From patchwork Wed Feb 28 21:10:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10249869 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4BE1F60362 for ; Wed, 28 Feb 2018 21:33:49 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 37CA628831 for ; Wed, 28 Feb 2018 21:33:49 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2A26128860; Wed, 28 Feb 2018 21:33:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id A13BE28831 for ; Wed, 28 Feb 2018 21:33:47 +0000 (UTC) Received: from localhost ([::1]:47090 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1er9MA-00046F-RZ for patchwork-qemu-devel@patchwork.kernel.org; Wed, 28 Feb 2018 16:33:46 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53350) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1er90M-0001Mo-CK for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:17 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1er90I-0005pG-0s for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:14 -0500 Received: from mail-dm3nam03on0076.outbound.protection.outlook.com ([104.47.41.76]:5440 helo=NAM03-DM3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1er90H-0005nz-A5 for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:09 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=tVTE6NRJ3EHEyEedXxi2En4HYScIpW4xZBR9GZNP7P0=; b=DbTLyYGrpjq8SLIrgxJF4bUhX7Xs2/DShI9ATtW0zOGjlKt5onUpj/CUUYbHTvn1MZTygKcsbJb8fhAaYi378RkY/MhRLuSsAD7YyJSIsfvpwKPIJ18bIVImvW/MLxkqsX/75D6uIlBUzM6kGv+zHCNu//tePe+pXOhbXixCfYg= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Wed, 28 Feb 2018 21:11:06 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Wed, 28 Feb 2018 15:10:15 -0600 Message-Id: <20180228211028.83970-16-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180228211028.83970-1-brijesh.singh@amd.com> References: <20180228211028.83970-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM5PR10CA0008.namprd10.prod.outlook.com (2603:10b6:4:2::18) To DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 81e107a8-efc4-41fa-a9bf-08d57eefc8c9 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0155; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 3:J1futQBcVXoyz1h7PDHDkt8gfKkWhz3zoOo7eX+tL/GhpgsXqJX6acQhpbxCoXij8D2lNlFr55dXMm0zJ2Eaas8+uS3joqTEosoNHRN0XbKXLYE2XeTrjQG53JayiO1/zG0pdcNrnMCLAYxtQT2YcuNzvvXvDVetgJ2cZLfoEg2l1gXxjmxRYf9uo97AypGANvFAlo0rNhuwtns+buDbqMKAddH9v+ritQPNUNdLLAyZxopC4r0xzhOslnt5iXHm; 25:IdUKCoHjgGuidfoQEzniyQPq1aCnEWm4Hw7QP7AItXD2zvqFFoklkDkxuOzS2U65h0LJdsLPJap2XE+nS4GFLxYwm2wtSDM/zzuF4KRg6aWrX9BcV3uldky0rUMfBtk8cZL/uYRmoEcs5Fj/KfaadpteNSaFD8Kvd0oH8362wyaplCNIHkZgKo6CSdzX67pqYq52Cy0R0EoJBrdMS4cXJa6JpcDkKrE89X2PypOZxF84tVQy5VeGEH4I3cVm9Adz50YDQnp1glm8OixwEbandv71CPa7IoYmh2D1PUs4g0jhZ/AnFaoqF0Mwi4Z2E64xIcFCTr5R7D6kFbW/6khEow==; 31:BdlqOMTygtnDNt7h/Lp6GrWkhyV70rBjtxR4im3rTGXvr5Sc2BC28CEbU2fqX2rx1q57NEIeyN5gcRihqlQ3CuQtuB8wh6rdc/N59ovNb+iSXI8TLuu3UcyQDCo/pK7UdSuzK06NkX8g/THgie1B6vpe7753BpfmZFKB/NKdJWZN5Ff5/vaTleeHrm0o1X+qhTlqcnjeb+vOD2rQbfV1IaynNaMlo0SX9ZWbKUYFUi0= X-MS-TrafficTypeDiagnostic: DM2PR12MB0155: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:7mgvpmDncvsXWFKtU+o5V/SH3XQaTGIwDySyIGAClisR3mI9ISf5MHty2x/Y1gpCFEx5EyWowtyXxGdUQYGT3FQE+69rxpLW5rR6f0BSYRJM42DHMxEmsG6tHIHntiWY6ueaqbzVK5SqMb0LEAYG5o9l1V55taUytyGIU/oGEMrI4sJyuqvA8zpbpvXBE5NS6l9eOO/aEfR+DqpCOeK9IsjRORb7uKIoub9tAhJgHK74EcILKQCQDMbnEilrcHjV9E1V5xa1UBNfE+PfAWzC28rxM2zC5umom668vmkbcf8lkvpk3n5al/bBlirI/cEw79QelQyhvpT37HNSbrGG8V3kUiRVfMwfNW55Xa1eCdwERm6JVN5WDyzbKy+IMaIM1sVTQgkvct0VBimfvYFNq0qG8E1kuHXVY2h6S5qf05l041U6L+VzgyPzDJdJUmX0qo+0jHurgtVGGaxjWQ8uiJQFnlYs6neTYup4pQisdLpr4UYiPKhTEcxxl3WXwlil; 4:aW2yOX5bdekg2xjfG090uFsWX4DMw1YOa94qHePUXHiPjFni22EGZisZ3iVaw4L9iVW9juCf8Gjw+d0ctG/Mttn/Svm+JCg3bo4NI9BFJ/TowoP2KdZolA2jWvrw9G6uu3/JAPS9Q0DzSM3SvgZDgBsecdoPr28jaorP5usQqsLY3n3FrW3+PNcPN0vxKFgF9a9kj8s3JKHRfP27LGpTZzJXWarkP61jryvBXHGjDlI0Z5WRVfGMBmbtNtKTrr55rlAWOzBQE8kCw2spkGqB+3VbqCUA8CP11q9VcoEgN20R6E8Q1SCBfAuSxyoFeQsk X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3231220)(944501219)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041288)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM2PR12MB0155; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0155; X-Forefront-PRVS: 0597911EE1 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39860400002)(39380400002)(396003)(346002)(366004)(376002)(189003)(199004)(6486002)(6116002)(1076002)(2351001)(36756003)(16526019)(16586007)(54906003)(53416004)(26005)(53936002)(66066001)(186003)(47776003)(59450400001)(2361001)(478600001)(8666007)(316002)(81166006)(50226002)(8676002)(8936002)(386003)(106356001)(97736004)(5660300001)(2950100002)(6666003)(305945005)(4326008)(76176011)(7736002)(39060400002)(8656006)(105586002)(68736007)(50466002)(575784001)(7696005)(51416003)(25786009)(48376002)(52116002)(3846002)(2906002)(86362001)(81156014)(7416002)(6916009); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0155; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0155; 23:OXy07GGOsx3PYORgPSbNH/j8Z+p7GeI4xmBRkhkwy?= =?us-ascii?Q?IM0zLr9aBBu/cYYPfe6IOC+D1ZuD7vilxuaD4wOaHiOSQ/VLNot/PEmSk7ce?= =?us-ascii?Q?esn7wTBQZBhBAGbuY4WRuqnOHe21xk9q08M2/e4ePoyYaZGB/2g28BfZ5snG?= =?us-ascii?Q?fz0BJnzYx3MYSB1o1UJNhNJXtsvKHCqFxNoRpE/1cjUZKfsOtnkpdhFfemeC?= =?us-ascii?Q?KZjFSRZWmHOHzqtEdTI1ivhHZ3y3pQqH094H0tSlMozsEZWUBDc0Oh1vKLjJ?= =?us-ascii?Q?lt3nuffkDU0rS/aQJwkxNb7BEyMJEG+ycFgmYJwiL87+HUIQNUxQjIcVCjLg?= =?us-ascii?Q?qTifyvYeWrq87Detj5/m08n0TrYUxdvc/0NWC3lwUGqrBCfT3XKU3Qyf/V2b?= =?us-ascii?Q?eBLIUAq03txx4WpGl7m8ZJ/OxaaZz6WIteZ8s8izlPFdOurkmK3sPMksLYj8?= =?us-ascii?Q?lJQg1X7o7kDvQDBpCKbWq0GxccQ5rSExLY1XICDshm4DCHtQv45ht2Z6aZJk?= =?us-ascii?Q?OhX5bocKrRFkTJbUzGeiR1De70V3UK/Fjy1uG0FPfdUTvRgBuzWUH7PlzK9e?= =?us-ascii?Q?AnQcVAU97RMmUH2jHPjcdjKI5zstLssHIaAIWN2Et0YhPaoAJjxZBx1jzNpp?= =?us-ascii?Q?tk8sasjfDqhNmGTmvIP/l72A0WrH5IaJ/9EXeEzfPKoIjsO8zBp2ERIyVCzf?= =?us-ascii?Q?YyZ1WKhINWHWuapMv4ofDwqZoKqC821WYsFdzkB6uTegBL8I5OlM3XanpwGN?= =?us-ascii?Q?wvPTgfQN+DtlXfCce7fCfS1erjKeI52k02EQhZKH/aOb6S9TXN7zwXd9HOgc?= =?us-ascii?Q?kPAgaUPbteWNi9G6HTWN8cVO/LXuW6B95/ExGtuTtRe++8glccQaB2rvjX8c?= =?us-ascii?Q?yuoKL3Xr60t0D6KTIP92nrNJTYowz8eUNOqx7WSvhHQYjvA9/TfWoowbMPxM?= =?us-ascii?Q?xEse0Z/Igp97mzqI3X44Kk/ptbJN4zD7ofvw85PLIQoSQYsmCb/hFkLbDOE8?= =?us-ascii?Q?VHH9jpMXqPRN8jQDZ/eFuo1kFzVQ+ItvpIfnxgKHskjC+CzOx+BkjYybiem1?= =?us-ascii?Q?qJirTlcCqnYht6W2nHaVetWd3ypSOfFqj81dJMRLzKopzwkW85tV1J/BCRet?= =?us-ascii?Q?L+BvasMl7I0UBCSGVqhmHOqno2dPcXvkxS9M8AVukBs/6qev/LjhgH7yX8ra?= =?us-ascii?Q?/ktB2TPyCYvHC2E5V1AL9Uwl4A2Gz42l2Cd7R+Z0xZXx7gCdrVYKgP0kFKSf?= =?us-ascii?Q?yLEqhStwIjoAWol1CIN90UfSY6kInz02Yc9Y12ePfesGwCQ2JUYgZ9f0ocbO?= =?us-ascii?Q?wEARSuSvjb4USCYDQVp0TRwn3oizzngESj/6nGej6cY?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 6:irAYvNkN0sQlColR7NuxVsOx90BpwxEqrCkhwaZt3I5nFUA8W7M1oax2YIX5RtLYSlj56FKD3VkiIBexEkytpR9SVnKwaJnYfE93CKtiKBaHfDdzwochmC6zTqtfOLnsssYhB7xqL2eE0T1HXQtHw0kE6fq86xiNAb939vNNy/MdhZ0tlQ1/JdXWaJxI4w8TQiYjlBbMEqKyBsUDA1kZx21pbqLAChUIo3VcsmApsZyy+ccbrzKNVvdK4kfALNsDH8T+ppFA2gI/Ls5HJi9dt/yIaIleNqos4QnTaiFG5jztUaZtvtKex9q1MFVcK/FSTv2MYjT8OcMrZF3bN/JfGS4YhtFV8mxiRRv5vhBE25A=; 5:njsBZyLO5u2IXGOaq/E0xV7x8RvVmH0kTnX0ibwUdPLO6UjhXAAS3UwHlu+TidjOc5eNFMnM7Ecqc8UNe6Q4dhWpUOEr13OQJidnGYIgnFgW33prT9sG4cYoS3pFlbmlJTqYVFafJ1mxUaX9wc0GHZzn4bwAt8OFLZ5BRkokkww=; 24:ckosZNINBHAIyYuklXz0UoajCoIjMvH8Yigezezc2x/D8kdRPQV72YflTkcmTwD+ybV4B7GrGCCYr4pvtnZSuX/98UVB6fpeB4horVPWK4g=; 7:U6SCPBs9YUz9kYlrgGoxKtvUI44LZmfQ5ejiHGTv0Fs3L+lc7JsgwzEKJB4qR5pVgrl2sqmHKGWhtepvhW3Cxb+vEpymjDWXo+xsB++3BR1J90uvjwWYKzx7Z9xT1d305E8nfdX5fWRphnSAlA+acRATWUFJcA0lswwI9XDwQGtQ50Z+Rj/S4Jjw8Jf5H9rQvEtiW8E5HmrfSPFSY2pzbsWxjOF5zr5nZJyc0GbLZfp47hTk3DvVZkjsmuZzsw29 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:/9j10T1XLVxV/HHy0raQfBO+o35JFWEd4VkfbLrEyaZL5Qn+S7ypAkRpfW8DpYf4EdT9oHBRMWbJkm7OuFBzW6OLpLWTHP5Md2czAZc6IzCUdIbcYgaWZ+QwnGZ6dsY6u5bhqVhu/kqaOxSn105OFU3lcHDeRMaPQ8Zrla/J9WtRQzcnwbA+Cwg4JJtnP2OUyDDNGvatt1A1pM+9kNgvjGVK6YRmldI49LTnRfsx64YlzNgot1u/6N0478wK3VG5 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2018 21:11:06.6392 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 81e107a8-efc4-41fa-a9bf-08d57eefc8c9 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.41.76 Subject: [Qemu-devel] [PATCH v10 15/28] sev/i386: add command to create launch memory encryption context X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The KVM_SEV_LAUNCH_START command creates a new VM encryption key (VEK). The encryption key created with the command will be used for encrypting the bootstrap images (such as guest bios). Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- target/i386/sev.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 2 ++ 2 files changed, 88 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 8ee6159b2bfc..b867ffbc0eae 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -100,6 +100,17 @@ fw_error_to_str(int code) return sev_fw_errlist[code]; } +static void +sev_set_guest_state(SevState new_state) +{ + assert(new_state < SEV_STATE__MAX); + assert(sev_state); + + trace_kvm_sev_change_state(SevState_str(sev_state->state), + SevState_str(new_state)); + sev_state->state = new_state; +} + static void sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size) { @@ -400,6 +411,75 @@ sev_get_info(void) return info; } +static int +sev_read_file_base64(const char *filename, guchar **data, gsize *len) +{ + gsize sz; + gchar *base64; + GError *error = NULL; + + if (!g_file_get_contents(filename, &base64, &sz, &error)) { + error_report("failed to read '%s' (%s)", filename, error->message); + return -1; + } + + *data = g_base64_decode(base64, len); + return 0; +} + +static int +sev_launch_start(SEVState *s) +{ + gsize sz; + int ret = 1; + int fw_error; + QSevGuestInfo *sev = s->sev_info; + struct kvm_sev_launch_start *start; + guchar *session = NULL, *dh_cert = NULL; + + start = g_new0(struct kvm_sev_launch_start, 1); + + start->handle = object_property_get_int(OBJECT(sev), "handle", + &error_abort); + start->policy = object_property_get_int(OBJECT(sev), "policy", + &error_abort); + if (sev->session_file) { + if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) { + return 1; + } + start->session_uaddr = (unsigned long)session; + start->session_len = sz; + } + + if (sev->dh_cert_file) { + if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) { + return 1; + } + start->dh_uaddr = (unsigned long)dh_cert; + start->dh_len = sz; + } + + trace_kvm_sev_launch_start(start->policy, session, dh_cert); + ret = sev_ioctl(s->sev_fd, KVM_SEV_LAUNCH_START, start, &fw_error); + if (ret < 0) { + error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + return 1; + } + + object_property_set_int(OBJECT(sev), start->handle, "handle", + &error_abort); + sev_set_guest_state(SEV_STATE_LUPDATE); + s->handle = start->handle; + s->policy = start->policy; + + g_free(start); + g_free(session); + g_free(dh_cert); + + return 0; +} + void * sev_guest_init(const char *id) { @@ -473,6 +553,12 @@ sev_guest_init(const char *id) goto err; } + ret = sev_launch_start(s); + if (ret) { + error_report("%s: failed to create encryption context", __func__); + goto err; + } + ram_block_notifier_add(&sev_ram_notifier); return s; diff --git a/target/i386/trace-events b/target/i386/trace-events index ffa3d2250425..9402251e9991 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -10,3 +10,5 @@ kvm_x86_update_msi_routes(int num) "Updated %d MSI routes" kvm_sev_init(void) "" kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu" +kvm_sev_change_state(const char *old, const char *new) "%s -> %s" +kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p"