diff mbox

[RFC,v1,11/22] sev: add SEV debug encrypt command

Message ID 147377811888.11859.2777245831487772253.stgit@brijesh-build-machine (mailing list archive)
State New, archived
Headers show

Commit Message

Brijesh Singh Sept. 13, 2016, 2:48 p.m. UTC
The SEV DEBUG_ENCRYPT command is used for injecting a code into
SEV-enabled guest memory

For more information see [1], section 7.2

[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf

The following KVM RFC patches defines and implements this command

http://marc.info/?l=kvm&m=147190861124032&w=2
http://marc.info/?l=kvm&m=147190861124032&w=2

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 include/sysemu/sev.h |   10 ++++++++++
 sev.c                |   23 +++++++++++++++++++++++
 2 files changed, 33 insertions(+)
diff mbox

Patch

diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h
index 5872c3e..a505d75 100644
--- a/include/sysemu/sev.h
+++ b/include/sysemu/sev.h
@@ -65,4 +65,14 @@  int kvm_sev_guest_measurement(uint8_t *measurement);
  */
 int kvm_sev_dbg_decrypt(uint8_t *dest, const uint8_t *src, uint32_t len);
 
+/**
+ * kvm_sev_dbg_encrypt -  encrypt the guest memory in SEV mode.
+ * @src - guest memory address
+ * @dest - host memory address where the encrypted data should be copied
+ * @length - length of memory region
+ *
+ * Returns: 0 on success and dest will contains the encrypted data
+ */
+int kvm_sev_dbg_encrypt(uint8_t *dest, const uint8_t *src, uint32_t len);
+
 #endif
diff --git a/sev.c b/sev.c
index c7031d3..4e5da84 100644
--- a/sev.c
+++ b/sev.c
@@ -455,3 +455,26 @@  int kvm_sev_dbg_decrypt(uint8_t *dst, const uint8_t *src, uint32_t len)
     DPRINTF("SEV: DBG_DECRYPT dst %p src %p sz %d\n", dst, src, len);
     return 0;
 }
+
+int kvm_sev_dbg_encrypt(uint8_t *dst, const uint8_t *src, uint32_t len)
+{
+    int ret;
+    struct kvm_sev_dbg_encrypt encrypt;
+    struct kvm_sev_issue_cmd input;
+
+    encrypt.src_addr = (unsigned long)src;
+    encrypt.dst_addr = (unsigned long)dst;
+    encrypt.length = len;
+
+    input.cmd = KVM_SEV_DBG_ENCRYPT;
+    input.opaque = (unsigned long)&encrypt;
+    ret = kvm_vm_ioctl(kvm_state, KVM_SEV_ISSUE_CMD, &input);
+    if (ret) {
+        fprintf(stderr, "SEV: dbg_encrypt failed ret=%d(%#010x)\n",
+                ret, input.ret_code);
+        return 1;
+    }
+
+    DPRINTF("SEV: DBG_ENCRYPT dst %p src %p sz %d\n", dst, src, len);
+    return 0;
+}