From patchwork Mon Jan 29 17:41:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10190189 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1131C6020C for ; Mon, 29 Jan 2018 17:42:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0D55E283C3 for ; Mon, 29 Jan 2018 17:42:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 01A9B28639; Mon, 29 Jan 2018 17:42:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 44B36284AF for ; Mon, 29 Jan 2018 17:42:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751586AbeA2RmK (ORCPT ); Mon, 29 Jan 2018 12:42:10 -0500 Received: from mail-dm3nam03on0075.outbound.protection.outlook.com ([104.47.41.75]:63152 "EHLO NAM03-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751505AbeA2RmG (ORCPT ); Mon, 29 Jan 2018 12:42:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=bWUpQjAaYex+LtQrHLs4hdux9ZBdL8MLW6amvzN34BA=; b=QoyIjwaILEXSB+9lhmXmwAxEHKqPjrScLJkaUYeYksJ+6/b04APXUda6ZoOF9jPrenHezT1+T0jHYxaXkXxqYyWKlHBa4dC8JNOq+1C853NqK0OmRcIGn0ir4DkTz70Pb+w7WodyMBVLog181Wco3ClwYlRsHePE3pGiyB8gKH8= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.444.14; Mon, 29 Jan 2018 17:41:58 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Cc: kvm@vger.kernel.org, Paolo Bonzini , Tom Lendacky , Peter Maydell , Richard Henderson , "Edgar E. Iglesias" , "Dr. David Alan Gilbert" , Eduardo Habkost , Stefan Hajnoczi , Eric Blake , "Michael S. Tsirkin" , "Daniel P . Berrange" , Brijesh Singh Subject: [PATCH v6 08/23] docs: add AMD Secure Encrypted Virtualization (SEV) Date: Mon, 29 Jan 2018 11:41:17 -0600 Message-Id: <20180129174132.108925-9-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20180129174132.108925-1-brijesh.singh@amd.com> References: <20180129174132.108925-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR17CA0018.namprd17.prod.outlook.com (2603:10b6:404:65::28) To DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: ce7d48b6-4417-45db-3bcf-08d5673f997b X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0154; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 3:0utUNmnsMCMAlF087zjN3P/Gn6/be9C5znchmxqferrjNN+oMXl6PqlY/HWAck3dFq+YYKorG87dUdRPd2jbLWfXIeWNG8cKOd3cQune98C7PRr8Chr2I+QSGnlTcFAqa61CG9b22Ln3CDwzFz/Bs8VKavTa8NCzFn1EDJZqNBtptIQfjHBbpcg3QgSHyE9peIh8Bcpv2xghxw4iajj6grOzGsoP2y4JwgDyJY+2v0uQ+0afzlVN5Q+z6wxOe4sJ; 25:wAnt4ZM9ycpwkt59qwQyCdrsrp2F0Knp776VkhM2kRvjqqMwgXtA3cHNuzc/gVkJl//lNn3LbQVR1h+Y9v9Hq6Dt+W2ZGWlVnPSP5VXw4nI0GAhLYeknx9yvNRKhChHLWTnTFPHZd7EuqabOT2/nyGZZ7Qr0TnbHpwn1KHpxiX/RKWXIY3Rtk+wdeux7lTcO51oqzaiHhn3XOEf/4orT90/4+vrnA900VaROc+WTaW90G+tbCkv83PcDHbexgqv7SVCSPU3eQ7ElS8Gh0YluqMbH6Z3WMNWyyHuB8RnbG5keFl9kZjbAWgdN3ccUxLN7LBLSLIZ1WvSmQpJY56RNog==; 31:X1wDdOqkVPmdGbnFkBCarxOZrgkhq+uaJrIaUk1qwC4WO64GXnR9hEbh4N4P8J9kbz60HK3k5cj+CHRfVU8XPZA2mqOe7sDuOaU3Z1+eUTxijNxGkNyV51672YIPDlDnZRXzgAMqD5B4g5zWqLLd2D9bBjcBavBRDb386u9+HVcu3S8foPBH8AZ1VNQn81nr7q2O4V5uWj8rSJzLfG8Vz8GBCYJje8zfBZ5jOVrOxmw= X-MS-TrafficTypeDiagnostic: DM2PR12MB0154: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:x8bL3/cisDy33zkoauTwupr+IzXkmH9lE0+aks5muhmAuHiDJEuMTAQnV/pBLQi1/FDAKOPVUG/B/nJzWqBgkiSQlpSSFlpFNWfRJj80XoOehal7RfHbAZIl9QghOcuUPas/HLXaw6h3N25+KTUAf8V5a4vkpmLirpv62ZZdvzqFgcHiQOKAjtxjPYWX7Rlaq5gTT+36pd61QReaCSDrnVovt+WoZxbp/t1ww2LZQbh3k0qKoMH7aIoMCdu5uWEEFTrp8DRPRKq+4HyD32wyGpVZDWTH5mfxW9p0VKBsJza8goqTAbOZrM+1QBEabx/WWQaXB9/WlfEsfebCApaUx5ObNeLmo3BGXa/bPp11V60S1QgjASo4SSp12tJwfvoOaIuPzzYnjp+MwXv8kt6/TTeSEawKpSSa9GgnwWT6dr3UXD9H22O5Fs6pSVBfP930j2/5OIxFIJovExCg7dZ9gpaADhzrZNPEK8HMfaNl+zYrwD/w4Q4ycsfSfaYAkbyT; 4:AgfAvNF3DapF4M18EJQJ3SkO+lChZ43NY/re5hiJqyY309EiONHaBJ54st8p6zRqvZZPFg876yMwnYo132U8rSpOXoTtbmy887sGTTwCv3rHc9LHmH2oVAeqvJQojz5FN2l7MJqHb1vDXhpRddiZtAHESQdJrJKUOjtrCEwbiGdEYgsDeOHNk0HkpxEHWfvfYAGB/G8iRPnVw/uphnmilrBYkQz9RQdEPcrBaemaDkd0vYBomdOOKQY/ftfGvACJIy0F2jUnPtiNHHE6hNd19IB/6n5MA4oalTQ+gmy+zPUPHJbD/aTrxlpjLrKoh+jj X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(10201501046)(3231101)(944501161)(93006095)(93001095)(3002001)(6055026)(6041288)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(6072148)(201708071742011); SRVR:DM2PR12MB0154; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0154; X-Forefront-PRVS: 0567A15835 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(39380400002)(396003)(366004)(346002)(199004)(189003)(48376002)(8656006)(39060400002)(4326008)(6486002)(68736007)(36756003)(478600001)(26005)(97736004)(16526019)(6306002)(1720100001)(53936002)(386003)(50466002)(86362001)(25786009)(8666007)(16586007)(54906003)(186003)(47776003)(59450400001)(316002)(7416002)(305945005)(7696005)(105586002)(106356001)(76176011)(51416003)(2906002)(81156014)(66066001)(81166006)(8676002)(2361001)(966005)(53416004)(3846002)(50226002)(52116002)(6116002)(2351001)(1076002)(8936002)(7736002)(6666003)(6916009)(5660300001)(2950100002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0154; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0154; 23:ZsyYmKqsUUTwekI1BKQkoZ8HiRcpUcHQeCPVj57tu?= =?us-ascii?Q?YQG6+uEfyeZoWos/JhbB4zdY93zcHql6Z/CNljmsU3+KiNx/tPlnAuhIrcSm?= =?us-ascii?Q?PJSM8wn3vtu+ywm/IkmQeSeNqdyHpGXKbTJDeDuC2POPbsyPMUek0HRD8Nou?= =?us-ascii?Q?KtcWIc+XkOSzZq9y9lrimed6o53TMQ4e2RNu46QCRlWzYqkcSSBU0zsOkcHk?= =?us-ascii?Q?zVUb7/fyRBThFkePKXnCTSk/wzBpACyTjsuPGnwA9WMm/tSbwG1QUEqIm2oP?= =?us-ascii?Q?v4OlEwa3Sv7TayOgtOMJOkwcs2xeZCbX5auLtg93giy8mGNLqySgvXRVJFJB?= =?us-ascii?Q?0udd5aX+7GeiEYyqZGiKXkTeSuI+Fg/FKE08g206bc0/EccZgkCI9FsG9vV1?= =?us-ascii?Q?JK+t2w+YfwxJcO4+GBR4m9y5ST45cAdJlKEyf1dBmDl5B8+7dmLLEFnj9rbY?= =?us-ascii?Q?kYJEAAmpvkbtIrTEpPfqOwOW9tIj6TNrpP5WJi1Cv4zXJ5+RtJ/wboAJUHTV?= =?us-ascii?Q?ExoDKtacEh2IWZYGkwyogQCHY9ZcN6MOS1fUamhDajhHmgbrcNUHucDwicdh?= =?us-ascii?Q?+slXBlm0hSxAxKskc+GygLn5hZ/sH6bYiKdJLmrmH/uql8pZDf+IJQWfpmGi?= =?us-ascii?Q?Tge2VjDpB54X+Q7pskAZV+wSnN1BBSdEVkdp6U0+1aqQurU4CfI4t2bY/uIt?= =?us-ascii?Q?E5D4q4a68F//kabrluzDIqBhnXZxfx12Lpy+bg1ACHQvpTNvRT8z0r4pYXfY?= =?us-ascii?Q?iWQxTCCUK+9hE3N7SAmDz7c/+0SukMBInSN36C4YT5ehGqC5ttjaVuGYXW81?= =?us-ascii?Q?kVkh7g1dlgEGx9NFs488QXQmp0TGcr8ylkxUc6erbCgWLiZmE5scMvOS23Fq?= =?us-ascii?Q?WaB9ITktmdIgxsyXdYHXVCMzzReT2EUBN0YstLE8PLbtnHNGTElobluCafxv?= =?us-ascii?Q?EB0DVc6GLwqAdCXw2NqD/EDyo90la90eqzp4ACfHv6Wm5Lsdwyq0K68jxNan?= =?us-ascii?Q?W5CNwXXeyeSolkkH2e7rxLMt2QJZyOyNKOiu4sbaN3yNuTFw8hv3ufkhG+x/?= =?us-ascii?Q?BWZzq41bI66Je5+5qD5r3wLF04RyfJQL1MeDQK8QFD/VIzgTakUgyrrwVbZk?= =?us-ascii?Q?wKBwveB/YKaq2xyXHizAbnaob3FWsHMTHdamc8MLfyfl+yDDYZkeA6uJyhUV?= =?us-ascii?Q?KhInlNhvaTxv8elSdDD4SiMiOmAmDv57go3kyOUBDJBt3ewKX3VXrroTl/pT?= =?us-ascii?Q?eUNDq5waEOGwVKHFXiyhqvRHzuekl9DPgKI08zWUIpdTMkMDl5da0R3sOj2s?= =?us-ascii?Q?YK5kpVRJwILztmEUd6bpjoBgj2hHt3//8FjtCCbKgqfFKRLyRqhbDqpzch6y?= =?us-ascii?Q?EHmig=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 6:4eWRuCiushvFwBbqlox3B/KiiTdkN2pBkWpAhpbj1LfZZtL2oXeZef//LLYEsT/1Dvc69mXNKkN3egshE2uq4QcSjYv3PezNTPGhCK36kNIAgNbBJ98gopWD0BZ7chiAEXqm40whDyLOSyHj2x5kZzNT/PJ9ScX/kMWmqDP+uxTGzbtVdHTfsTWuGBIoK8lntFR82pifGhP3XgQVxlYvHeoKPO3ZFxa7Vr8e6XD1KKU5nhmMDljLwguJtE4yTIiylhXbYhZKFEtE4he23524vIuzQv3TTKnGJY1U25srZwELKYhnbpnu1xT1yhNsVJKKSegnvEcEx0w5RmiFKxVq1ZZaydf5iUUKjQ8tJzu0ikI=; 5:lxqbR2rto6Up9SfgggTLrt7OcrWQK5lJtrTG7AqMriLtArQK5yI5CZWUJjNXOABlW9XpKJo2WFGPSBYjUWU+GaLC0KmVf98k27Rwc/XxuKq9+KBGSVP9tWxslzoCqbxGhdNUhuR/3TumKgUz8tT1VuVkktmndwi9JqbuCLBHuZ4=; 24:n5fz5z6/xBquqk/hhxpVm11JoATlXoEkpOFldbSiGggZ5llMvvR+Lb7mjlbcEgvMbES47sEjIAjuN/vrsFRem2oErNQXzMuO6l0Yg6ABwNY=; 7:r2WOqU+WFV2UihkuWp2gXaBC+y4QiqRFO5qHmSDTuFozuK+FzBy43yLaAn83/wd817x5v+5XMBuM99NE25Zit1XIDUdar1NU5cHkM69TP/P5GT7SxBjszsFlW5h2CZXC5WkXTtvRRK4gsphRXid2eZidPrl6Xk73D9fbBP3Qq1hG4zA8tWrBGiZ5W4w1Zcf/JwWT5dNd2bks23oeqOFvocuN5FwUbTb02CQGo6JFfFtWpovIY7UYYhjTNuuCke6C SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:+vNvHckta2E71ZbxaIzWmogRbjmERzueD8prtD09W2seAmMiKWyMvEqPiogkO9utAbK0V3y2XHTdDuOcUzGfK/+HvS8oDEjEGzaw+yVGvARGk8v+KPJ8pgubZweRT17nYAvR091TezwW4RDRzrgUHCSJoyw0MLM7ISzrZYoYRdN+pmEnJRS8gcKVC6V5MDIpvalsT26Oxl6Ez4kd/sGOUER7pqEcso/MHGbMFRnSy2n2h6v2k3SkZyDFAjShdMrz X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jan 2018 17:41:58.5571 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ce7d48b6-4417-45db-3bcf-08d5673f997b X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0154 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Create a documentation entry to describe the AMD Secure Encrypted Virtualization (SEV) feature. Cc: Paolo Bonzini Signed-off-by: Brijesh Singh --- docs/amd-memory-encryption.txt | 92 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 docs/amd-memory-encryption.txt diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt new file mode 100644 index 000000000000..72a92b6c6353 --- /dev/null +++ b/docs/amd-memory-encryption.txt @@ -0,0 +1,92 @@ +Secure Encrypted Virtualization (SEV) is a feature found on AMD processors. + +SEV is an extension to the AMD-V architecture which supports running encrypted +virtual machine (VMs) under the control of KVM. Encrypted VMs have their pages +(code and data) secured such that only the guest itself has access to the +unencrypted version. Each encrypted VM is associated with a unique encryption +key; if its data is accessed to a different entity using a different key the +encrypted guests data will be incorrectly decrypted, leading to unintelligible +data. + +The key management of this feature is handled by separate processor known as +AMD secure processor (AMD-SP) which is present in AMD SOCs. Firmware running +inside the AMD-SP provide commands to support common VM lifecycle. This +includes commands for launching, snapshotting, migrating and debugging the +encrypted guest. Those SEV command can be issued via KVM_MEMORY_ENCRYPT_OP +ioctls. + +Launching +--------- +Boot images (such as bios) must be encrypted before guest can be booted. +MEMORY_ENCRYPT_OP ioctl provides commands to encrypt the images :LAUNCH_START, +LAUNCH_UPDATE_DATA, LAUNCH_MEASURE and LAUNCH_FINISH. These four commands +together generate a fresh memory encryption key for the VM, encrypt the boot +images and provide a measurement than can be used as an attestation of the +successful launch. + +LAUNCH_START is called first to create a cryptographic launch context within +the firmware. To create this context, guest owner must provides guest policy, +its public Diffie-Hellman key (PDH) and session parameters. These inputs +should be treated as binary blob and must be passed as-is to the SEV firmware. + +The guest policy is passed as plaintext and hypervisor may able to read it +but should not modify it (any modification of the policy bits will result +in bad measurement). The guest policy is a 4-byte data structure containing +several flags that restricts what can be done on running SEV guest. +See KM Spec section 3 and 6.2 for more details. + +Guest owners provided DH certificate and session parameters will be used to +establish a cryptographic session with the guest owner to negotiate keys used +for the attestation. + +LAUNCH_UPDATE_DATA encrypts the memory region using the cryptographic context +created via LAUNCH_START command. If required, this command can be called +multiple times to encrypt different memory regions. The command also calculates +the measurement of the memory contents as it encrypts. + +LAUNCH_MEASURE command can be used to retrieve the measurement of encrypted +memory. This measurement is a signature of the memory contents that can be +sent to the guest owner as an attestation that the memory was encrypted +correctly by the firmware. The guest owner may wait to provide the guest +confidential information until it can verify the attestation measurement. +Since the guest owner knows the initial contents of the guest at boot, the +attestation measurement can be verified by comparing it to what the guest owner +expects. + +LAUNCH_FINISH command finalizes the guest launch and destroy's the cryptographic +context. + +See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the +complete flow chart. + +Debugging +----------- +Since memory contents of SEV guest is encrypted hence hypervisor access to the +guest memory will get a cipher text. If guest policy allows debugging, then +hypervisor can use DEBUG_DECRYPT and DEBUG_ENCRYPT commands access the guest +memory region for debug purposes. + +Snapshot/Restore +----------------- +TODO + +Live Migration +---------------- +TODO + +References +----------------- + +AMD Memory Encryption whitepaper: +http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf + +Secure Encrypted Virutualization Key Management: +[1] http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf + +KVM Forum slides: +http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf + +AMD64 Architecture Programmer's Manual: + http://support.amd.com/TechDocs/24593.pdf + SME is section 7.10 + SEV is section 15.34