From patchwork Wed Mar 8 20:53:03 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9611985 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 109526016C for ; Wed, 8 Mar 2017 21:28:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0296228611 for ; Wed, 8 Mar 2017 21:28:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EBB4728634; Wed, 8 Mar 2017 21:28:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3583D28611 for ; Wed, 8 Mar 2017 21:28:29 +0000 (UTC) Received: from localhost ([::1]:58527 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1clj8G-0007mf-69 for patchwork-qemu-devel@patchwork.kernel.org; Wed, 08 Mar 2017 16:28:28 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52006) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1clj5c-0005js-Hb for qemu-devel@nongnu.org; Wed, 08 Mar 2017 16:25:47 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1clj5Z-0005Vg-BL for qemu-devel@nongnu.org; Wed, 08 Mar 2017 16:25:44 -0500 Received: from mail-co1nam03on0056.outbound.protection.outlook.com ([104.47.40.56]:4848 helo=NAM03-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1clj5Y-0005VX-Uu for qemu-devel@nongnu.org; Wed, 08 Mar 2017 16:25:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=q5F2ZN7ql6Av9FRoK/a9jgCm3EPtJkAkSNu+F4A8EWs=; b=nlGlJZiYJmRa/c4eXClOKEb8ThI94WebJFunNr0ikN/3McbMezCI+y4NQ2hPushLsFU05lqjSRiY4YxBFfty+gtEnclrXDKA7j9aHSW0d0/RuJdX/M8h+puYRJaWbi9lIlLvNKKbKHwVm4EUkO4LCr1D/w1LVk204vMsdnc+Z+A= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from [127.0.1.1] (165.204.77.1) by BN6PR12MB1604.namprd12.prod.outlook.com (10.172.22.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.947.12; Wed, 8 Mar 2017 20:53:10 +0000 From: Brijesh Singh To: , , , , , , , , Date: Wed, 8 Mar 2017 15:53:03 -0500 Message-ID: <148900638368.27090.17089251247635148558.stgit@brijesh-build-machine> In-Reply-To: <148900626714.27090.1616990932333159904.stgit@brijesh-build-machine> References: <148900626714.27090.1616990932333159904.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BN6PR03CA0064.namprd03.prod.outlook.com (10.173.137.26) To BN6PR12MB1604.namprd12.prod.outlook.com (10.172.22.23) X-MS-Office365-Filtering-Correlation-Id: 0d269817-07ab-4e8f-37c3-08d4666521ac X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:BN6PR12MB1604; X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1604; 3:Zz82ItrOpdt6TdbhiTd2mfbQX7MMZUYCQImmayupXKSrRslkN4Nl3K6RMw1AmzmMLFDCX/YFbc4+UUKAZvncWkf90lk6K8CMt6oBmC2G1rtNzBNzHQUNTkYDg6/vw6Ap5QK3m2J7HkmO7WY0qe6QeKuq9/AeATjibCF6k5ntPiNZcp1FYVhuNPaxhb0dfJEyYk2PkOMeaVDmK08R4H4aA0nTbHROUhpsOIW1onJqmkvT5mdNdcjyFy1E06GVYjRQdPvo3MFtMv1yrJSDbhBvi4ygvpXfAl1uwS+9Jiti2AM=; 25:XYKnIzyGReHhcVp72iDbLZy4Q1MSMysa/Hh7CdYr5ULUK8APzyk2eUIYmRGM3auFfU3pyfC5iSLCRStwUGibA5/9N7NIt6CIDYFc2zcR19I8OZaxrF4WFDjlfAk5/XFGHL4fCVwHA2b2sNglkIUz14rN7VnAoTBZRtA6GRqcdBG3tz3aC4TalumBC/B9iFZX76egb5HRVyGeEkjEBnEfoLfXOJHdpmjDwdbmSb+5q9ABfXcxDSYFzIPqYHL1cFHGs4G49rxeXCMJxbdSdpuaVeiQFv60/QFeGt58l0nL/5xRd5FNTb737fJAGi83CS3sCzrOJtUVMR678N7Gp7q4JCcb/VsEAsdRpj6W7KxYvwZULv9PFhL87utyQP2HGjH672UHeAJfjJI9lF4VlM/kt/mlOEneuuF8K+R+v+BmBcfdcyelYk2JUwvCoXt4eYzfWyMEzQZQUli4/uYU/64hoQ== X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1604; 31:wm8i117ihs3N+n9PoYPHqNJr2KRuQUm9XWuFrgh4mFC7ls8aYcqN4FLQqissoM026CV+WivCqU6d2jKRPnAPeIQ+YRqYJjCBKpxXcbixbBWtjAA4p1bIxmFAG7vWeEOdZWteM27IAcxlpznQeWdEWzcMP1c6UYXfNdaz2pCf2FohDi2KjZs3Yb1NTnAReKm+C8gV8FNC9PydrGmgQBYbaeA6bkZkUcqwxNqKAwqAKVA=; 20:PVMWhNmbFwUgX9Rf3R8/75O0dP9nJFdLN48dL7SctUB2rnU7ov13nhUdAcFYlgDCIgFvcKaY4D/tvaGhJZePij7ZqkkttV19C5DARsRhWQAhzSV2k+aysSNmVrq4ZU5vE4gXa3iDvXN0VZu29FieZtX1a3n/u9CY26vQoiCLAIGENd57BJw213TgpRgivdoxt2IpA3I7gJPGCwu6b0he7k4J81/+sRIgM39uz5WjKhaXeoMNrHZmjIrUN75Tx5lXRwVI/R0I1uY9sMHIkWWdj6oCM931WICLq2mSsmvDx63si+NBHeCxIuKSpBnQizROr4tCOeZt7xMZDGmQ/1WlcacLPB0+tmXL5MLrn3pnh+RUpnchWyxbTUQejghUGMOlg8KGY/gEOHcZQuHkVCqsi5UXpkNmBPKc2Q5KkJ/JaCVYfsbkHFSgf0vG8l6+SUMICPUjRC/g0JUBPcq2a1/H2kMk4P1pe8/ZmCVBa5rUFJs/zIcsy6sRhuZMNox1Q3vk X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(6041248)(20161123562025)(20161123558025)(20161123560025)(20161123555025)(20161123564025)(6072148); SRVR:BN6PR12MB1604; BCL:0; PCL:0; RULEID:; SRVR:BN6PR12MB1604; X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1604; 4:bvmu4qhhrZNb/5DYshx8BPAQLOcjSIbQzKQl6KNX3yJbEtyKSbbrnRjZsItphQa4bntui72cMnhNB+DHivLU5kKdf1u7bUZtRufcJFtaGGTnej53KjDPrXDJaRCj/RYwha609FfQW6w1uE22SJtMNAgKukhIxgOHfXXeVESE1Zf9TYaX+EtINsbK5jrKHJDQNhaRDabdOoxVIW1Ni5wyilXyKpeTXdCW5uR5keWq6xroFFRhuNvFLumd+EBsC4MksBWEttuR3Y+ArNQ4oYid8R3rhh9HTzB88pqONucUg55IEjZiRpEd+GG6+G0e/ka2J5u/OGqL9kHPKol4EgeeS8oZUTy9AiHtaz2APvCp0VrnS4USqeK3c/F4vMtSN4uk9aDQFY9VvWZuzv+coihM452zqbt6Mkl7ky0bGXIVPjdp1ql3PDC2iNiRj+VRAiBZwd5OP7CTvr769XdsZGroHZaC/f/mClyfawSxuVMbQkrkxRXz0FTX9unl6XFZk4BqVS0p563sYpsgCFQDa27mJn4QgHuf/mWKI2fHEYTCSZAHxNB7NAveW5xdTklg7QdRqvLJn0d9OUctz76B+KBf6O3JVg2zvP2XF16cEr2E4ypT2boFGNF32NEtq0qeJc884/y7jGv6hWS/1E/gbput0cWlcp+YyIdbRwSNFaqwH/8CaCjb/QfrLi1UtGBIu9VF2OHSR2wxExdtgAM44nWQOQ== X-Forefront-PRVS: 02408926C4 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(6049001)(39860400002)(39840400002)(39410400002)(39850400002)(39450400003)(230700001)(83506001)(86362001)(6486002)(5660300001)(33646002)(4326008)(76176999)(2201001)(53936002)(103116003)(77096006)(50466002)(90366009)(189998001)(8676002)(81166006)(7736002)(25786008)(42186005)(54906002)(54356999)(9686003)(33716001)(3846002)(2950100002)(6116002)(6666003)(2906002)(47776003)(38730400002)(66066001)(305945005)(23676002)(50986999)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR12MB1604; H:[127.0.1.1]; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjZQUjEyTUIxNjA0OzIzOml4MGdzM09zWVB5aG85TnZNaktoQ01hQ0xP?= =?utf-8?B?QllnUWtGM0dlMFZiTWxLZjBzZzA4bGVPQWkrbDVsTktYeURJQ3hWVmpHTlNY?= =?utf-8?B?LytUZTlBYXh2OVJPcU5Oc01OTFRoZExPTFhlTFlCLzk3Q3hIdEY5Q282Slpj?= =?utf-8?B?MHcxTXpTUm4ralhwZkY3U0tGNDQyK2h0eGM4UlpMdmdudjF3VGRWNFNsbGpU?= =?utf-8?B?S3Q5WU9UZHZyMlI5OXIrMXdMYUpPMlAwNXBQQ3dranNvMkt2djZ6RnhJdTBo?= =?utf-8?B?WUZ2VTdvUk9CUDRMYzdsbm91U1A1OUp3ZlhteGlCRy80bG9pcjlIbEx6UTJQ?= =?utf-8?B?UVdndk9sOGtlbWlIbzdxaHE2a2p2MWdiSEh2U1dRQVZDZm5WRTUwVWV0Wm1q?= =?utf-8?B?UjNWME1jOHBIZms3ejZtUEpRVUFKbUMwMTVUL2JGSWN5VXFJeWN0QWpWZVYz?= =?utf-8?B?b1F5eHpWMU1BM2tkVHNrUU41dVlQTE0wQTNaZ1BNUVg3Y3Raa1AxUCtESEdx?= =?utf-8?B?eU9JQ1paQkd1WGtlb3ptZEV4Y3AzUlQrUWFUZXlPOVdYcTFjcmRSV0JBamJi?= =?utf-8?B?VW9MeGcrSm9DU0I1aTFjMFBQUU5HQVJ0bVBGUXVqWmFncjBxUmc5TjBtUmhD?= =?utf-8?B?YTZUOE9NSktJcEZHa3pmc1laeUYxVkh6MjllVmJlNTlqeWdaREFlcTZGajZm?= =?utf-8?B?L3hiTloyN3FZSk4vMnNiT1owMlRGVXBsQjFwdDFRT29xeWo4VTU1RmVHQXVP?= =?utf-8?B?OVBzZzdrNnZzcURDZUNnZzEvTFkzR1N6ZGsxaE9lWFZveXBGRGMxSHo0djdB?= =?utf-8?B?NFJobHpFSG5Oa1J0L0VqQnBVRHdjelRnalFlcDRDa3llemJFSnBsNm9Ua21u?= =?utf-8?B?Zks5bUQ1MXhvYXowWHVmT05JVzRZV2hUL29ZdERFdnZkeUF4eTJ2M3lVM1Jz?= =?utf-8?B?SDRpbkpFUmt4SWxFMDE4NnBMZ2dPU3FFQUFzeVVMSC9pdnVHTmNiWTYrS3JH?= =?utf-8?B?NjA4UnhNM29Ia1B4bXZxSGU3dlkyZWxpcTlobzhZa2FFQ0xFQjV0NFRpWisv?= =?utf-8?B?Q0daakI5RzVXN0xKd0h3b2pqcmZpZzR6TXJkb3lwWisrcVd3dnRZYTBkSzdF?= =?utf-8?B?WHJibVdHUUdCSUR2aUJteXV5Y1F0Z0hQQW5iaE55eUJUSlhteFV4dHJ2UGdq?= =?utf-8?B?blVqRVpiSE1UcllrTVJadkhnT0Qxcm5oSTRJQUVkTk1CZWhLSHQ1dWNSdWtZ?= =?utf-8?B?RzhPVzFGZVNZSVUvdXdCdVg2S0R0bzIwenNKMnFFUWZrRDdvd05BUXBTbEpM?= =?utf-8?B?SDNGaFBLR0RCbnVDeTYwNyt4N095NEpsbWpUMk9rZU93WW1RdDdwa0pYcXpC?= =?utf-8?B?U2o0dWZQd0VPRktzTko2SDVDNGMra3ZiRGtJUk0rU0h1WVhkcGJyTGpaUWc5?= =?utf-8?B?Tk5lZzZHSVpKQi9HZjFlWXJ6NDB6b25KZW1MMjM3bkxHTCtvaVRrYmYrSy95?= =?utf-8?B?dGdTQT09?= X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1604; 6:1tV00n376AvkqIUtQCQAynHd2HuqR7vlTqALUf8pfx9J6NBNX/8R/4DgcnTfkU/VMFQ5zjt9s+JxSLFhH32znilJNw2mu5MitrpinDIMfsOrCd/oaoDcUgmVnG/QPcCglLTQtR3wEtjlWrcpjSJRIg3FOzvOGFbzP0LMTt7JQOjHIcVcHQwFJw8RNZUcZH0oz0it5W3Wu6P6ouvpR6/tp92fZrKySU4tS3EGSyZA5Wz99QR5n80BD5pRT9Wbz0dmF4aSB2Rz3+IbcDAF9pqPwpaG17WqQgrkxahLgSkRnU4LjppYm3U+12jkMQvpAMqfCeW5bbzl98nTnO2FvLrXWYJUS096Ec2ZphgFt8ZkaTSO7YgiAFlEit4S9ZVJgEWOcSRn8b3Xndijly6S688eFd0FhIOV5Fp/ZfsxhhklNIg=; 5:Uv5t7Qs4pHg8CYA1YQnG7h8gz5y7BBSkKOZepih9D+qZGYyem91xRjRwBnuQr8bETFbACzuzOuyTSQZVgNYo0d5dMcKXj3NrjuJukbpJq3D0JK7CzdZQ3dAl5DrJ4+1sYgsOWummx0ObNTa4ooNInwihRGzmuFJWtbOvqQABrqQ=; 24:ovZ6HElVQTPEVMuRbFbk3Ne6tboEtKxIb2JN7kZnoYmtEU8tcq7MHyJs1WL1ai3x+5/uiJaTWsA6eHyeNdCNNqxhZE1s2fNOge3sx15kjHM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1604; 7:+J9YafPqHSHx55WHfhbW2RlU7FnxvtYbsiMx/le5EIf3Bzy25KvUvmHZmHosGIKp9w03mZAobheOhD6iMtP4dAUL7BSwaQPfs71hLZqv1f+ZtyQnNhqDa5lzH6mJoTiqqpYTpUo/kH+L3liVvrKV/AmgpMzkOUa5vayQh4On8g6HJE8RXsCW5G/3rwV30pYTsPNFEy8Xmz+Y+yugMiSrWY01g5lwFV9i3LWoJhD65erVX5KrO6fFKdyUQK1Tnww3+f7ja5DiSYE8PsOSxX+8oRuf8QB0CSGSTpMGInH+5iJvmB/89Qs0tr0xFjaDN053hyrv/WY0gFeCYhu8+08JoQ==; 20:Ko6K28AwpGhrU0zZY8CM2qFTtZKorNIBVoDlZmL6xwZYzxSEoFzqmHHbp7SNk/SKgojtZ+SCCHLukBn+1RV8efzoPCiFoWUvth3t0YMi9qVMlDNGlEBrd+UAQ+HM3K7jzVGFO5uRi+d/8rg3GVY0sKyVnlRtsf9l7l4uh9MFMnw/hEIIepWoQG7+9rHkEQ97sI/1nrNNegj3HuaFBMbgzHgmEsHVQoL6glu6g5wBETZH2CTTAP87355eyxtZ5Ky/ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2017 20:53:10.3278 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR12MB1604 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.40.56 Subject: [Qemu-devel] [RFC PATCH v4 11/20] sev: add LAUNCH_START command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas.Lendacky@amd.com, brijesh.singh@amd.com Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The command is used to bootstrap SEV guest from unencrypted boot images. The command creates a new VM encryption key (VEK) using guest owner's public DH certificate, and security policy and session parameters. The encryption key created during launch start process will be used for encryption the boot images (such as BIOS). Signed-off-by: Brijesh Singh --- include/sysemu/sev.h | 1 + kvm-all.c | 1 + sev.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 57 insertions(+) diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index dbc3c6c..747fe87 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -86,6 +86,7 @@ typedef struct SEVState SEVState; bool sev_enabled(void); void *sev_guest_init(const char *keyid); void sev_set_debug_ops(void *handle, MemoryRegion *mr); +int sev_create_launch_context(void *handle); #endif diff --git a/kvm-all.c b/kvm-all.c index 1fa6413..a13d62f 100644 --- a/kvm-all.c +++ b/kvm-all.c @@ -1826,6 +1826,7 @@ static int kvm_init(MachineState *ms) goto err; } kvm_state->memcrypt_debug_ops = sev_set_debug_ops; + kvm_state->create_launch_context = sev_create_launch_context; g_free(id); } } diff --git a/sev.c b/sev.c index 3e02453..4b3f39a 100644 --- a/sev.c +++ b/sev.c @@ -148,6 +148,55 @@ static const TypeInfo qsev_launch_info = { }; static int +sev_ioctl(int cmd, void *data, int *error) +{ + int r; + struct kvm_sev_cmd input; + + input.id = cmd; + input.sev_fd = sev_fd; + input.data = (__u64)data; + + r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &input); + *error = input.error; + return r; +} + +static int +sev_launch_start(SEVState *s) +{ + int ret = 1; + Object *obj; + int fw_error; + struct kvm_sev_launch_start *start; + + if (!s) { + return 1; + } + + start = g_malloc0(sizeof(*start)); + if (!start) { + return 1; + } + + obj = object_property_get_link(OBJECT(s->sev_info), "launch", &error_abort); + if (!obj) { + goto err; + } + + ret = sev_ioctl(KVM_SEV_LAUNCH_START, start, &fw_error); + if (ret < 0) { + fprintf(stderr, "failed LAUNCH_START %d (%#x)\n", ret, fw_error); + goto err; + } + + DPRINTF("SEV: LAUNCH_START\n"); +err: + g_free(start); + return ret; +} + +static int sev_mem_write(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs) { return 0; @@ -200,6 +249,12 @@ err: return NULL; } +int +sev_create_launch_context(void *handle) +{ + return sev_launch_start((SEVState *)handle); +} + void sev_set_debug_ops(void *handle, MemoryRegion *mr) {