From patchwork Wed Feb 28 21:10:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10249853 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5A81A60211 for ; Wed, 28 Feb 2018 21:27:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 46A7028DBF for ; Wed, 28 Feb 2018 21:27:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3B24828DC2; Wed, 28 Feb 2018 21:27:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 7F87528DBF for ; Wed, 28 Feb 2018 21:27:14 +0000 (UTC) Received: from localhost ([::1]:47045 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1er9Fp-0007A2-Ob for patchwork-qemu-devel@patchwork.kernel.org; Wed, 28 Feb 2018 16:27:13 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53009) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1er90C-0001EV-DF for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1er908-0005b6-G0 for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:04 -0500 Received: from mail-dm3nam03on0070.outbound.protection.outlook.com ([104.47.41.70]:26918 helo=NAM03-DM3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1er908-0005aB-9I for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=K0rG+9OhEX2pAYXJhYpkvMIzreLnbL1Kngbvv5Wp/bM=; b=23opWp041J0Q9ookMGdgCYuRKexGO44hiuwGsjxueZ6ae6rfk3Rvpi6AB3l1o/ZowwEcPV+7wVIcrp6FhY4x8XuLFZhdLXD1QuUfsHZiOyRaY9nKZPonBlH6NVWBf8eOYUZyU7ryl5Ap/H0xM3FHUhHSiFH0TrDKqlrs0OGYAMc= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Wed, 28 Feb 2018 21:10:57 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Wed, 28 Feb 2018 15:10:07 -0600 Message-Id: <20180228211028.83970-8-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180228211028.83970-1-brijesh.singh@amd.com> References: <20180228211028.83970-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM5PR10CA0008.namprd10.prod.outlook.com (2603:10b6:4:2::18) To DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 57d1898e-108b-4b49-9bcf-08d57eefc386 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0155; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 3:YldRD06WEnL8WFcjANwzc2l8eDmQ46+kJespFIiYtF+zI3lGNxu6aq1iQPU8v+S2U/LYcaRjq6g3etts5qBUlOwpbmr+mykF5VoTd1dfy/kBuRCHV2CU6EB4l2WBZfJnWse2HZCYolR5c7Ktkz2N4+cS31lxERp9b346hwHJFfAxTfqRpJFhsg1GXtY2ZSEuXcS0DRFxAbPINmebIFeYZiZxwn3PQXukCpW4+i3Bq7u48MU8XjtyIsTh81HU8QZ+; 25:c/QItXtNxvirqFebnGgvHME1vrD/fZiIWDyQBxCP5j8a3e22UzUPFuTx/CpAQXNzDzrMVDidpiKgSCzyUWCAOObS7RjkyPQsrp159LH/CtMMCXH1vTfxF7VDa2MbZJLIhhQTuW2UQcn5EVCZ/qMkrzHQlAalsTElwUoxT+dDR3K4qu3fqSUabZn3vR0V4C9oi1/KriI5wBjz0tF6uPflaVtV+JLeSvSe22YtEqxnBpuRlXw1p1f72bkcS7BO3Cn15la7e0cnXq7orFSLp02KGsvHiVZiPkAXpQEyAkA5FRHPls5tyPNse/QrcP72yADyXne0T0uo0/kAkumJPboVZw==; 31:YUhgklIEYWM99X+qP7TNQNhUfe0ioKTmPbB4m3FtAI9s4bvIS25SwKtplbMy9wcv+AnQ6Em0wxZXWoSaDDKG8NKQJqP7SqpTp/6qWTPzwpSu9aet+7S4/Bs+VGar+qyGEs5xs5HdeLBPrI23U7Gj1xLASVbxko0Oy4Lw2rZnpUIiGRD0FOwOov05NLN5HukNCQZ2oBfqgeYLBXHpBPIPjekana2wEH0FgVX9VDRJSvo= X-MS-TrafficTypeDiagnostic: DM2PR12MB0155: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:TzPr8BrsGbamlgM3bZkoI8tcvqNurJaAXpA3f/MytHTADrj46Xy/lKvk1ZEKZJOnoOc+c1qvjCZ1/lLk3oMBFZ4FD8B7a7qKsmiXXQrtmPwAcBDMPODrbWC1QFXxt9sYbd+frQ1NmvNwj0NZrgtvd6Xb4gChOaUFpzh7FblIpt9fSO+AfwLCN+Ky5LtB69qiJ4qkjKT1Gl+IZax/dEwKQ9KzgLwf+cWe95KgdyQBhEMQIAiIAs/3pHypjkAt9zlqV7JYsZN4tZsJrdD4hBmffgY5dj0HuCGFkHfobZWqGZbosqJpMOz+POb+v5MF1DCO1YGfsgp5jNZ1T42h/Zf3AhAXKGI++zbpsgnMLM+AlDT/eQ4elhXR2KXSeBp50heIes/OSwWbxTnjCnjkWlw5okVdy5vMrRXYfrmejNm/DvETEQnCrvrxxjoLSoSeGaxE4XzeB3MGN3lZ93/1jNzt1u1bABO/9KM/YwziTYgDf++MYWv2dB48++/auNOd0Pyd; 4:imwPKTmzhDgBHFVZvYCM2JC9DmPf0irwC7SohpnCtGpG+4KG29n0GetTNFOUu9iTMHzJqIU5kfaFnHIZAo44eaqFnQKJu6+YdaICixpp3UokS4lXUrw3KmKx7l87BjAlmumnOS2aWSJTHM8O5JRvX7LDCOGpSa2i8LOunYYW39Ldpa1CAYoG/Au5rB9cEKE5Hv+fKC7I6qp/NHINXLuMT0NbOnAa1s29HP5cBIh8PBRqBDhPLx82h0xPlXAkanzMaDhny/UVb5OJRemOwKIyp/iLRuasZpmMui1QaKx8Y+5NXaZk1XuvbQGQUuWNLCRc X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3231220)(944501219)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041288)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM2PR12MB0155; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0155; X-Forefront-PRVS: 0597911EE1 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39860400002)(39380400002)(396003)(346002)(366004)(376002)(189003)(199004)(6486002)(6116002)(1076002)(2351001)(36756003)(16526019)(16586007)(54906003)(53416004)(26005)(53936002)(66066001)(186003)(47776003)(6306002)(59450400001)(2361001)(966005)(478600001)(8666007)(316002)(81166006)(50226002)(8676002)(8936002)(386003)(106356001)(97736004)(5660300001)(2950100002)(6666003)(305945005)(4326008)(76176011)(7736002)(39060400002)(1720100001)(8656006)(105586002)(68736007)(50466002)(7696005)(51416003)(25786009)(48376002)(52116002)(3846002)(2906002)(86362001)(81156014)(7416002)(6916009); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0155; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0155; 23:kWH8GWBl4TLPdJsuFNLccpNy/HHcZiFs4ZfOZHSA3?= =?us-ascii?Q?27e4SIoEvRPNoy+CiKOFCouOWxwL+/bgzUDnQmL4KtFlSIFtnQ2pva2+HAhF?= =?us-ascii?Q?sn7EjL/fDKX0KGjEiKnW477WFGojBiJTH3g0ZozP6sA4yVkAmY1AAfoc1kFu?= =?us-ascii?Q?Xe1guqJlfIoY5qv4K4c4dyiPEZZX9y6Vd8NkkHBKetdqiVahkT8e53bgkFsW?= =?us-ascii?Q?41a4DbvMqIFCKcg1BS5c52htAMVPnt96bysqzVNouTytBKqQzpEs9Bd4Ewoo?= =?us-ascii?Q?dwmtaqZsGbj23yEgXdK8gGV+yqgNavaT+cndIHWo7Xq9QShE/b/Ku051iVES?= =?us-ascii?Q?uMFURTbFT24LWQVqRkn3w2NNdQriz5Ri2zWdNprnkoFYj9w1j3wBCOiuP/z2?= =?us-ascii?Q?G4YN1T/WQP9cnxRIb4qgRf1tzw9n5OEFCOZN4FK6agh4SbWzrKU31elO+IBh?= =?us-ascii?Q?iNlEqpPt0UqsaEp2o6nppZb8T6/tBRH6cOi+F7V0Z+tdfCMRiVTy6r1E/W6G?= =?us-ascii?Q?DLXIOthNbAqbiUZcsSuSxLT3/cKLQRhEMgs+NtX5SafepVwNoeVTjigSRcaX?= =?us-ascii?Q?bFxFKto5gnDfScOGE/4/7wIvbPApYc+xqOaL7XZeri846Oi+bNfdfjRV7trg?= =?us-ascii?Q?6Iab3XD8mfVryPJwjuXNKBoBx3NUoS5NO3sRdfU7OWVH5O1aB89cNH/zlX6+?= =?us-ascii?Q?M2lr7iW771VkIEI9V3yeThODVxY+vRsHsV8Hp4tjP6nhLBJP9I/Do/TDPFz0?= =?us-ascii?Q?LsenNopaiWtisBu6biLkKW5gvxFQkuojaBJGlaMoZQ5+dRWapb363KaShpSm?= =?us-ascii?Q?otw2L2NsOm4jFgUKxRWjMdKPylMvqNpOaY/6CR3RpCOiCuDmyyo3aLajsvB0?= =?us-ascii?Q?ZkjvZuomnzstXSmHWoEKQbKazvMW5qsf+5CxSn0S7ijWiT36HJB4/bO1uOWX?= =?us-ascii?Q?k7/5OCGpviRb81D1bjzkZD9WQRq65UluAOdRB4vMpnuLEHUInNS+1kAYVEpc?= =?us-ascii?Q?4VbURE6CxtWtdu5hh7HgoNu9Efqt4E56rKhmcO99ovfFOjxGQhBDoLPXM/cO?= =?us-ascii?Q?UGqcvWdO5JzDDafnKuU8XurSh8iFrRHMQdXETbkX2Jye39F2FDN9kBAhR1zt?= =?us-ascii?Q?x1iieT8prrxsSEVNOg6wY7T2tq1CcTgi9+pnDDsygIs4DdTQcPgj4WP4+R2x?= =?us-ascii?Q?wIp1p1ByB9gHo+pR4NP4FxqqZ0iAxKWjKTf7jzEw5CbZDrPnB+uJ/P/GhVje?= =?us-ascii?Q?puqsWAkHHcLRYZZyZdHrqdb+KO17OCsTnyFEJ5txFod6awEQ3oXAXKuRxCBq?= =?us-ascii?Q?+CnJJBe78CUftR0/xNWx5av2UQVnbC3xsSFg3mo4ONl00wTrkMR1iZqynXFU?= =?us-ascii?Q?qLAWw=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 6:KqnmXjyb0XZWGPoVL90C8sSQHZBm89slr4LXk8Woo8qSabS+47uxHiLHiU06MqvDm++xgzfdWxHEZpTfuRwo1WW8TWkxO8YFv4Jl/4jxg1V5g5hiVti+XkQVajIPV6s7hj7i0GwzE+M5iwCqwrOyCnnlSBtei9WDS08k/Hb3oiuz8tMN8WZnQcD4qpn6G/mL6Mlu+KWk1+ZGqzt/vZmrOhvMMq8x+XvppNgi9xaEG6pw6Dw0+/Oe7BGHIwTGIl/qpwYxc1l/TYCO8535d0/wrt10aIApJltEHffUKCPgJ8PtrmKk7nR1uf+PEudL4zjn5dMG61eExHtb6oPuVUlSWrdj4v8HEkZgtc/s9yrBX+c=; 5:BxxGXrg/hK9vgDWRjklUZyzkzJw80gbuWT0u0fMaoA6j8mA+FIfLxgbTcNruK6RhEwPvDKG3YzQtv5GSI74ztBRsgV+yAex8IutcKBmHQA4lV728MS82JPS2Bfogk6+foC0SB/jX+K1HSTIlkFNTHfgisqO1Y5V9yhoSMUGkwZ0=; 24:8Di0oPSANfzczhn3voavVwNQ2J8l8hc/jTqQJ7XihPvOxHK9s8VKK42IUpikHhdlaY/6e50lQW5dgJq9HYYB9MkoxNkGMDfvySJ9hbn5WOs=; 7:TtODrObqb/B7QBehS/i+1IDGBe+EJzgrm9Q2crEGMWoVi9IZqGNbAujKaKnVoyguHgbRowmC7y7e8kUxmH8o8PWy8dzNTtvosyYrEotKpxzIo55qJXuHPS4mSpAPxVTp6Na2mNjrXEa+FIf61d/KKzdRo82E4K2gd3bhbSTTRf6UdRNa3Jwq3RtjxDaikQ7Pu6LkM/wDnFr2VlhwNhk2sdWZMUiuGQWBNTxXxNUyOFuSsFgZ6nGmn5YSruTZPqSt SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:Ah7Om4XRpkTCkWy1V6yZFAW3w46Xo6FrVFet7PsuUXSDnVjGQRN3KaSUUtkhLog8zfmyKKMxNNTR5EAl4d6bETDnM1xTyyD4E9cCFKI6dNSQ2UQKKlabDsTvlDN0UfEyf6+XnePASMuyKfl2bvmphtTXVVqAmICZ+tiVT4iVUXCGLnttNIIaLwswShtsl4TgG+/k5VTIzUZvbn19TnskJpgw1rt4+EVX7fNJcIVmAANDJYCm3mMKaeMtQG2J1kwu X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2018 21:10:57.8424 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 57d1898e-108b-4b49-9bcf-08d57eefc386 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.41.70 Subject: [Qemu-devel] [PATCH v10 07/28] docs: add AMD Secure Encrypted Virtualization (SEV) X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Create a documentation entry to describe the AMD Secure Encrypted Virtualization (SEV) feature. Cc: Paolo Bonzini Signed-off-by: Brijesh Singh --- docs/amd-memory-encryption.txt | 92 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 docs/amd-memory-encryption.txt diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt new file mode 100644 index 000000000000..72a92b6c6353 --- /dev/null +++ b/docs/amd-memory-encryption.txt @@ -0,0 +1,92 @@ +Secure Encrypted Virtualization (SEV) is a feature found on AMD processors. + +SEV is an extension to the AMD-V architecture which supports running encrypted +virtual machine (VMs) under the control of KVM. Encrypted VMs have their pages +(code and data) secured such that only the guest itself has access to the +unencrypted version. Each encrypted VM is associated with a unique encryption +key; if its data is accessed to a different entity using a different key the +encrypted guests data will be incorrectly decrypted, leading to unintelligible +data. + +The key management of this feature is handled by separate processor known as +AMD secure processor (AMD-SP) which is present in AMD SOCs. Firmware running +inside the AMD-SP provide commands to support common VM lifecycle. This +includes commands for launching, snapshotting, migrating and debugging the +encrypted guest. Those SEV command can be issued via KVM_MEMORY_ENCRYPT_OP +ioctls. + +Launching +--------- +Boot images (such as bios) must be encrypted before guest can be booted. +MEMORY_ENCRYPT_OP ioctl provides commands to encrypt the images :LAUNCH_START, +LAUNCH_UPDATE_DATA, LAUNCH_MEASURE and LAUNCH_FINISH. These four commands +together generate a fresh memory encryption key for the VM, encrypt the boot +images and provide a measurement than can be used as an attestation of the +successful launch. + +LAUNCH_START is called first to create a cryptographic launch context within +the firmware. To create this context, guest owner must provides guest policy, +its public Diffie-Hellman key (PDH) and session parameters. These inputs +should be treated as binary blob and must be passed as-is to the SEV firmware. + +The guest policy is passed as plaintext and hypervisor may able to read it +but should not modify it (any modification of the policy bits will result +in bad measurement). The guest policy is a 4-byte data structure containing +several flags that restricts what can be done on running SEV guest. +See KM Spec section 3 and 6.2 for more details. + +Guest owners provided DH certificate and session parameters will be used to +establish a cryptographic session with the guest owner to negotiate keys used +for the attestation. + +LAUNCH_UPDATE_DATA encrypts the memory region using the cryptographic context +created via LAUNCH_START command. If required, this command can be called +multiple times to encrypt different memory regions. The command also calculates +the measurement of the memory contents as it encrypts. + +LAUNCH_MEASURE command can be used to retrieve the measurement of encrypted +memory. This measurement is a signature of the memory contents that can be +sent to the guest owner as an attestation that the memory was encrypted +correctly by the firmware. The guest owner may wait to provide the guest +confidential information until it can verify the attestation measurement. +Since the guest owner knows the initial contents of the guest at boot, the +attestation measurement can be verified by comparing it to what the guest owner +expects. + +LAUNCH_FINISH command finalizes the guest launch and destroy's the cryptographic +context. + +See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the +complete flow chart. + +Debugging +----------- +Since memory contents of SEV guest is encrypted hence hypervisor access to the +guest memory will get a cipher text. If guest policy allows debugging, then +hypervisor can use DEBUG_DECRYPT and DEBUG_ENCRYPT commands access the guest +memory region for debug purposes. + +Snapshot/Restore +----------------- +TODO + +Live Migration +---------------- +TODO + +References +----------------- + +AMD Memory Encryption whitepaper: +http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf + +Secure Encrypted Virutualization Key Management: +[1] http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf + +KVM Forum slides: +http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf + +AMD64 Architecture Programmer's Manual: + http://support.amd.com/TechDocs/24593.pdf + SME is section 7.10 + SEV is section 15.34