From patchwork Wed Dec 6 20:03:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10097033 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 89B3F6056E for ; Wed, 6 Dec 2017 20:04:46 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7B27428A07 for ; Wed, 6 Dec 2017 20:04:46 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6F7F929EA4; Wed, 6 Dec 2017 20:04:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 86C4C28A07 for ; Wed, 6 Dec 2017 20:04:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752415AbdLFUEn (ORCPT ); Wed, 6 Dec 2017 15:04:43 -0500 Received: from mail-sn1nam01on0070.outbound.protection.outlook.com ([104.47.32.70]:10704 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752319AbdLFUEc (ORCPT ); Wed, 6 Dec 2017 15:04:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=bWUpQjAaYex+LtQrHLs4hdux9ZBdL8MLW6amvzN34BA=; b=5Nc7zy8FjCqe11XvymWPA46BeI5aWvxF/Pxl5pvwHW24NoC7L2SPn0JHdE1StPXv9XScXF8G+m5K4UWm6PcbbQOcHQd/YOXDlXgE6uKRqbzAKd1+Q5DJfwT01Fjoe9aZZqZlV+PewQWLjPlZLUzhJvvSSNJYZSnhMimSQ//IrZs= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Wed, 6 Dec 2017 20:04:26 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Cc: Alistair Francis , Christian Borntraeger , Cornelia Huck , "Daniel P . Berrange" , "Dr. David Alan Gilbert" , "Edgar E . Iglesias " , Eduardo Habkost , Eric Blake , kvm@vger.kernel.org, Marcel Apfelbaum , Markus Armbruster , "Michael S. Tsirkin" , Paolo Bonzini , Peter Crosthwaite , Peter Maydell , Richard Henderson , Richard Henderson , Stefan Hajnoczi , Thomas Lendacky , Borislav Petkov , Brijesh Singh Subject: [PATCH v5 08/23] docs: add AMD Secure Encrypted Virtualization (SEV) Date: Wed, 6 Dec 2017 14:03:31 -0600 Message-Id: <20171206200346.116537-9-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171206200346.116537-1-brijesh.singh@amd.com> References: <20171206200346.116537-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0035.namprd14.prod.outlook.com (10.171.172.149) To SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 0f603ebd-6590-48c0-d863-08d53ce48e3d X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603286); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:8n6W4hl2KjAFzVQTQZH/Xm0VOoNxdIn0wzCjqT0v6y7RzbgxkL3Vj3gg8mwrT5wHvqPaM6/0AAhpUGt3AFTStdJ2Pz0NrcZuAvkrbaKYOxgzNzVm6MKBa+6IAMpC737n2A4tTxtBzncpc7Lsq1C1zf/HqPNSP9BR3jhdQqtrcQ9bAmf728UbrY7IHKxbSId0hUxaQpsutKdab9rGeRSKYdZBJyX+P4FVXh6O7eEJR+Uy/l3ddWjknHDJEONtRZ7x; 25:tWIudzFePipHTmPBACyf2XowzKdtjGMQ0OdV+RgnCpKAJfnoFZEagKl403tj8bNPMXlZ8tURk21lE9roUesdW8Y4wTEIUrPAk5hrEBT4oNYfirSezt6HCZkl0UY3FQixEub/mBWdbbOnhPGXu0CG0HilYWvzJjGWIZIPLnAvgmnM4eFmLAmuUPuXs36+4t/kR/v7+UkLCHdJ80co++LhgG6U0+Xta/0zoTv9DGosf0O4Xhh7ZzBzkl5ZM084KNzMVQOqdk5+Dd48kPZwAHkbi3+/6oOHga2Ei5lSSrIgHG4umz56XF3Ux8vdt2vG/NmBffdv5Dre3NNcgzO6PWAtlQ==; 31:x93wvqZyKUQfrhf//M9VyINAi61giBIUq5o2i2Wms/n1XJItan4Td3is5HZle+Vqn3uLBLnA3D5kKsZ5se5Yepf9gycsRl+4WA9myUz5RQuCwa39OEgjrWHR/jQm84q3i9F49/R5G7YBHnS4slJ8umvzNgZhE5rozaEHSdwSS5TlVnGWEt+N6CjrSqD5Bu7XPMSX2d5fY2PLgVXTEClY5eifp4yjaY2+FugAIy0b31A= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:NXRaOh5w+Xf1QCkCnWaOZ2nhcDfK2mKGIZhgM3aifec8XX2uCTF8Zd2JMPmk8ny3ZJ5J4JyVPkn5u46Dnoyxo5PMINu6V4MytQPzFYTICJMdZnJ+YnOz4LZziZB/9/wex2ZhuiVAhuMRVQBCbQ7UC6/zT/cAPKX6aaPhhsY+6B3DRHJTlGha/KZr8ES+OO7vGToARSIoT68SJezO2tkreFp0xhEYp8Z3OXsIoo35XR9FmuUASDBfe7vMLiLhvapeRr6ZDDfY31SFNHRnfUjiwYCercfQ4zqcScW0N23RdAWe7YmxShPJ2LOIKWLBx6q5jbvL12t/F9fxhuNT0x/x1hqYAWeY07GDDrzkfWJdXuwy6BPNf+TVGhcAdGkDCr5HH6iBYoCOU7w9DaP36Uot0n5vMJzjDDvIMvRRc+BLs83EEbuPMNA2fTJus2WciZNSiYTqMZIZkg4c54kGEwekpRgstlV4f2jD7HkfTJPvMw+Tr6kBatnl80aJ1woSjq6N; 4:mUMlj2HiVqO46v40CH+lgmyDc1TBp7gA9reqg4zUuCe/t6TVgYJr4wMQL4T78hIC8aIBFKpTXjGUbMaCbNBSkkqhBDbVLOeACW1y35SR7ySqBKQAZuuA6fPFZitAhM6cQhsBUOWQAKNEwLGUWcydPO+2SfhOT8wg3bynlS8aSHB24yvmcDMaiR8ADDdPIC6q/A7RmhmjsTApcPs8N9eHrX26pC06AwXk5TfsHPRSXp2hsSi/K/gYboPGuh1L72gJdSvuzxMyHdcAfoqox1OG0kp4RcF9+2yquJGtHZ/eapslB02OY0m+GQoOdEKrrOjv X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123555025)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(6072148)(201708071742011); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:SN1PR12MB0158; X-Forefront-PRVS: 05134F8B4F X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(979002)(376002)(39860400002)(346002)(366004)(199004)(189003)(1720100001)(16526018)(16586007)(33646002)(53416004)(105586002)(39060400002)(4326008)(305945005)(2351001)(106356001)(2361001)(7736002)(7696005)(86362001)(52116002)(8936002)(316002)(53936002)(97736004)(76176011)(51416003)(36756003)(66066001)(1076002)(3846002)(25786009)(6116002)(47776003)(50226002)(68736007)(54906003)(6916009)(2950100002)(6306002)(478600001)(6666003)(8666007)(5660300001)(8656006)(8676002)(101416001)(81156014)(81166006)(2906002)(7416002)(48376002)(6486002)(50466002)(966005)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158; 23:0289zDcKgSEGvQcRnHkq5lLNRxU3Ci9Dt6VnIZkBC?= =?us-ascii?Q?/rDsgWWcOSrKl25jw47L7gYhJtw90fwuQpkyStzkp1PwMDvRcGhs5I7k1ZL4?= =?us-ascii?Q?EzHetejnyMhubqSNCKRnCizNnMqJFj8vPzUD9rJAfA9v4QglGNSZdpaha0N/?= =?us-ascii?Q?8VH9rLewQwNdWiHaNcfnGbk4GpX4En2RvXLJsgTD3hrw2z7Fz6P3V+iAL5wJ?= =?us-ascii?Q?tQFhV8BIrvGoN/j1DsrIuiAv7k4XyuTw3kcXC1n2HtDKVeDkahO+ph0XYVnp?= =?us-ascii?Q?7l3EsSSNW8AvJpJoe3iCXodKVliSeJnebfPYjWZgueIui0HS8N9EJ1fkgDpd?= =?us-ascii?Q?CMfC/P+/sGrt8U5fQW+eCW3fnM7OzxWfKf6RYuL1Q41VN/iDQOB4PjOcdZSQ?= =?us-ascii?Q?nB+SHU0rJ7J/XVLSbWZbdyLykM8l5pD9EksxHxmp2WnK8d6BdIh3l4EDio8Q?= =?us-ascii?Q?90qqcpccHgrYvhynxD6Opx1cmJeWyxtb48ZenWnL22I9D0J9/KzRERRbFURX?= =?us-ascii?Q?zph+zlV360/ZY01M0LVZGc2hBWtOVRIUqOeUJEa7giELYHIHihTm6aeUF0HX?= =?us-ascii?Q?3T36h1RisTlkGy/i/x0edNx602u+SXLNuA3XFVbrgWvZYqDuqR+FyxNocggz?= =?us-ascii?Q?GUp1Gvl6/WaIyb5C/YcBbBACd5/eJ5i00TyIwDlqXe4wfB/wmR8ohDIugMff?= =?us-ascii?Q?A9h1nKy4P54sqLg08ejku/5n2IBGyo9q26Cd/izY8uGOL6BAWOB2Dydndc45?= =?us-ascii?Q?69zgqq0CjEZNBfcMPyy0RP6vHqGYg09AGADE1tqj6NeD7FNTk2tiUAoSs/H5?= =?us-ascii?Q?/yOMvW0WeHrrDP9i7VAc9oHZkvpyZYnpyv8Irz14NAfdxuhGT69fHYUUV9AI?= =?us-ascii?Q?sBxqzVYr3/fxlC5UdTzWaNnp5K/sV6D7pfDYPNzdLwkx1+MuYf6ormndQQyA?= =?us-ascii?Q?RdX7FiZGToEkIK7MJoTgUzfhGg2fSiXEm3wsudD2WeG151wLTP1uWQC1ffIW?= =?us-ascii?Q?1wQdD5mIscGdQp9FoZMGUg0wnqFWMA52y7KYbmZwZ4R7soRKG6/L5LtVkKup?= =?us-ascii?Q?4+bmIasYm5pr6+pVegaJcUG1bQV0JDIi1vfwNSvJgxcGKDX8I0FKQBSSGqRl?= =?us-ascii?Q?G45RE4NyWbY8Kx+lz1BhnbnHQ4d3i5fRJSMeW+NJ0YGwCJh05Gda0wzMMgV0?= =?us-ascii?Q?boR1xhp9G+hSEngkeZFDKxPdVmBqvKcSyFiaYNzUUMlYDmi1ZMTqAyl0fpt1?= =?us-ascii?Q?8Cm1WJrfAmkoYVCE8xXzYnsqpH9E3fFp7we9mzl0IgrpKbCyxqcZLGIofea5?= =?us-ascii?Q?ysrAwXV/PJ2OvsYgVhUGH6wT2kAv4iHr8tL8GRXrh4tQEuQIchnn1ZRi+0qs?= =?us-ascii?Q?XtBFA3CeUaUj/mhhyZxBPqHhQE=3D?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:KJmXdeB4Pb/oHDAZW4i2y8vjW1pKVsQE7SS6Hj9UROLNHt+fOB/ZA6wKjyTFFoVlHYUN0iUfIoYuDlO55L/G5Hez69Nl5OqHIr1QE2+QF0hsspZUYriGHj81lwAtGRf5kcPZGEgkZ/ZiDCHiThm3o5T+UAIi6mwDG5Qf6+jjSdnf5vUWSMJZazwbpdqoQlt5Wird5LAaMSbTjmKrT9r8URGcJpva3nreIBgtXMS+VoYFEPJqkiTyVPcaSgcSE5z7h+xQFHg5euJHnxR2kFNIJ9RUeWpFzuFA7ZQsox4TbHx4YwhE//Q3/dWl+YLAU41xGpEOdPBGUjTR/w9SMhrVAKKjCT6W1QVvVUiTyL9+wio=; 5:K5fJlE7ykuCQ8TRj7WKVh40Xsea9niRxPSACTNExdw34W1M+YTiqI4zlM538cDEXyojgjgaGfAMtfa5NZ9iRf0Ba43wCC+xjRIbvFAD+ztV/pDlIteGq/6Ck5+E7sqlMsX8XTRz9ICp8ZGDeumpLIAHxy8uANlMF+B+KtG5wc7Y=; 24:nWvMTvWijcX/WlaUIl3o0H2v9bNXPaT/hVBwHmSskyHR4Gl58qgaTsMghAzmXZRYQsQPoCGib7gWBRS5NxgzkIi8XMeDk4kj4BuxX6UCioU=; 7:FftoVGIHg17xLnT3PP1Fywl98T7vvo1yDlwHWL5yPcD9/q84MWEbHiCwmuk1jJBDpUpfveg6T+FFUW3/TNZJ/vAD1XHkx2PL96e6eaJUHlOgbV6E9Ts81W4lEddD8kCE/J7qjxFsJ+niUPeaN537BSa8sXPFjsdw5rQGg63lCZO71Tu15DJnp3swhUWSZhEdDCwGA5rtkyzCyjj8TRDicvUY6CgtcF1TtycPKT/EnvBNxGxRzfkzPyEJNaIb0OQy SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:EeOFDSNhFGHE5jbnM6CFIL96w6W0uJtwX5fNdDHpvaFbM2zPJnQd30tT4+ieFU7rz40Vrfo5kkXrjSn7sotC4KvuxUfJdNXyYrmfaYeYqOTNCGKVrdtk36tsAZCZlny3pWn0vohrVljlAcMQmj1SKR86yXqCaS66CVq2NefaO9VGw82ysa6vKKeUXXlfEnsMVLRxSagaVmdRygX5ttEFqY1QBFspCQ8Fn1UNN5miD+RIrzZn2vCOdF/oDOVFAYx6 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Dec 2017 20:04:26.2233 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0f603ebd-6590-48c0-d863-08d53ce48e3d X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Create a documentation entry to describe the AMD Secure Encrypted Virtualization (SEV) feature. Cc: Paolo Bonzini Signed-off-by: Brijesh Singh --- docs/amd-memory-encryption.txt | 92 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 docs/amd-memory-encryption.txt diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt new file mode 100644 index 000000000000..72a92b6c6353 --- /dev/null +++ b/docs/amd-memory-encryption.txt @@ -0,0 +1,92 @@ +Secure Encrypted Virtualization (SEV) is a feature found on AMD processors. + +SEV is an extension to the AMD-V architecture which supports running encrypted +virtual machine (VMs) under the control of KVM. Encrypted VMs have their pages +(code and data) secured such that only the guest itself has access to the +unencrypted version. Each encrypted VM is associated with a unique encryption +key; if its data is accessed to a different entity using a different key the +encrypted guests data will be incorrectly decrypted, leading to unintelligible +data. + +The key management of this feature is handled by separate processor known as +AMD secure processor (AMD-SP) which is present in AMD SOCs. Firmware running +inside the AMD-SP provide commands to support common VM lifecycle. This +includes commands for launching, snapshotting, migrating and debugging the +encrypted guest. Those SEV command can be issued via KVM_MEMORY_ENCRYPT_OP +ioctls. + +Launching +--------- +Boot images (such as bios) must be encrypted before guest can be booted. +MEMORY_ENCRYPT_OP ioctl provides commands to encrypt the images :LAUNCH_START, +LAUNCH_UPDATE_DATA, LAUNCH_MEASURE and LAUNCH_FINISH. These four commands +together generate a fresh memory encryption key for the VM, encrypt the boot +images and provide a measurement than can be used as an attestation of the +successful launch. + +LAUNCH_START is called first to create a cryptographic launch context within +the firmware. To create this context, guest owner must provides guest policy, +its public Diffie-Hellman key (PDH) and session parameters. These inputs +should be treated as binary blob and must be passed as-is to the SEV firmware. + +The guest policy is passed as plaintext and hypervisor may able to read it +but should not modify it (any modification of the policy bits will result +in bad measurement). The guest policy is a 4-byte data structure containing +several flags that restricts what can be done on running SEV guest. +See KM Spec section 3 and 6.2 for more details. + +Guest owners provided DH certificate and session parameters will be used to +establish a cryptographic session with the guest owner to negotiate keys used +for the attestation. + +LAUNCH_UPDATE_DATA encrypts the memory region using the cryptographic context +created via LAUNCH_START command. If required, this command can be called +multiple times to encrypt different memory regions. The command also calculates +the measurement of the memory contents as it encrypts. + +LAUNCH_MEASURE command can be used to retrieve the measurement of encrypted +memory. This measurement is a signature of the memory contents that can be +sent to the guest owner as an attestation that the memory was encrypted +correctly by the firmware. The guest owner may wait to provide the guest +confidential information until it can verify the attestation measurement. +Since the guest owner knows the initial contents of the guest at boot, the +attestation measurement can be verified by comparing it to what the guest owner +expects. + +LAUNCH_FINISH command finalizes the guest launch and destroy's the cryptographic +context. + +See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the +complete flow chart. + +Debugging +----------- +Since memory contents of SEV guest is encrypted hence hypervisor access to the +guest memory will get a cipher text. If guest policy allows debugging, then +hypervisor can use DEBUG_DECRYPT and DEBUG_ENCRYPT commands access the guest +memory region for debug purposes. + +Snapshot/Restore +----------------- +TODO + +Live Migration +---------------- +TODO + +References +----------------- + +AMD Memory Encryption whitepaper: +http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf + +Secure Encrypted Virutualization Key Management: +[1] http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf + +KVM Forum slides: +http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf + +AMD64 Architecture Programmer's Manual: + http://support.amd.com/TechDocs/24593.pdf + SME is section 7.10 + SEV is section 15.34