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10097047 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D208560210 for ; Wed, 6 Dec 2017 20:05:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C2DF828A07 for ; Wed, 6 Dec 2017 20:05:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B63EC29E42; Wed, 6 Dec 2017 20:05:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2D4B328A07 for ; Wed, 6 Dec 2017 20:05:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752584AbdLFUFF (ORCPT ); Wed, 6 Dec 2017 15:05:05 -0500 Received: from mail-sn1nam01on0058.outbound.protection.outlook.com ([104.47.32.58]:2394 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752531AbdLFUE5 (ORCPT ); Wed, 6 Dec 2017 15:04:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=wfcGUbLLIoam8HMkyWvshq5YncZmKREAD+x3M7gdYac=; b=Yr+0KdXWeTkP4MvGoEhvLpHTDcLXvN2kSsMNUYm44Ps1vblH8uFaMUm7cQyJ6qEwO7ZqoeMAl9lwID81ygQwCV0/EF6ibB2G13ocGGZtK1az3v53iDBUdSOoP8ylMeKLvDrFdsjqKzbFm/0a0AUd8TYPjKaomhfCJM/hJCiTG64= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Wed, 6 Dec 2017 20:04:44 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Cc: Alistair Francis , Christian Borntraeger , Cornelia Huck , "Daniel P . Berrange" , "Dr. David Alan Gilbert" , "Edgar E . Iglesias " , Eduardo Habkost , Eric Blake , kvm@vger.kernel.org, Marcel Apfelbaum , Markus Armbruster , "Michael S. Tsirkin" , Paolo Bonzini , Peter Crosthwaite , Peter Maydell , Richard Henderson , Richard Henderson , Stefan Hajnoczi , Thomas Lendacky , Borislav Petkov , Brijesh Singh Subject: [PATCH v5 16/23] target/i386: encrypt bios rom Date: Wed, 6 Dec 2017 14:03:39 -0600 Message-Id: <20171206200346.116537-17-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171206200346.116537-1-brijesh.singh@amd.com> References: <20171206200346.116537-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0035.namprd14.prod.outlook.com (10.171.172.149) To SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 8bbc604e-1025-45ca-8399-08d53ce4993d X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603286); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:ijIq98HSbB1TpirjLrQKYynpS9lof+vrlb1zRaWWnSa3hxFvMTFr8J2i8S/1aGmVUmzUzT0o+DDcJSyTSq4YBG4cNjT36hpnu4hwoNJizOUq7GcHj5PvDHvsXAtjy0VpF92zUUe51iRyQoCjs6RETNq0wrXVqlfj7NuPZ5oHHYUvMV9Q/lii2dtddYH1BaAaWtBxsV6rezWtAI4363/MFMkui/c5L9idl4Zt488mHpT3R+Gzh6lKgstKTXWj7KTQ; 25:aUQRE5ppIGMtV1iU3BZynBTXdFE6SCxq1y1TJUuKNKA6nP95pmGHOdWqiaJ+JnGoyG5XstXltTsxxK7l9FYTIMbcK5Jn7gf/V8MDsHoI/CS39FtadqkhiBg0QZ4aAuz7A765HbZWRVhYY7cE+RwsfBRPZMqe+EdVj5zgzPlgNwxkr2i0RfJ+VqvCvFNBF5DOPv0NJ1YGOmLtTqmuM75DAcfTg2cgT4Swt6rZDmuHvQZ2TgZAzNhdurjk1RKil7hyZ7XxLI6ZuzhwV1xLF0YIV17G8SAkxJr/tCxvxqWir2aCJB3A7eaEkS4YzRG1TJThMe0nzTs/Epvk+KR1OB6HDQ==; 31:VSOxO1uglJj6lIHz340cuwuRxKGCt0eJ9nesVjmpapy1rzTPF937xu4fRuKTfBEUVzj/EnTwgYmC8upNxf3fOcf4KxokmCbSZQlG9ee7Jube1QekJCmxG63kcETSZhr6L544Z58TGNAOUKV0k55pHla9PxFhTIx3t5ewz9ixYX1OBQeH1zKskG8yWa10jB9D81MZRoI0aNRZeI4bia7E/I8F0ojxTINZqjxVJdXRhVo= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:vu2+ZnqrAtxB9S+rYDRaL5+zeoeNhwKQ7eOC6K2e4tKqB/kXfrW8SWMrk2L9WVWrryp+2a35YlSzSxz++4zi1jv3VPcGFP3hfL/bnBpxOuSV5yqcK3ZdHpYY8H/BeFBbu5zpxONYitPH/ieqv1KdEBvN8uB3/i32LnXzJ1p3Val657PebUN0MgOeAV+32JsrNIkzdDsxItEsmBYEfzLsFmXm58fovc97pMbOXy+1pGCf/JXevkEe1w1PL4/lXExnxYH9hF+5tvIfKcBbuOXak7GjgWfFkUT+XRI8TCvptCKUPgAj1Gd5Xgkv8dfNQQwxseoK0EViXUb739jssLUgiwW6SRy4Dc3dIYnDRvm63jdDtzxaXuuyUpypYNNaN3xsnMk6mINfNp7BnHMrSeF+HZLCNhtJienCkfVkUE3VRS7+/ucUDz5de5t7+akwHcjSWkF/g/LcX3lm4J3LEp/KcHuDWgG199VHIJGaUhCaQNBEDcN+I0tImgs5dnPFnBLZ; 4:LVJ8BoJNAd+Bz8cnP+9AngyO9YY431Tgvt9HI/tMRLRvi7k05qteVf2vobhx3+JP1juDlLO6zZyk45v1gfzHS5QYkPae1kXXBEGiH7zYe/A81i90xLUvEP0NHn0ehhOrjpjfm0caXycQKgBsFjs/JYAXaGhOQ6fGuryT8o6aa9M0iz1Koapgd6PBYFlH7kLFJF0k5M/0nkGA7BuFI/aROgECfPuE1HTbII4uUviZ9fQ52HxMA3pWkKxWSG8jtFouRJYsHB8kzwhQNVO7p9BFb8C/TmK0eBVAqQpSRLzZBLJeoRmNOgTGx3mGQmCHOlAC X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123555025)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(6072148)(201708071742011); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:SN1PR12MB0158; X-Forefront-PRVS: 05134F8B4F X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(346002)(366004)(199004)(189003)(16526018)(16586007)(33646002)(53416004)(105586002)(39060400002)(4326008)(305945005)(2351001)(106356001)(2361001)(7736002)(7696005)(86362001)(52116002)(8936002)(316002)(53936002)(97736004)(76176011)(51416003)(36756003)(66066001)(1076002)(3846002)(25786009)(6116002)(47776003)(50226002)(68736007)(54906003)(6916009)(2950100002)(478600001)(6666003)(8666007)(5660300001)(8656006)(8676002)(101416001)(81156014)(81166006)(2906002)(7416002)(48376002)(6486002)(50466002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158; 23:1XKjLDhri1B19MZPSC6UMlqzy2RdfUYMgEu188pwY?= =?us-ascii?Q?dL5pqx/kH8tAGS+oK5drCArCfrQrFnl3UX6+0hTObr96QpRgKnOXLeRsRhrl?= =?us-ascii?Q?dCKC6v+22U86EPMrSpr1HyHbHbV+SgUyhtiKoq1dklu2sotAVfdoRG/lqHMG?= =?us-ascii?Q?0VCJZEtXVUqb2SCHMnnnkGJo7nUhVJ8rh+KNJfogds/Y/qH66VKDz0Ur/Rnl?= =?us-ascii?Q?7afEzE2Z1xItxLukGpq/k4Y3l9mESASFoNrRTFePMebThkNHNWqIFpbHeGfL?= =?us-ascii?Q?E4iHYF5///ho32csCNNxkQTEIfqkFUTcyqFPXUYPykIwcKlaxiiWEK8w0m8G?= =?us-ascii?Q?+HKRu0Kv5J5vaARvLsXmeX0k9Dl6oxe945muXeF+hLt3Qisxt+gtLExBYpDN?= =?us-ascii?Q?fgLZkDwqxPsCW0xR9wqEOduRLSN9YXlk8SP3iIJgn43GrTmuUIWk+DrAlPA+?= =?us-ascii?Q?Cb4R1RX3hLPFx2V4nfg2/3I3nyzNfjJbkZGf6voNmVaLTY0FDA5WuR7rr4GG?= =?us-ascii?Q?qz0BZ8wEcRVwqxM8+xwciogGR1BuuttAZ7POAxJ5BvIN7hdJxk1WRpF02qjK?= =?us-ascii?Q?dIUH4E2Rizsln4q6Hmimx3eJwRkq4kfrh017qfiecHYiKi8KUTPoYaTdiNFt?= =?us-ascii?Q?5O+6zZbXC94UBKq5I3Qt9RyjJ0xvB3Bjdb2Bgub0Uk8uhgRGSr3YR8zTZ4X6?= =?us-ascii?Q?CDVxq+avvBHtkP3eAGRalqx9i3iHVMZOXa0aZ6c82rGGAakIRxAM1jXpmzQs?= =?us-ascii?Q?DCuEwS7JFSLjjfjCJOYL8yYPnz3zxt6IhmyXBjZEpKDY9d/KhTMco6ThmTbx?= =?us-ascii?Q?2BRPtVsDrmFgrvmbEH/76bSQ898+zRl7vfeRXxbHsZj7cjbHHZUu6vd+Lh3e?= =?us-ascii?Q?/VEhH8jsfLWFZ6ldo45kG+4tL4eTP4kdG9iGBzJLqS2ZluZGxrsGmu3V60Dm?= =?us-ascii?Q?sm3zli7H4AuDorOEgvKhkE1m4X84viEHRpVjSV0m4xs4iyHW0BNC8Gk/t5fa?= =?us-ascii?Q?ZlSPthdUC/PJ8iDn16O8nSxnFp+A/OZ0h7grqnSGOrNgB5w0VHui5riBHGfZ?= =?us-ascii?Q?SoRfVJ6MTXpM8bMH8BIYPr3JOgaz6lvBnIpeUrwt36GyqWVMbB9DNSZW6LPU?= =?us-ascii?Q?LzAoDdyRJ7P6LHEKq3rA7ZUNrAFRCZzQ7SekcWlC95xpvIOugtdrWNXg2h2m?= =?us-ascii?Q?HLXuUB1+C0prYiUaSCMevbS9EhIbfd0TYk6G0/tc5bEpQ/F9Q1MnDa/kQ=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:gvls5EdZAF5L7luKIRxCE9IBmqDFiAQEkFPW134JcN/bnN/0G4+gb/oVfvKf5OjmUXwX0dFxs4dtR8g8OCY18/RmkWcNtK8soGv/2AVdAg0X/UMVvfWYCPLCj7cUMBUTNYbxkWQtlEmhCJ1sFMwm9jNsWJwk3pE1xOgRZvyci07/DDhx4a2U+t+j1eUXt4H8DaZ/Cs+JNIxfkWDZ5hW4DB+pSwD9Yv9IviL0jAVld5Mmv7chK5NrHz84EvqQ5PpCyQS21RCMv9yJg/cI0QydMyt1GWBLw87VKTjWJlaJsbFv7TUJpRgffHaqXiN8ZjN0XcVvFsuHLzASVLTh6Y1+AM+NHklTyahLDkuS/MqYmDU=; 5:LPKrbwJe31YXRHxEY7GtiXdxT4/NQOp94pqu0u+RVGqE/bPxmSUqWZnF643F+i0Vl/F93JulkzeynTkKH8VSDFiqjoBI29j4XcmP+OFlZcUzynZEXE0atTbc6x41213Nsi6KT48X7ND7jLTYzRYha+ssSLpByBDRufDDBVbAMAY=; 24:kIc5yB8kp+g/3bhjeNvSxTFgO6pq4mDa2UcLsM9yHnJkKUhBdVDIna2RsUuDfluOq8WgMv+vPAWACN2PbRBqBYzXh67Z0oSjtlhCi6UKvqY=; 7:I11rSwgJpGW2XrXwQbxKqlGghrobBatRr7sQ/iQw+mWwJt7mSPGBF4RTicpq4ik1rddqFjAuXKmDBXbB5I2zln7efAJHm8Sg3tKg95/ILIVh/ZY9CVhlNOOYHGQ8S628H43tlhRvS3K88/UKctKFnLpYT/CCnfmoFG7oGzKkYqTgmR1bzsCVIbre1KAvIUMLZcwi1Q+Aic8+Nli1sfWzDy21J4ikuzdg8yeJYCAZXxksQgSxQZCn7JM9+bB3roz9 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:lt1hNU78S2mbDrecQqoi6GF+YVVP6qeCQZVvzJM6mDrqeu/02Xl/8HYRAn/cO3+dsZCnwbvg7HoX5r2jv/raLuwvk5wAhhBZ1lMvbXelZYe2+0vY4FqQy+j2hO2no0uedIxv0SQ8nyPZQKjhNd/OpDnuzf7wjWrUhVFTk+smJ3uwtPCtUskpzRP4z/q+zbDubjkfVyQHZn244as/Xus32zNEOSNVPj0wQgWpWXKyskJY6h+MV26B7GVfL+d/R98n X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Dec 2017 20:04:44.6917 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8bbc604e-1025-45ca-8399-08d53ce4993d X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP SEV requires that guest bios must be encrypted before booting the guest. Cc: "Michael S. Tsirkin" Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- hw/i386/pc_sysfw.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index 6b183747fcea..8ddbbf74d330 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -112,6 +112,8 @@ static void pc_system_flash_init(MemoryRegion *rom_memory) pflash_t *system_flash; MemoryRegion *flash_mem; char name[64]; + void *flash_ptr; + int ret, flash_size; sector_bits = 12; sector_size = 1 << sector_bits; @@ -168,6 +170,17 @@ static void pc_system_flash_init(MemoryRegion *rom_memory) if (unit == 0) { flash_mem = pflash_cfi01_get_memory(system_flash); pc_isa_bios_init(rom_memory, flash_mem, size); + + /* Encrypt the pflash boot ROM */ + if (kvm_memcrypt_enabled()) { + flash_ptr = memory_region_get_ram_ptr(flash_mem); + flash_size = memory_region_size(flash_mem); + ret = kvm_memcrypt_encrypt_data(flash_ptr, flash_size); + if (ret) { + error_report("failed to encrypt pflash rom"); + exit(1); + } + } } } }