From patchwork Thu Feb 15 15:39:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10222103 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8796E602CB for ; Thu, 15 Feb 2018 15:52:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7476728FCD for ; Thu, 15 Feb 2018 15:52:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 72BDC28FBA; Thu, 15 Feb 2018 15:52:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 6DA092946B for ; Thu, 15 Feb 2018 15:51:44 +0000 (UTC) Received: from localhost ([::1]:60792 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1emLp1-0006BW-Lq for patchwork-qemu-devel@patchwork.kernel.org; Thu, 15 Feb 2018 10:51:43 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35660) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1emLeN-0004Bm-Fc for qemu-devel@nongnu.org; Thu, 15 Feb 2018 10:40:48 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1emLeH-0003Qh-CV for qemu-devel@nongnu.org; Thu, 15 Feb 2018 10:40:41 -0500 Received: from mail-cys01nam02on0608.outbound.protection.outlook.com ([2a01:111:f400:fe45::608]:35936 helo=NAM02-CY1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1emLeG-0003Q7-Pp for qemu-devel@nongnu.org; Thu, 15 Feb 2018 10:40:36 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=K0rG+9OhEX2pAYXJhYpkvMIzreLnbL1Kngbvv5Wp/bM=; b=e+9LbUrx4ATAr3IemSshnPQIpURloKx9n2WXwwaMCKpLVDSBEmJl9XEFn4I2mLQb9j6Psnu3k+jLZvPjqAqJ3JFGmqfDRynSvlnmXrAPmkqoxfiRmjwGa/JuP5KxNb1XLHCszU4yUhrIUxcQrFlvvfttpm35zcowcBw+vg/tsZg= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Thu, 15 Feb 2018 15:40:31 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Thu, 15 Feb 2018 09:39:33 -0600 Message-Id: <20180215153955.3253-8-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180215153955.3253-1-brijesh.singh@amd.com> References: <20180215153955.3253-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR04CA0044.namprd04.prod.outlook.com (10.172.133.30) To SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 2afc56f9-af6e-4d7d-bc20-08d5748a7372 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:SN1PR12MB0157; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 3:diBwizBc1LKVsp3+18Sy75N45Xve3MmocSRdGz0CkMOOIZsF/aVy4PJ33WiAJkhWcQh3OkXmCH3pnb/pLW5ogKTuopWdQufk++6h4pgtSfxr29Sfxyn/Q/QGZCNyOKoV5ukkIGxHhXZ5hQi8wVlxI/PZGrbhriXAE78M033hk04n7KiRx58na+fsPfru+CFPLAFyAYn43XG3R9pritKZnI475KZDC9zIOb89MK4ROmk35utRqRq5W9CnCzhsy9Ib; 25:zOHCdX0B+UVYZ56LXPid+XPfTUMGvr9ioY1HtQQlTHZ0yVKXOsfBQbXWHY1B8sxvw52Vr4wI2xtN/L8l7XucP7aqiQIKnYpW17cUidFn4PpZlgyokh8G9lwhVvhjEhx0ml3ffQ6PSUz0XYUD6NTVRXW95jtxC79QIdAg1HlChWFeQzO/Ob9KTmBKj2khBfYxtJa/p5VBhwLDHMvN3u9rLyeXchd882tiT+RHd+GGGdQNckbd2v3qAfYk1g9S83b5ATSeEIBYYi55+KvlQ+HyukQ9qH9s9EvfPML2UpepfOfxGmhQjyNoOvLJDwDyCW3zvhR0g0A0LP6G8/VyAH1epw==; 31:3ad1nxgC0ZBhRRu5/Sp4ihfxDZg4+hj4TbBUa+CB9dGi5WZa3tsFaL6yJTSbjyyLNSyTmWRt5VGGLOmW5rxuIeW+QFSY9XPQC79gF6gN5Upaynaq+Fx9jDGQN59o6rZV4Ym5OdjyPp+HglxyiyQncfKS/YHEQ092ueOZEdIpV6S0lrWEg3tEOuH7cpZjL+Mpe4lFkKNt6m3z848zgA1WZNVJ+E99am90huc6QA3ZNN8= X-MS-TrafficTypeDiagnostic: SN1PR12MB0157: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:5uhISjcH5QpGI3e3vK759py9lsbaqX3n5Xc+PvD8imq4e7cEtui+sIQrjGhcGXWzMsR9HYQauKSXj35N28EGC++Dr8dJejj8jb9e7qb93W42FL/cOBVT3y/ZTkCvQi5e1zeY+PM9Qm6n9uxl8LmFeVCHmivbiAKqXwYdY7q1xiivmIqksL8BTON0YT0FdD5KG3nAoe811C3LefvvEhia5kbl2w3pAayaiTLHu85P04ZQD2tgBlahst34FGoGmYSpCMGFmAHGnWG60CghEYwI7B25DITIoU+YWTKofG9g6thVFqLWrc8imwwiCPqG1utR1ZTNdLMoQH7Jl1KNLTqEhGMZKw59zMNTDGz6mwKF0X4pFD+BA7iveuES9xxgQJ/yrKKSMWjPNQSuxYwVItWCA96m7OIVj/KZUiqVXQZSSjUcWMoJK3VurLW6no7apCUeCohaYKTXKy1Oh1FIp1xw9GmGeQvrrCOIWswaj5Pv9yw1Ww+drB07z3QT+ZN6Q+vJ; 4:Z9Ko+NvBXBXQBc16wZc7RLGhCLLlk6v4LbSnbKfgRf0e97ndynLB7HNdcEIy/hX9EARr+uZp21pvyFB4GfD/o3rXaoLcxPlDz2NW8y2z5llV7MS84NkNOBJu2OLMXhWA+y0AgVme4DbyFuESqHefJkP4PfIs6wb1HsN9CyLoo/48SeN/cBQkCt/wqZQPHzNrJ8U/RQwMRDxR3zRNvAEuey371kcVTUVXIx1w1oP0oOvQ4r4KQ+nit5k4+DYWi/bDTT1Cbd4Gh6WRMDE0mKqgU/d0t4OIIER54cHoe7Ww0/A/yHM56ZtMouUBcSocvOKB X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231101)(944501161)(6055026)(6041288)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:SN1PR12MB0157; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB0157; X-Forefront-PRVS: 058441C12A X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(39380400002)(346002)(396003)(39860400002)(366004)(189003)(199004)(26005)(3846002)(386003)(8936002)(5660300001)(186003)(16526019)(316002)(6306002)(8666007)(1076002)(54906003)(6116002)(48376002)(50466002)(7416002)(1720100001)(478600001)(59450400001)(8676002)(68736007)(86362001)(16586007)(2906002)(50226002)(39060400002)(2351001)(6916009)(7736002)(106356001)(51416003)(8656006)(52116002)(25786009)(4326008)(97736004)(2950100002)(6486002)(2361001)(36756003)(76176011)(81166006)(53416004)(66066001)(53936002)(81156014)(47776003)(966005)(305945005)(105586002)(7696005); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0157; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0157; 23:C2GPZadAZ2Hob4BZhp9KMen1Iuw1TLYp0FaXWEHnY?= =?us-ascii?Q?Ru6ztI0hYwBDYy819yWlyUkUg73vu8krow2E3O4M48EeauHyGVjFWneVPI6l?= =?us-ascii?Q?uHW5NDnVDFwd5LoCZx7F0zSAYw9845TSvUUOYDzoYVN/Q8fxtL23+LFAhAvE?= =?us-ascii?Q?Iz2cy0PU3RSUPhTWhIJzsfOLaNJychxc+/GDw0kumcTNg5up+RDa7vG294RF?= =?us-ascii?Q?tEmyyheEyoM/T9DPyknGr/6A5rHvogiSwbvcfTFuyeEyra+0EfB3H7KHYwCw?= =?us-ascii?Q?gJeNc6esjfL6LdhwNMttEI1yPkc/pAan9LnypZulfc4qAzNXdwyCQmF85QzG?= =?us-ascii?Q?cZXdbserGC3F46U/rNpvO5yF2/tT4zD4Aos3CLWERKOFYU9qVKT5nKWAZFxW?= =?us-ascii?Q?1AkEopNbfNOg5SRpMVUKv0DfAnH161q7gxcv+4oanxb/Tdbw9Gh6cSfP34+N?= =?us-ascii?Q?kfELIDPFblYd10+3plVNU6Vfh2mNHKrhO8ZLryeUQpDUY06cP6g0/hxCb38k?= =?us-ascii?Q?0HxuTQjVI5FizMpF3uqfSdJbGY7xygWZ026hFYGYhzFyN2vzqeLR+74X3Kck?= =?us-ascii?Q?OouUxhRlqK9iIY/mFGEyQGMcjhTW41JKQPNS9xniLgfM+MuX9esK0rgDKfcw?= =?us-ascii?Q?ZI1UVov4NjBK8I/Fo4Xz0G+lWS0f0mg/hXi6S3ICR5hL73U6iJwlUN5Ksicz?= =?us-ascii?Q?Q2e6z9u4no98A58i9Afcf3TKF2q8nw0sVJfc2JVJwRQJKgPwCrqm6HYbHVP0?= =?us-ascii?Q?U1v1eCKI+5mT3yxi6W4PnoDQzBf+i2CvKzXAileYEykQ0Ob33IT2QLTtRnXp?= =?us-ascii?Q?Txjt3GrK5ZOLPL3d5WYYCCPk4hSdcIY8TrWBlYgRlDJbZHHLJwpe0cJo2iNy?= =?us-ascii?Q?8JYpJRwluAr+1OLL6P5LPj7JqwJiiYW/gI9pduSOy7SYvTowqsPLKfmJhx4l?= =?us-ascii?Q?fuv3edQfZ1+KpWKV7oyKaMzAMSzLb+fUv7/RkMll+dXbszGddMtlNzPS0asK?= =?us-ascii?Q?oQfFbopK0uSY4K+LBbY5wMLaQSOquDYV/PZXU4mSE+srpZOlMcBrhgqmGDPA?= =?us-ascii?Q?ImRKAicJLcuiiyC6fuqU66+uSrK3Glx89oiSItqavM7Ecy+W/8Z7k50CZzIa?= =?us-ascii?Q?GMsWIXsurW9wfYGyQ7T5L1SBqkia7vapxrMjZMWXaA4DOkn1vry+dz5YeOzX?= =?us-ascii?Q?6SG7M167CDvHQ2cKlAlRyW8d058t/mEDcuxnF/fcNX6yxlZrh6mZxVW+HDG9?= =?us-ascii?Q?IZIdcNQg/JlOZubDXVcKxxcgMtxYr1QPOT5o2SOyfG1PEk9XjYmvc29Dz8Xf?= =?us-ascii?Q?XDfxULds5QwmGwZBV18bx4Px5Jvtv0MpChNRKq34y53?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 6:5i78OAxcunjmOYxY77W4gjlVEPafSeTd+lTbQi9ReGhpO8MAm1uKcYKm+lC5iRdQD/z531giLw11TPvmNcM7pHOxRPQuL5/cwqo5WfaWSJu7qE10E+kN836uqWp0unNhG0V6JDInw2V3SwxN1kuosNh4yxL7/I204vmmDPJpYZxonar57Me4cKQ6rRbGW7HUFh7ZpqHtyxtAqSPp0aJ+qWDK/jGQzfTZPcWCClJ4mhOcxnk7/uId7SK3dgohUCcMVGO0Zgi1JYpQW7pGrwWmby3kdkPghVAkCr8t8wzYDYTNBFbgcYEveFvCNntVtA4UrgamGgMvPkuXJr+rPpgjPw2NdZfODdMb6l63A1sURZ4=; 5:dkVTTgMRYLs1T1BTQpCpIt30PHztNPMbOTuO1JSF4qcNSDH+wCJap6KDD3m+hFQuHGFg1OgmkHmtGNNZbSnlfKx5eJcFDef6xVrs0dlwY9RSCvgxsed/YLMhGaFsDAlVnqpjG5I4/7HYE75BlkVUqJE0K/ASv9I5jpJYdt91YwM=; 24:n5Tm8cVPMM/T4qYDIpvOnVMci05nyUvtiQ5beA9yn47Dqbj0EdsGU3yEAhesnSX5GSiDAqXSas39PNooKaB1KpDDM1hGMdpuSRVGrYLqTXg=; 7:NGxgqOWcW8j0hVamwl80bVsGll3FwmibXyHZSJNsKmgrZLYj5kHTVYDhDEc504kRwnIUGdDC6A9tSDK9MPsDfxDQpY4Drr6S6Tul2b6V/65qD3RZ8WhiLOrYdiN65yWMtuCF2Ltx+IWnjnrNytwe+t5b9fZAZktUDKQDnagv8MupNw3hicNs542GJj2X0PBaToIqgXC8i3wNtpAEKcTDL12yleI7QTn1WDlXfcvyMw3MKr+aYC6fECx4VImb1cvY SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:5FHlxN/HaUrIHEXbBV0FTe9oRMsREHFtX6nOqJRph6B8LvMzZcXyDFHRR7W0sSIak7vWlb5BdODq5gf0Ll0xqWJ5vXDpHMrX0dk2TJkJepR+IURCHRo+rH07x4AYVhqLne4IlwMMFVR3KleBgat+hE5gbBY9lhf0Bgfu23UKr3R36M/kI1Wh57/SY3Oqwg75g6UvDu/V4Ck43hzZdkXFZWxJbL4cTg17WgpxloBvfQG7JsEZnKdChYcpNZKbcMIW X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2018 15:40:31.8063 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2afc56f9-af6e-4d7d-bc20-08d5748a7372 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0157 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 2a01:111:f400:fe45::608 Subject: [Qemu-devel] [PATCH v9 07/29] docs: add AMD Secure Encrypted Virtualization (SEV) X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Create a documentation entry to describe the AMD Secure Encrypted Virtualization (SEV) feature. Cc: Paolo Bonzini Signed-off-by: Brijesh Singh --- docs/amd-memory-encryption.txt | 92 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 docs/amd-memory-encryption.txt diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt new file mode 100644 index 000000000000..72a92b6c6353 --- /dev/null +++ b/docs/amd-memory-encryption.txt @@ -0,0 +1,92 @@ +Secure Encrypted Virtualization (SEV) is a feature found on AMD processors. + +SEV is an extension to the AMD-V architecture which supports running encrypted +virtual machine (VMs) under the control of KVM. Encrypted VMs have their pages +(code and data) secured such that only the guest itself has access to the +unencrypted version. Each encrypted VM is associated with a unique encryption +key; if its data is accessed to a different entity using a different key the +encrypted guests data will be incorrectly decrypted, leading to unintelligible +data. + +The key management of this feature is handled by separate processor known as +AMD secure processor (AMD-SP) which is present in AMD SOCs. Firmware running +inside the AMD-SP provide commands to support common VM lifecycle. This +includes commands for launching, snapshotting, migrating and debugging the +encrypted guest. Those SEV command can be issued via KVM_MEMORY_ENCRYPT_OP +ioctls. + +Launching +--------- +Boot images (such as bios) must be encrypted before guest can be booted. +MEMORY_ENCRYPT_OP ioctl provides commands to encrypt the images :LAUNCH_START, +LAUNCH_UPDATE_DATA, LAUNCH_MEASURE and LAUNCH_FINISH. These four commands +together generate a fresh memory encryption key for the VM, encrypt the boot +images and provide a measurement than can be used as an attestation of the +successful launch. + +LAUNCH_START is called first to create a cryptographic launch context within +the firmware. To create this context, guest owner must provides guest policy, +its public Diffie-Hellman key (PDH) and session parameters. These inputs +should be treated as binary blob and must be passed as-is to the SEV firmware. + +The guest policy is passed as plaintext and hypervisor may able to read it +but should not modify it (any modification of the policy bits will result +in bad measurement). The guest policy is a 4-byte data structure containing +several flags that restricts what can be done on running SEV guest. +See KM Spec section 3 and 6.2 for more details. + +Guest owners provided DH certificate and session parameters will be used to +establish a cryptographic session with the guest owner to negotiate keys used +for the attestation. + +LAUNCH_UPDATE_DATA encrypts the memory region using the cryptographic context +created via LAUNCH_START command. If required, this command can be called +multiple times to encrypt different memory regions. The command also calculates +the measurement of the memory contents as it encrypts. + +LAUNCH_MEASURE command can be used to retrieve the measurement of encrypted +memory. This measurement is a signature of the memory contents that can be +sent to the guest owner as an attestation that the memory was encrypted +correctly by the firmware. The guest owner may wait to provide the guest +confidential information until it can verify the attestation measurement. +Since the guest owner knows the initial contents of the guest at boot, the +attestation measurement can be verified by comparing it to what the guest owner +expects. + +LAUNCH_FINISH command finalizes the guest launch and destroy's the cryptographic +context. + +See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the +complete flow chart. + +Debugging +----------- +Since memory contents of SEV guest is encrypted hence hypervisor access to the +guest memory will get a cipher text. If guest policy allows debugging, then +hypervisor can use DEBUG_DECRYPT and DEBUG_ENCRYPT commands access the guest +memory region for debug purposes. + +Snapshot/Restore +----------------- +TODO + +Live Migration +---------------- +TODO + +References +----------------- + +AMD Memory Encryption whitepaper: +http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf + +Secure Encrypted Virutualization Key Management: +[1] http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf + +KVM Forum slides: +http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf + +AMD64 Architecture Programmer's Manual: + http://support.amd.com/TechDocs/24593.pdf + SME is section 7.10 + SEV is section 15.34