From patchwork Wed Dec 6 20:03:41 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10097085 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id F2E2460210 for ; Wed, 6 Dec 2017 20:12:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E3DCA2A039 for ; Wed, 6 Dec 2017 20:12:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D72E22A03D; Wed, 6 Dec 2017 20:12:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4EE3A2A03B for ; Wed, 6 Dec 2017 20:12:39 +0000 (UTC) Received: from localhost ([::1]:57549 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eMg3a-0007ot-GY for patchwork-qemu-devel@patchwork.kernel.org; Wed, 06 Dec 2017 15:12:38 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50052) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eMfw9-0006Xo-8x for qemu-devel@nongnu.org; Wed, 06 Dec 2017 15:04:58 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eMfw6-0002oV-1N for qemu-devel@nongnu.org; Wed, 06 Dec 2017 15:04:57 -0500 Received: from mail-sn1nam01on0064.outbound.protection.outlook.com ([104.47.32.64]:50906 helo=NAM01-SN1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eMfw5-0002o5-RP for qemu-devel@nongnu.org; Wed, 06 Dec 2017 15:04:53 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ZiZEui5y1oZvrOK22W9A0WIK/+wE4Fp5Utif1K7Vq48=; b=xCTy3qMoYOr+wBSO6eMS7P+cAOzZE2bS/h0oL4Knw7tGlALixMLFmd9ywMuxMZgr1b2P/Qv6PXOkIey3dWOzi8X9ikhxdmEQCuY1W+jjja87DeK3mHw3Y7uElDY83DwSPlVDtlVkyATwzWTwi93BVxR+8qI5wWVStUnjjE7zVFM= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Wed, 6 Dec 2017 20:04:48 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Wed, 6 Dec 2017 14:03:41 -0600 Message-Id: <20171206200346.116537-19-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171206200346.116537-1-brijesh.singh@amd.com> References: <20171206200346.116537-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0035.namprd14.prod.outlook.com (10.171.172.149) To SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 4438a429-7278-43f8-1451-08d53ce49bba X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603286); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:FINF1IH/YtpNjlx830nXOy6Hiu6cfGwgmIGqsgccZeX2t4dyxK0eYofE5HJ9uxiGDRmCfqoqvXPpS4CeEcaUNBZMzGU9mpq5FwvSbWkdAeEMK+wkxgA7AIhh6optbhnO/eDxl6+Ri1+nMzWa3PuRFRnaCiF5ZEPcW6GMnASStZA5ZXG6gt/pcS0B6H0+ZLLhLH99ykirGVrKzwG2XU0YbaYOr8MJarNhJHlbq1GXGktqYLL4+3PWuOdsYqDiVj+8; 25:jM1evWphOkFGrYJCT+HQOSXNLztScFkCyvd1eWxsyJZeT5UzNid15RBwC0ruJvtR8sp2n4E3kkk1q/eFMXy7YVQbRA9iWpHZhnqWPAb1hgElkvWfPfs8ln+5B9cs8qRBTSPQ00irmHUOa3Gzo+skOjfL6aUDCtyumthbhHKw6/RvwCxoHjwcd0e5pJy2wifCToWuGSt+xEHwINvceJP6JNlpkpiR6DQhejXGNhV6h23V+f1+7GZgB6ZHHg7VvUKzqFaJEyE2LWCfXr8i9UslZI+ig2AsPMvKgklnrEsX9IM5CUn3Bvxh9e/JfkQ9Yn4TBryPHnGaG7+aL5yE1u8mUA==; 31:6YHC5PncPXmFF30NVcvfHgTP3BMo3QLlHVZSvqqSyk4cAjCpQOWey04Tlzh0T6Jwe4fgwRkl6FrQ6hxebzSZZrmLvpXi1T1KnUgDm9olSKv3pIiO5oWpVFvrBajpz4AH+FtSmV0bgrxDs5PIKbee0mphmJIfDPob17b08e3lXbnT+fE5jmXYYvYdBfH8DBC4+7whzfFqLmhuwf2U2v2DWkMFlS3uLxd846S7My0wLFM= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:DPqsD0KcqKkdMb8aliEHF99/joXKBD6IdndpwgRUKTD9/oSX43BE4hUmV6Bd6eWi4rJ/Ag9nWwED2MyhP6BWd7CYDlYpYJ34fdZNgZJ1h620RIriGtqjB/3wC2hrRMocs2qfjL71IYLnrxu9dZVL1fZDUaBWii2Vou4aqURaGj0ibya+aAlm0wnCC3u9z8Lqf/C7wCoRVSkmrirU1FlMcuSZaxh0iDePAX+EKDdKf42ijVNpfCuWGCg+C1e4brwQwOs7xwP3pQipZmP9HHFKCNlYhoEFAPXRaHloymMJmm3nChAONXxoxVk0HaOTDEthUOymXa+Xd+pbcY1rZDIA8+FlXlm14dFNg2ApSifq+MuqpDTO7NEPAjoDzlBzqdjDZATh2yJGxrIbVtnxC3qP1sS6tOmwlhD7d9swhLN0nv7EffIOYUkRr6iPx5T5t1XwhyLxq3L01DyckQi8+b0oh2B0E0nT84CIxth0L8jO0uR90tc7atBcd6cSJd7XySHS; 4:MbkfCKKr2O/11MRopasA/hNyli2cenhPI1ZddASyJ3cL5z4dSD0t4BfV2qJVFTKDnUfqp9G2JfLSwe3hyBNEl5zLOgVkJXXPe9gJjvFHiuXlG8ymvYBzzc2dfYizUtD82hp08Q1wONB/b6uzzhI3lOFiXeWUhfj5eUYHrrEx9m7jwbMRba00Res4N1CnZWHD5yrb2KzX97a4pw4qX0//woGs+/BBrn3RmBZ9QCllpOW2EW9REUdzAT56goM93BlHBQ0nzt1mV2NWjU18Qoo46lcsUNVnVWOnlUIWYBMiqJtl7w1EsxIfZ1SNKhhpehC7np5RiKIWOV0WdTO5hZ1Gjw== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123555025)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(6072148)(201708071742011); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:SN1PR12MB0158; X-Forefront-PRVS: 05134F8B4F X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(346002)(366004)(199004)(189003)(16526018)(16586007)(33646002)(53416004)(105586002)(39060400002)(4326008)(305945005)(2351001)(106356001)(2361001)(7736002)(7696005)(86362001)(52116002)(8936002)(316002)(575784001)(53936002)(97736004)(76176011)(51416003)(36756003)(66066001)(1076002)(3846002)(25786009)(6116002)(47776003)(50226002)(68736007)(54906003)(6916009)(2950100002)(478600001)(6666003)(8666007)(5660300001)(8656006)(8676002)(101416001)(81156014)(81166006)(2906002)(7416002)(48376002)(6486002)(50466002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158; 23:hU5TpdDyjukhZqjb5eqedXx33NE6iOsnqZP/J+k+U?= =?us-ascii?Q?8YOaa588o4rYMUNCa15s9ANrgoJC+aK38nKjFJ/Dlqmbqn2O73ZcG8GXxWYy?= =?us-ascii?Q?i8Rjvp/9Gv4ySVPvE7X8MEGP62EWHrwmogunei6DmBf1O1NwaMfqIgDDjV3J?= =?us-ascii?Q?U7ZzLIJNYjoJ5yDz1VvFCPbAIs3GcytrFpqtl2Y3ghlXZ2eUUh5b5Mhy/KFg?= =?us-ascii?Q?+g3loJlSLpaF+aS8XlRFloJvw7+BhGAHvZ85he9bR0k+IvWvZESkGGE1QCd6?= =?us-ascii?Q?PXyvJ2gl3E81mufhkjNOq73pyUBRP8ybSpXcrUVziiXLB/bFrCc2Hdtd6AwU?= =?us-ascii?Q?BmC7F5q9o1Dm2g1UpZRtBUVcZwEL6xdhzdsm/L+vD15AWIbKpPM8kWzfj88G?= =?us-ascii?Q?kPEVXcPqQG4BBDYz/iRI9bzHanyeNe/Em3buSU0q3LxV63YVZGpYSKgI29al?= =?us-ascii?Q?2s9XvmjrEdSwk68AkntD7E+HnRUDc7O4TX+Ba48O0BV46S2sqdxtJa+F8UEN?= =?us-ascii?Q?oiRLq6FY1l8T1Fsj13tdZr1S/G7FutNMoa5H18dgEdFwxIuFaEIlSfsgEvbt?= =?us-ascii?Q?WG9RP4PDvBotw5wK/9DrSjw3ky8+ZCe2C2hYpG8ZHbPjAJKBxER2wh7TW+9J?= =?us-ascii?Q?jNfy1DmIFPemLnRa9EQco7VMMYap8kkM1StuLoQBWfIblVYnPAuMmNOMqn5U?= =?us-ascii?Q?r/3UWRyhUHIh16RLHBQ8E/TsKDmr72THmyrSHhNo09dkA5b3IgegVEEaPi2g?= =?us-ascii?Q?p6mjHaIEyn9ACAtUzwE2MZx6IHibIBRRotgkymGeK6p/TCEMCrU+V1xIf2wp?= =?us-ascii?Q?s8aem2Cw0MrLfn9FMRPwDQasCNAdTeKAApOZBuyFpsbiqZ+lzRr209F6uK2G?= =?us-ascii?Q?GEAF4Gz/RelRL4vDcoV2TceydmhxaMYxidhqkfsNP542rkX6skzoPmCBcSdp?= =?us-ascii?Q?X3TPwKD1ZmmNXk6YX7IPOJ3BxWj3Spevk+wphO3btYxWrHsF9hVr917bAE+W?= =?us-ascii?Q?YSG7K/t2XQK3PbMq8OwIaAA5pZxNVzctc1Z6VhZsgwyC9Gmt9/n2VGuPEtMB?= =?us-ascii?Q?n/ewwSDQ4cCVdiPnA5xJFX/QMO/1EzYaYoPC4QakCJt6MOJTJEfqFNTZA3/k?= =?us-ascii?Q?fqsd2Xe814x7+pG1TMg/ksRXo9ULDD36BWK/X2K5rjGCIKSjFyTRal0UND6y?= =?us-ascii?Q?LyZ3gR7Y4ZKghbnGUrh8lX4z3dAIEDwHhqHNl/i9LRl6ws8OGmIQOojCo0og?= =?us-ascii?Q?ng5475F3W1PCoN0Ux0=3D?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:ok7yWCXUL6qdXKZLtI3EpikTzrgKAuFU/4RC+qsC85PaMW2un4gu8Q767R/e4LtcshW4vj45yZouLaC+QTr4GTYvIhNzHwRIYbfwMQeXY9hbO7feqke9gf9oOjIgn8rDg2h6Sy6niA9lNbQt/0uMJvcA7Otyx68FFZZTEjQT+R3Ux6v3iJC+ySwM2GL6QM4lSu4T3YJAS0ZEF4uWd9rQU5NwvK/Zdgd48IZuU9flnvy/t+2aLTkm1YKo4q9NWMADmSyp6Q7k0zdLlUIilQN/hPEWNptnHqgOdcKCRDiYaT675m2V1x9jRfISfJ8A+dbRdvB5Z0ly4NCKbgtgHUQc/FaAPz4Bh2rBRBATmIF2G3w=; 5:p0n+OKRus1ZD9oM0pQ7ihBhqzSBSGADOzhsCtT8Nwj3MgPf0eBU4xujgpDZShbl4NS38IRhSwaCO0hGfnjhWsy6nAZEkiLvyLHjU7DaZfZSULlUK7Yavfc6yjFvr7iOj8s2kkCH+FkG4RYI0u+ozOuaK/qXRhup24v1OB3dqpGc=; 24:1IQHyvroPvj3J8A/ZdPx7R8sEMxUbm6WtXbtAkx3elsj43EXzj0Py1eyWxY7BKt9ZG8P7VIzkKP25ZumEnRR7pbgGLVxZR/koEePaBhzgPM=; 7:nZ1O7DkmMn54Un1eS6C8e/KNbiE2NWjkcWZhJbbWq7PKM28haaFu60yyT36KgX7MXXzSQFQHQUD85BcR2beGt6ClkhrOy/fXT8MzIQjkwh6l/MoMXXPm0UC/C914/1dg+m8lK3w/2tyRJzt8L8hNv/KhJUzqrlHlNeWIhTkLdBR8/+uewriJHiiqAJdX+sHTzRPLjbEtxmPGQIcDAUCXJVBF1KxrxLIbo+UdkkSmrmk5kXDpTcuBusMWdKCGM5Yy SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:j623l+/tsAxm34/Ao4pCQhfVM4J9VTcfoMWIFVAxAJQuDOQkewC3ZANBB3gcdU4UE8oQO4ICTVTWsiHMBhI9WmfSLYefwWqo+eUG8rB7/4RZJONiIGBeg4NsjmbXm75vRtFWmByAObHVPKDrDxdUZmroomdewthvauqE0aWHvAq4eUdYTQhCwQXg99hM09J3GS2xER2Maob+NWMg1cv8UWFHZyihhn1ikiJUDAD3p8Js6TRAS8bgJdpq39qvlc7V X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Dec 2017 20:04:48.8166 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4438a429-7278-43f8-1451-08d53ce49bba X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.32.64 Subject: [Qemu-devel] [PATCH v5 18/23] sev: emit the SEV_MEASUREMENT event X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Edgar E . Iglesias " , Peter Maydell , Peter Crosthwaite , Eduardo Habkost , kvm@vger.kernel.org, Marcel Apfelbaum , Markus Armbruster , "Michael S. Tsirkin" , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Christian Borntraeger , Brijesh Singh , Stefan Hajnoczi , Cornelia Huck , Paolo Bonzini , Thomas Lendacky , Borislav Petkov , Richard Henderson Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP During machine creation we encrypted the guest bios image, the LAUNCH_MEASURE command can be used to retrieve the measurement of the encrypted memory region. Emit the SEV_MEASUREMENT event so that libvirt can grab the measurement value as soon as we are done with creating the encrypted machine. Cc: Daniel P. Berrange Cc: Paolo Bonzini Cc: kvm@vger.kernel.org Signed-off-by: Brijesh Singh --- accel/kvm/sev.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++ include/sysemu/sev.h | 1 + 2 files changed, 59 insertions(+) diff --git a/accel/kvm/sev.c b/accel/kvm/sev.c index 83fc950bd3ac..c0eea371fa06 100644 --- a/accel/kvm/sev.c +++ b/accel/kvm/sev.c @@ -18,6 +18,7 @@ #include "sysemu/kvm.h" #include "sysemu/sev.h" #include "sysemu/sysemu.h" +#include "qapi-event.h" #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" @@ -32,6 +33,7 @@ #endif static int sev_fd; +static SEVState *sev_state; #define SEV_FW_MAX_ERROR 0x17 @@ -399,6 +401,59 @@ err: return ret; } +static void +sev_launch_get_measure(Notifier *notifier, void *unused) +{ + int ret, error; + guchar *data; + SEVState *s = sev_state; + struct kvm_sev_launch_measure *measurement; + + measurement = g_malloc0(sizeof(*measurement)); + if (!measurement) { + return; + } + + /* query the measurement blob length */ + ret = sev_ioctl(KVM_SEV_LAUNCH_MEASURE, measurement, &error); + if (!measurement->len) { + error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", + __func__, ret, error, fw_error_to_str(errno)); + goto free_measurement; + } + + s->cur_state = SEV_STATE_SECRET; + + data = g_malloc(measurement->len); + if (s->measurement) { + goto free_data; + } + + measurement->uaddr = (unsigned long)data; + + /* get the measurement blob */ + ret = sev_ioctl(KVM_SEV_LAUNCH_MEASURE, measurement, &error); + if (ret) { + error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", + __func__, ret, error, fw_error_to_str(errno)); + goto free_data; + } + + s->measurement = g_base64_encode(data, measurement->len); + + DPRINTF("SEV: MEASUREMENT: %s\n", s->measurement); + qapi_event_send_sev_measurement(s->measurement, &error_abort); + +free_data: + g_free(data); +free_measurement: + g_free(measurement); +} + +static Notifier sev_machine_done_notify = { + .notify = sev_launch_get_measure, +}; + void * sev_guest_init(const char *id) { @@ -441,6 +496,9 @@ sev_guest_init(const char *id) } ram_block_notifier_add(&sev_ram_notifier); + qemu_add_machine_init_done_notifier(&sev_machine_done_notify); + + sev_state = s; return s; err: diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index b1ea3f805290..3af945935b60 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -64,6 +64,7 @@ enum { struct SEVState { QSevGuestInfo *sev_info; int cur_state; + gchar *measurement; }; typedef struct SEVState SEVState;