From patchwork Wed Dec 6 20:03:37 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10097119 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id BD6BA602BF for ; Wed, 6 Dec 2017 20:28:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ADA9D29D99 for ; Wed, 6 Dec 2017 20:28:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A158129E95; Wed, 6 Dec 2017 20:28:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 0FFFD29D99 for ; Wed, 6 Dec 2017 20:28:52 +0000 (UTC) Received: from localhost ([::1]:57663 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eMgJH-0007Gi-7D for patchwork-qemu-devel@patchwork.kernel.org; Wed, 06 Dec 2017 15:28:51 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49921) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eMfw0-0006HF-81 for qemu-devel@nongnu.org; Wed, 06 Dec 2017 15:04:49 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eMfvx-0002gu-1f for qemu-devel@nongnu.org; Wed, 06 Dec 2017 15:04:48 -0500 Received: from mail-sn1nam01on0081.outbound.protection.outlook.com ([104.47.32.81]:20510 helo=NAM01-SN1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eMfvw-0002gI-Qr for qemu-devel@nongnu.org; Wed, 06 Dec 2017 15:04:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ppVkMZswKn60dvIJr64F8QrLimpyLRpc1cb9w9BRU7Y=; b=0efRNkvJfp3uAemkPHg0W3ZwVEreoBlTSrfwdIc+ReP7T+NbcaL7TeVZB8Ob0RLVb+wEt5jq+C0OGDN2YAOqQCjLUNp/VBat1FZkJkgtaQ+oAA7iDfnjeeN/RmoBb0J3sN2s6k9W3tnqO3ahH3JuKIZDVvnG8akWIwSlo5tnKKU= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Wed, 6 Dec 2017 20:04:39 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Wed, 6 Dec 2017 14:03:37 -0600 Message-Id: <20171206200346.116537-15-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171206200346.116537-1-brijesh.singh@amd.com> References: <20171206200346.116537-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0035.namprd14.prod.outlook.com (10.171.172.149) To SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 79a0ea82-e385-46f7-e4ec-08d53ce49650 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603286); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:InMK8cOEHjhFKzwDnCcOgdc3WMe7umhNhD6+3cB2/8Q47Y0FHPoes32D7ekQYGnr5FJb7s9IqnYPVsXoM97nfPf1hXyZ0pKBkyyk2c3tCsAN7qBHNDizDavztSt+03ZRSed2qAaLebtPWviuoCU5bz/FfUBf+CkJyRlKd+/sLFV8BGQ3jzNL5mfV3JIi3W1iqSx6P0Ad8QG6S8A8gpcDwd/7lO12jWwY6b8DBn08Wv8z4dHX5lcEnlbSffIbGDzf; 25:tobA9iwymqr34AVek+csLzpBcPE4EL2xJVxNuYuiWmWgwpnabk5yzatGmAHYzsGDKgAlQfJULKDDLQ+PWgZK1ZUtB18/xkJPLv1qDQF/64pKcjTHe6fVVDc5bfXFuJj3vUkNbpyiIheN2JhDNFeJfNm3xG3Pehz3T4xRmv863xQzD+cH5ck0tgoVWdlTViH0HTuWmcIPe5tANmF42YzWBGW5JvbHJqh1KSkjMPriiibIVZvSnNW0QXR/Oyc/xUFtm6ku6G+VBWwfbrlrAvEqdzez6nnTNPYLdKTcM7ch3ZzexjnymVH7ZF1RL7AdRxiV9U/WOmzZSp8hwgblkewMDQ==; 31:snPgOBjFHESpKnQ385LglP+oiqEe9SWs/8REoxv/Ujo19hydYxJmbOb/lAyrMEYPyNqb2Y8H5lJkj3DAmDJRb1l9A7/4OCBh+ToJbJTGV+yTsUEbEW0hFEvhZ4KZKiioJrmzQKcI3Ad1ORfnXPYQ3d57Kp/T7WtxGPpPo9vVef4H2kN0SgrXbxszbkoo8aIOMYaV/EXyApG4OpV445GB5py9a/qKvb8NsvA/CXa59rQ= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:d6DvSw6218gqze/R2EiyEWGs9H2N1cBdd2lQKyzTuQkXsOLUbNx+kOIPbuNhE/gLeFpIzx2dk2KPURY61NCAsQ0pQElB4PKgNP2TUv+yKm4eXfkjNfaBe0fp1M1l31x6tMwwOmxN1EA5VUdWN7sLsxeUv8C7/aNf2KpDa9+s3tQiXv32ClnHvkeIVVHyilIIMukennQAly9Rc62BEMaaCtsRAKtct0oCePTBQTdoohHka+N2SagycSOya5dINYx7EFpqGT1mTnWaBygq3IurKo3lITLTEYrtltfBeJCR8Wm9JjNHVuyV9E6Kq66BIaDoCIOjFFxGsL613H+5asOn+SPweqf65Rv75zXyTfr5Os3I1hdWxTEGrKEO7+0bRroKSkfKmDzE+Ufgt2rWXUmHeeKVcx87yQcCYC1f8rOnbouRMhBaijPfbG9QTv9+c/snng4esupBb2L+fnL6RuZR8AdT0PsnLCHE3r+Fn7Wqfafb9DK4OJ6myxh7ZyZDr8v/; 4:wnmANpz/bsPS07/KH6dsN3E8kHBu4i6yzvCF1o+lbON4E41A2l2RGiyWgMGHIdHPVTztTnoCG7CjOy1aI9B5hbDZ32ehmUdbcCA3+fWzpj4weB6LqJF/yy+lpWfss4Eka+Cn3k2xMhs56GqbZroVze7up52R3Ji0MZHxFLsi2x1Ubf2NauJVqQe5hbc4/BDLt7jaIphoeHsjA/VGG4Af0QcXHXZ/rjqMArmKnRySCary0jAf7FIdwmM+z9UEHT2NSEtM1kpxj6y7NeUs/9XXA8Koe3fTcuQBgPhdSN8EYcVnp/SHuvu8xlgIolsuv2PPz9mMWLHmY0O3o2oit6DrHQ== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123555025)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(6072148)(201708071742011); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:SN1PR12MB0158; X-Forefront-PRVS: 05134F8B4F X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(346002)(366004)(199004)(189003)(16526018)(16586007)(33646002)(53416004)(105586002)(39060400002)(4326008)(305945005)(2351001)(106356001)(2361001)(7736002)(7696005)(86362001)(52116002)(8936002)(316002)(575784001)(53936002)(97736004)(76176011)(51416003)(36756003)(66066001)(1076002)(3846002)(25786009)(6116002)(47776003)(50226002)(68736007)(54906003)(6916009)(2950100002)(478600001)(8666007)(5660300001)(8656006)(8676002)(101416001)(81156014)(81166006)(2906002)(7416002)(48376002)(6486002)(50466002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158; 23:ftLvFSIw2XffSeFeqBDjtbv6xM27EV+6yu/5GgAXf?= =?us-ascii?Q?ai+LzRp8X/EjHylvIYEw3cfgXcdSKLEWb/BiS3+fDdIEPyF0oKj3PRcViuzt?= =?us-ascii?Q?5B7oH+9VJOI7lBMmB/7Yvy6n4fvwGth3NmmcyatOqVRw9K0qMirepSqnJznn?= =?us-ascii?Q?xD2Lr/zlAAboN9MtObfcuwWvAcZ5+OyDJkqnfxfJJ/UXjAf0Pe2FjI6muo4Z?= =?us-ascii?Q?2GTGmPnmdMbjiu0O8XWJUXews2VRgLUmElQt292Gdy5cufSe67HpFwIg5PW2?= =?us-ascii?Q?KLpAPIYgNTAa60Bq8AeJ8mFfZFCMmHMN6GSauXawbllJ17LvBL+Ed5/LX+Q4?= =?us-ascii?Q?YJoYY9rshuyjxZ1R38YuY1ifddeqvvbRuu8Z7fN2y3F8EQBM7//rfh5jCfo6?= =?us-ascii?Q?sNJEKXVllQsCOQQLO4jwX6CXzBw9gLqWXCmanju/5RtSI13n42kshIaL0yQW?= =?us-ascii?Q?4s/9+u3Cnu3NipE+U0JA3E9fQ03pvhgivI2wlFOLssW70dgFeaipyyIi6z9b?= =?us-ascii?Q?l2Bdv/g9GOwIs/FlIJbLhJd1h/0hg7W7FjL0+W2oZOTkfEfvTZ5f4CfK/Jyz?= =?us-ascii?Q?u+fQrPntiJA/FwwccnhkT3LoIwkQOiQ3HmpZCt9qAy7PDCezz977YCa4NS+h?= =?us-ascii?Q?tO2nyuD0lPctJRJ+J3ecFF4Y7SZ6VK3rbEWlFN8HE4rxpo976vH10mmswdOf?= =?us-ascii?Q?PiQBNiazv0b09JTxk+kA0DgOKC6XYcJgtDEcwMaKKT1/PKu+61Sq0vzkOrAd?= =?us-ascii?Q?wB7wasOeS7lGZ9Ov/Mpy9VdLdGKbTFITF6E4s0vtmUbUw8AQPQHXivOtPfIG?= =?us-ascii?Q?/GjEueEvlC4dTPIiGS4v5aPN7zwIOHgR2rhDwLwl/7lp8fCUUDXT5Js6nEmS?= =?us-ascii?Q?Ayfcm4WlR+yNQW4j+3rqXva2BEHVRXIlV1iTtIjDtTuE54KE+dSEk3Sb7jmA?= =?us-ascii?Q?on4auNUI59uZUzrXqouRRvolHtKsJ+a9K2/ta2KpCgrV3VS1hAuNAexP7K0o?= =?us-ascii?Q?LevW5tjKd17FqnU603NgN7cz2BxLVKcf1SKos2r3o9nISwA/QRS3kVdOrfnS?= =?us-ascii?Q?uciAaAbh5faRfxNOv05SW7MhTB+MCT7R+ZQQb33gIJ2/YRq/RrEGBvMKVD6y?= =?us-ascii?Q?iKsRdlfnVaLwCuG0uhx6ftaloiMskVKLSRn6h1MjyclYhc0PnLpujk/4+U37?= =?us-ascii?Q?UvwPGaRWBxcqLQmUCLGPg4Thaqc/97meqxgDbyoYY2x9v4XJ2hLp9rdsw=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:DqimaMoeDVysT40o9qj9avAXRQSA1ltsDKH6dqqHphe8Y0oVhmaw9OBZZ6343jZkKKeZxXZHk/q9PH6TnLGD8+wGHiuUv8Ge/7hX0HBxRHjJhgdZVHOUwayCWcxTWfjwAEuvbxuOF/PwW39VNsdWQReMs7J9s7xddtURoO7oZDE/3gznz3hTt5yThja+vfIaEe11YnX6aB1ZuJonTXRJHNGSDFmulKzTCO4smjOXlMYX1Nah+a7PVW+iiPcRlk5jeblxAKa5s/COcx8pkCuOcsuT+gTHqznQsP68wTzq74L+u5vF3cYSuPcByrMmvnWlyqFpPNWt5jJ5zSaqmhmxVD34LGa3ba89Gkq748VKVVE=; 5:64XmZGDTaG2/eogzYcnRg4sAamMfYKKpwdzCTiSPAs5tLVPS6wHk1F9xGMUOL5kTXfT6/qooAQVtn1nhtgs014eN06UjJcndadRcj5I0Pf2M4DVd9TlGDQUN9M0zhltHkHlchZfEjXbHJ6nLBIPgk7nMpZfp92hAj2wi1uHMvIE=; 24:4lZo26EP1MlsamHK3FCmG2Eczz8TkDcee0ffMzju2SwFqgKxOttHNqxNI+hHvKZ3fwI3tqH2feCjit3QPZL4KxMVfwk5jT/lBgcrtcUdFXI=; 7:yHVMz8Na5D4tXsji+2AudWTm/p1pRH5RyoYD35pe6MLbhh0BtfIpstO9M/VUE+2hGCbzAa1PyRsuhTYUgLkntG4T0sgtThxbDIHWJbM3bOEQDki45PZE/hxyxt/FGU4r929HU1dDAwgf2tf3PBsygtudktz+pL4G9bGx5dbnOwPH/0SjusQlV+0Y1KuDZyFdBctsOhj1Hrrv6cj2CbzWLZwwC6IzAIOfBXLrCDngd8WS3He9xmJZOH0OCXUSX8/i SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:YDQ2BTRNklugEpOe6FLDjD0Ue0xb1ugBozosGyORJ69EY8I74PhzB/OTFoaGi35jwtgXA7KX9v1srw/1LpOuAzSWCmfqKP3aKbO6UccHVvFN1q9jKJNQ9JXco9itFjReg7SxE+Z+/U1pmN1BcDd+u8FfTsl8j3DE1pM2vzh0R8ZVUKrzDeRosdXEDB/itMNTNypf798XuKZJ0E1hIQA9z5QbO6txadQ81YfDUyjjZ0zbClAUcOseRKtlDaJiCrnS X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Dec 2017 20:04:39.8012 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 79a0ea82-e385-46f7-e4ec-08d53ce49650 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.32.81 Subject: [Qemu-devel] [PATCH v5 14/23] sev: add command to create launch memory encryption context X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Edgar E . Iglesias " , Peter Maydell , Peter Crosthwaite , Eduardo Habkost , kvm@vger.kernel.org, Marcel Apfelbaum , Markus Armbruster , "Michael S. Tsirkin" , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Christian Borntraeger , Brijesh Singh , Stefan Hajnoczi , Cornelia Huck , Paolo Bonzini , Thomas Lendacky , Borislav Petkov , Richard Henderson Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The KVM_SEV_LAUNCH_START command creates a new VM encryption key (VEK). The encryption key created with the command will be used for encrypting the bootstrap images (such as guest bios). Cc: Paolo Bonzini Cc: kvm@vger.kernel.org Signed-off-by: Brijesh Singh --- accel/kvm/sev.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++ include/sysemu/sev.h | 11 +++++++ 2 files changed, 97 insertions(+) diff --git a/accel/kvm/sev.c b/accel/kvm/sev.c index 7b5318993969..74eb67526bd0 100644 --- a/accel/kvm/sev.c +++ b/accel/kvm/sev.c @@ -22,6 +22,15 @@ #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" +#define DEBUG_SEV +#ifdef DEBUG_SEV +#define DPRINTF(fmt, ...) \ + do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0) +#else +#define DPRINTF(fmt, ...) \ + do { } while (0) +#endif + static int sev_fd; #define SEV_FW_MAX_ERROR 0x17 @@ -288,6 +297,77 @@ lookup_sev_guest_info(const char *id) return info; } +static int +sev_read_file_base64(const char *filename, guchar **data, gsize *len) +{ + gsize sz; + gchar *base64; + GError *error = NULL; + + if (!g_file_get_contents(filename, &base64, &sz, &error)) { + error_report("failed to read '%s' (%s)", filename, error->message); + return -1; + } + + *data = g_base64_decode(base64, len); + return 0; +} + +static int +sev_launch_start(SEVState *s) +{ + gsize sz; + int ret = 1; + int fw_error; + QSevGuestInfo *sev = s->sev_info; + struct kvm_sev_launch_start *start; + guchar *session = NULL, *dh_cert = NULL; + + start = g_malloc0(sizeof(*start)); + if (!start) { + return 1; + } + + start->handle = object_property_get_int(OBJECT(sev), "handle", + &error_abort); + start->policy = object_property_get_int(OBJECT(sev), "policy", + &error_abort); + if (sev->session_file) { + if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) { + return 1; + } + start->session_uaddr = (unsigned long)session; + start->session_len = sz; + } + + if (sev->dh_cert_file) { + if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) { + return 1; + } + start->dh_uaddr = (unsigned long)dh_cert; + start->dh_len = sz; + } + + ret = sev_ioctl(KVM_SEV_LAUNCH_START, start, &fw_error); + if (ret < 0) { + error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + return 1; + } + + DPRINTF("SEV: LAUNCH_START\n"); + + object_property_set_int(OBJECT(sev), start->handle, "handle", + &error_abort); + s->cur_state = SEV_STATE_LUPDATE; + + g_free(start); + g_free(session); + g_free(dh_cert); + + return 0; +} + void * sev_guest_init(const char *id) { @@ -323,6 +403,12 @@ sev_guest_init(const char *id) goto err; } + ret = sev_launch_start(s); + if (ret) { + error_report("%s: failed to create encryption context", __func__); + goto err; + } + ram_block_notifier_add(&sev_ram_notifier); return s; diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index f85517c0b5b5..45b464cc96f5 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -51,8 +51,19 @@ struct QSevGuestInfoClass { ObjectClass parent_class; }; +enum { + SEV_STATE_INVALID = 0, + SEV_STATE_LUPDATE, + SEV_STATE_SECRET, + SEV_STATE_RUNNING, + SEV_STATE_SENDING, + SEV_STATE_RECEIVING, + SEV_STATE_MAX +}; + struct SEVState { QSevGuestInfo *sev_info; + int cur_state; }; typedef struct SEVState SEVState;