From patchwork Wed Feb 28 21:10:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10249859 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6DA3360211 for ; Wed, 28 Feb 2018 21:29:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 597E628DCE for ; Wed, 28 Feb 2018 21:29:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4D24628DDD; Wed, 28 Feb 2018 21:29:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 58BF228DCE for ; Wed, 28 Feb 2018 21:29:26 +0000 (UTC) Received: from localhost ([::1]:47055 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1er9Hx-0000dI-4o for patchwork-qemu-devel@patchwork.kernel.org; Wed, 28 Feb 2018 16:29:25 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53100) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1er90E-0001GP-WA for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:11 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1er90A-0005ew-Ep for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:06 -0500 Received: from mail-dm3nam03on0049.outbound.protection.outlook.com ([104.47.41.49]:8130 helo=NAM03-DM3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1er90A-0005ck-2c for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=MWWfgMdlwBU0CV2YmlXe4JiTwLkJXSlg7ILLAqBIC3s=; b=SzVS2viZdax+mL3A+jcTg/pd4GKvR1HVZL8rDsQhwkmbuBvvErnaxAwUaLDQ4yKC1USr98lyoBFa4SrclMvHPpKTEtrgJW3DopAeCf/Mj7LOzd5JGHPSYK2FKWjr67klX5BjZIAds2DbELqPpZ4aArcoECq6Tdu++JB+GNugEuk= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Wed, 28 Feb 2018 21:10:58 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Wed, 28 Feb 2018 15:10:08 -0600 Message-Id: <20180228211028.83970-9-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180228211028.83970-1-brijesh.singh@amd.com> References: <20180228211028.83970-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM5PR10CA0008.namprd10.prod.outlook.com (2603:10b6:4:2::18) To DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 5ca106fe-9b2b-40ea-f536-08d57eefc442 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0155; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 3:ycnhHI+ieZTLXJN454V3rzXu2jPhwjQyJaCLrhTuyY+a50prZ49TnWtzV0GPv/1FcQwzaMRxzaLhY96dG1o9KcBiDr+mQ62F48nZ/2OrCnMdDGGY2NK+PxJ25owq3eRkYcVc8oZcUt0wgoP2IAISPYbmxFg5wTeRWp8nPErAwi8zoXKtDUqi84VciY2LJ9TlNC7zTX6OtUBXNMUmWTVDcg4prUoCX9j4uLdY7aKUnMoO8/joXDB3hyZ1qQpjiDi8; 25:cV7tyxXFj1N1Bixoqif83hd+dO3atnReNAGQeU9rxIaYl8BtkYaX2oJde0DLJJMTR8FPV6p6NY+WsuUQ4qOFFtW7NHBAXfrO6kOULt+sni9TeZGt6bicoWbKSit8jd5xSrUxpbAF0bNceX4XH5IjXcPHhVF+wW5UFSEFnMnQpZBp5HPu+Bt3jVJbiixqif8xi61McojfvfityZrJliZ5/Ga3pR2/njynLJoOX6Um1fEyoMhyPBeyRtcdMYZlyQVXr1iQtQp/2bh1B6fQ7YUaB9ERaj6wr7Wo5QbZT0Pg0hTdQFtOX+bLnvo2mSrW9tZ6cG57Wne5DSpkoCKpqNCwwA==; 31:7YOceQakGkytxii3Os2pxWq2HWcFjcJFC1IwnF8y0zP74DmySwK3VtgyOSdpfwgdViNeN6HbBxmpbOgojo0TeHILWE/VlEBEb0scVb/bndfj5PzTSXtRYrTqc6LbcLksJhmhnQJX+AkQuBPf9b2Os9LUheOUNS4hPCRslSEAMW3WrggiWu51oFuV51Vd57ZTJY36+B8o/i64xbODsEQbjKygTrg0q3OfUO2HBxzHEKc= X-MS-TrafficTypeDiagnostic: DM2PR12MB0155: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:NRhEvsD/iV1WUyXC8JOBiJCgEmOAwPVyMoNyQOth2U1ertjpr4xi7jncSjM9ger/3167fOgE/8poYkieFfKIrUTgD1RgxtHaH3BzuQiS1uEdjj3pcdahoIL2KZtYnZmJOizy8rKMR3YA6co9zLX5u6w/hwjJ47rej4n9iJB27pyXeiJqcDNJBfOqF0BgF4G2T2pXIxVLjuyxUmynEMNPenUS1H4OemXPFnGXz6Q2KuZ6BP+HGKFsNEpQGd0LuE4ks2s4K0kRmvikqtP312Z9vGLYbmZTUxlgyWxyIxXVBAlda/mTvQ9qKbbDsoFCCdr5q3Bn85S41SdpUORHkUG57J0xOZPq1YvF9hs5pdgttqhUhKrmfZV3BLjaFtgMxoGPJbW7Zq/gUMTSnlnD2PsIAndIFGZmASkSPxclwQEUbzAkSef+uq4uNHdQwh+5OP9J1uKOiaGzEKfWuyOHWzgvtWseacZjQsCb9roC/bUT2m26xGTY/OdZ01TJDzGTpmhO; 4:+clUKoc6oLYWERqdUEoTyPhbriAvNwfd+Z98ks9rlLpd6c8z6xT39KFxVQD+d3+GNORMIQ8RjExP941AcYCmd2onP62TU0BbFRmVolrl0mtHNGvil0XxNBc5AVvkP0ZMjLuwYrvGPMgK704on+xCGh6nBLsxJ4iNMMA52aNUhkT/mnHfp5GNrPPeQ6M/E3oseO+Cej/jfCrDHM9RN1ajs+1wpQDk9+GHsPe4E3dBMpJmVFIjeY/maeU2zBYuGCw8S7JW4eETT2gRxnBuLtvGZtRdyarKa2wJAhwFqGFKLPlxS7cTSacrhDk0BrqPxu/Cm5LaquW8qPfAZmqztrSqgg== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110)(17755550239193); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3231220)(944501219)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041288)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM2PR12MB0155; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0155; X-Forefront-PRVS: 0597911EE1 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39860400002)(39380400002)(396003)(346002)(366004)(376002)(189003)(199004)(6486002)(6116002)(1076002)(2351001)(36756003)(16526019)(16586007)(54906003)(53416004)(26005)(53936002)(66066001)(186003)(47776003)(59450400001)(2361001)(478600001)(8666007)(316002)(81166006)(50226002)(8676002)(8936002)(386003)(106356001)(97736004)(5660300001)(2950100002)(6666003)(305945005)(4326008)(76176011)(7736002)(39060400002)(8656006)(105586002)(68736007)(50466002)(7696005)(51416003)(25786009)(48376002)(52116002)(3846002)(2906002)(86362001)(81156014)(7416002)(6916009); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0155; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0155; 23:+IhUmh+UNyjBTE9nnzOwBJ9RHb4Kx57oJ/OqsT9+N?= =?us-ascii?Q?KdXJvZNXUZzDNoJp7D9fsIO3+M6kML2h1wz9cyBq42p5wB5nMeBnzK5Xy8G6?= =?us-ascii?Q?Qt08lr/SkykgfAOyy9WQnkqgYG+8fL1RGh9+eG0nA/j7tNwjjVkosAPqFGgq?= =?us-ascii?Q?WHJ78DD6IQ2kGQ7pXGY7zqE9fCW00n/xqKmNttr7PAedkG1a3URbYbku3NQW?= =?us-ascii?Q?HBv2OOiVqKbz6BlffpwIb4g5+YLpG2Zp6drSL/9N5ef9/4/SDPpXD24HnH2C?= =?us-ascii?Q?7MVzbOx4mO9ypPlxBx9Ri1B2kO7T+okV/YZdlgMWhwnDmEuWVH2+zSDLcoyQ?= =?us-ascii?Q?Syo0UqkyBJG3SuTG/ztWgUTvJnb6P/z8d4oz12SmLF5BdOvbgR6xfngwOb7C?= =?us-ascii?Q?T1rWDo36ebDHC5n/1shck3PMNq62ZQOuj8O0tYS/CwDivjSLTI0zT0F/F8xC?= =?us-ascii?Q?QUZ+Q+zIGiZqj/PxkWhIT1M6tBALRZmsEeAnH9A3cJGBmvlwuud+rwQ2IFWA?= =?us-ascii?Q?ogBONMPMSqHsj6/3xqXTwR2J/EE+yUBmgHIyt86t8FTTLTSoNkttzQPf8TDi?= =?us-ascii?Q?YvuAzrWuhkZHGkRuTpl2WegOL4qpY+6ty/xy++MCActio4+sO74uSTDwez0k?= =?us-ascii?Q?APB6S6EbO9R63qv7Vzf4pKqv7SwbM6QyqO1BhIa1q7PPhYbfzF1WKwBHEFPe?= =?us-ascii?Q?osmgXwVxycpR6BvyfQb25XslbqRZf+pWuvTcFpyiPdywELy4sMsQAtUroYPG?= =?us-ascii?Q?RiYMMhH5lwsP9Dgjc2gea1YOkK5rqlo21w5MCmSuyJVPKXsr12crHLzEgYYh?= =?us-ascii?Q?U2x0G6oroe0VbQGtFHVYWR5EeUhoeZ78fd3utuGbFS6//siyII9a7koMPdNm?= =?us-ascii?Q?eR+hjfE50CUoxOVCnM+iHRjAq4TJQkNVNtPngu/WK7+v2I4GfPBPBpL0gPmQ?= =?us-ascii?Q?U24tNAt+fks2mYOSHg4K/7r6rr9h3x6TpcTNpVo6SEO6OMQri1jDgcjzzN2L?= =?us-ascii?Q?B0SPiSgyDvmkq4qJfezI1eOIsWcut+qDvOx38MxQpHUuLwAK71YBlV3TA/zb?= =?us-ascii?Q?NS2Aj8ypVG4W39QIS67lOCG2x3RjZu/8xi2o+eA13UwTgxTtgfRVVY9yFm7K?= =?us-ascii?Q?o0Ck4Et1bqL0J9U92I50iwpgC+tZwSgJZRkku9BHER7TRLJYhH7oPjsIp30y?= =?us-ascii?Q?/26INU8GuKlfFTH7eK/28Ikz+ARCQA+1ibA4U+90I2DG0hL9O8+9Kzx2kxRI?= =?us-ascii?Q?lMm8/P/2By6D12mNCmMuhOfP+SB6al6sNvfeiwsSlZlgVlKlQdySfRTuO37U?= =?us-ascii?B?QT09?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 6:3CZjLTy6viTPu2iUoaW4sjrFrt1UmxYnOV38oCerDl0u2nhmw3czBg9F0GSVu741u27e9GvJTRIAYZ8W4FHU/pP6MDfNT8nYdnFGnMuSrY7sxQj8s7dm7ntItxR19HgT/B6h94BM1JyP0CDnz5Wj4uOagUaRWM/q2Nabm4wz5r19RV/D2ZIr42a5k9g50Modfb3jyr7EoNFQ1ujYRSo1jvEwGGVX3toqd6bhjeK9QS+dwZxGYoqD9fE4SarmWBsIVPcPIWhfWtJjK2I+5gGSqv0HIztDf0t94cA6z+AyHjDqBhE2eb1eXJTzp5rBk4OwMqfsH6OErp9QRa6pPZ/sgxj4CSDVdYZuRDOEPV9Rq4k=; 5:6Y5tQRcNHid0cvXwNbvK7oeZAilzDRp3Uh98wbCtACRDKQC0Q7HoznPn5hGSmn865nCihXC4jyLaV9IZACDqWO3qVC76UCFKcZjtWX4wrRSfnwUbbjMpw9MVOK+PfEYZyLbB8yfFR0kz3HgMRR4kkLAbvvflePY69IgLYiZUlyk=; 24:yPsqCWbx9Vpi0VO2Df0PUXaUW/lxKmhErai7c3b5fl36ckRVnnFHv5iVpT7a6xLVH1Xay9VIa5gH2g4VI3InBQZttSTkW4dnPiPu3XKwiSk=; 7:NOOpEQqU6nuyUeaDx/vjXVR4qs5q48yucWZJexngdgAz4Qicbu0w7BIZ5bMgysNDTwM8Vxg5KwtQj0D8hoHORQ12gVX4ErD3Dn6+s+aav28snWMTljNalGHZWbXSvgPx4M+X2Ctr7btuFn27ifdiJfXA1hOSiPlmDroSJQY/S792c9x+FnGMY1ffv3fBuqhuiM0X/4ZHeLX5VF9NrMcNpfswWzrbHC4cxqzQdTrv8f+vpj5yhPLeIokLwgxF+KUO SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:CCkRcGtrKZfryK5pxVj6pt/BRG60suZTW4SENO/+riQqgUFIm69NSo7SNOwietkkIx+MtAj55XFELWZHX5SeHSfJIAwAK8jR8sh3rm3mm5v1y7kgLJRInMz1+8Zf15sRrlS1/c1faRsYduEtWTfw8Y8zXn3jmlSJo+mbadzpL/gqZecK/DVs18um5+F5i0uDEfZu4LiEB165lPUPs4jnj+NMzaMj9CMdzqvu66Dea/mjcWrziGefqURbeZ/da85n X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2018 21:10:58.7643 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5ca106fe-9b2b-40ea-f536-08d57eefc442 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.41.49 Subject: [Qemu-devel] [PATCH v10 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Add a new memory encryption object 'sev-guest'. The object will be used to create enrypted VMs on AMD EPYC CPU. The object provides the properties to pass guest owner's public Diffie-hellman key, guest policy and session information required to create the memory encryption context within the SEV firmware. e.g to launch SEV guest # $QEMU \ -object sev-guest,id=sev0 \ -machine ....,memory-encryption=sev0 Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- docs/amd-memory-encryption.txt | 17 +++ qemu-options.hx | 44 ++++++++ target/i386/Makefile.objs | 2 +- target/i386/sev.c | 228 +++++++++++++++++++++++++++++++++++++++++ target/i386/sev_i386.h | 61 +++++++++++ 5 files changed, 351 insertions(+), 1 deletion(-) create mode 100644 target/i386/sev.c create mode 100644 target/i386/sev_i386.h diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt index 72a92b6c6353..8711da9ed598 100644 --- a/docs/amd-memory-encryption.txt +++ b/docs/amd-memory-encryption.txt @@ -35,10 +35,21 @@ in bad measurement). The guest policy is a 4-byte data structure containing several flags that restricts what can be done on running SEV guest. See KM Spec section 3 and 6.2 for more details. +The guest policy can be provided via the 'policy' property (see below) + +# ${QEMU} \ + sev-guest,id=sev0,policy=0x1...\ + Guest owners provided DH certificate and session parameters will be used to establish a cryptographic session with the guest owner to negotiate keys used for the attestation. +The DH certificate and session blob can be provided via 'dh-cert-file' and +'session-file' property (see below + +# ${QEMU} \ + sev-guest,id=sev0,dh-cert-file=,session-file= + LAUNCH_UPDATE_DATA encrypts the memory region using the cryptographic context created via LAUNCH_START command. If required, this command can be called multiple times to encrypt different memory regions. The command also calculates @@ -59,6 +70,12 @@ context. See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the complete flow chart. +To launch a SEV guest + +# ${QEMU} \ + -machine ...,memory-encryption=sev0 \ + -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5 + Debugging ----------- Since memory contents of SEV guest is encrypted hence hypervisor access to the diff --git a/qemu-options.hx b/qemu-options.hx index a6648ca073f2..f961b62bcbb2 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4313,6 +4313,50 @@ contents of @code{iv.b64} to the second secret data=$SECRET,iv=$( + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qom/object_interfaces.h" +#include "qemu/base64.h" +#include "sysemu/kvm.h" +#include "sev_i386.h" +#include "sysemu/sysemu.h" + +#define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ +#define DEFAULT_SEV_DEVICE "/dev/sev" + +static void +qsev_guest_finalize(Object *obj) +{ +} + +static char * +qsev_guest_get_session_file(Object *obj, Error **errp) +{ + QSevGuestInfo *s = QSEV_GUEST_INFO(obj); + + return s->session_file ? g_strdup(s->session_file) : NULL; +} + +static void +qsev_guest_set_session_file(Object *obj, const char *value, Error **errp) +{ + QSevGuestInfo *s = QSEV_GUEST_INFO(obj); + + s->session_file = g_strdup(value); +} + +static char * +qsev_guest_get_dh_cert_file(Object *obj, Error **errp) +{ + QSevGuestInfo *s = QSEV_GUEST_INFO(obj); + + return g_strdup(s->dh_cert_file); +} + +static void +qsev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp) +{ + QSevGuestInfo *s = QSEV_GUEST_INFO(obj); + + s->dh_cert_file = g_strdup(value); +} + +static char * +qsev_guest_get_sev_device(Object *obj, Error **errp) +{ + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + + return g_strdup(sev->sev_device); +} + +static void +qsev_guest_set_sev_device(Object *obj, const char *value, Error **errp) +{ + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + + sev->sev_device = g_strdup(value); +} + +static void +qsev_guest_class_init(ObjectClass *oc, void *data) +{ + object_class_property_add_str(oc, "sev-device", + qsev_guest_get_sev_device, + qsev_guest_set_sev_device, + NULL); + object_class_property_set_description(oc, "sev-device", + "SEV device to use", NULL); + object_class_property_add_str(oc, "dh-cert-file", + qsev_guest_get_dh_cert_file, + qsev_guest_set_dh_cert_file, + NULL); + object_class_property_set_description(oc, "dh-cert-file", + "guest owners DH certificate (encoded with base64)", NULL); + object_class_property_add_str(oc, "session-file", + qsev_guest_get_session_file, + qsev_guest_set_session_file, + NULL); + object_class_property_set_description(oc, "session-file", + "guest owners session parameters (encoded with base64)", NULL); +} + +static void +qsev_guest_set_handle(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + uint32_t value; + + visit_type_uint32(v, name, &value, errp); + sev->handle = value; +} + +static void +qsev_guest_set_policy(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + uint32_t value; + + visit_type_uint32(v, name, &value, errp); + sev->policy = value; +} + +static void +qsev_guest_set_cbitpos(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + uint32_t value; + + visit_type_uint32(v, name, &value, errp); + sev->cbitpos = value; +} + +static void +qsev_guest_set_reduced_phys_bits(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + uint32_t value; + + visit_type_uint32(v, name, &value, errp); + sev->reduced_phys_bits = value; +} + +static void +qsev_guest_get_policy(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint32_t value; + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + + value = sev->policy; + visit_type_uint32(v, name, &value, errp); +} + +static void +qsev_guest_get_handle(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint32_t value; + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + + value = sev->handle; + visit_type_uint32(v, name, &value, errp); +} + +static void +qsev_guest_get_cbitpos(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint32_t value; + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + + value = sev->cbitpos; + visit_type_uint32(v, name, &value, errp); +} + +static void +qsev_guest_get_reduced_phys_bits(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint32_t value; + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + + value = sev->reduced_phys_bits; + visit_type_uint32(v, name, &value, errp); +} + +static void +qsev_guest_init(Object *obj) +{ + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + + sev->sev_device = g_strdup(DEFAULT_SEV_DEVICE); + sev->policy = DEFAULT_GUEST_POLICY; + object_property_add(obj, "policy", "uint32", qsev_guest_get_policy, + qsev_guest_set_policy, NULL, NULL, NULL); + object_property_add(obj, "handle", "uint32", qsev_guest_get_handle, + qsev_guest_set_handle, NULL, NULL, NULL); + object_property_add(obj, "cbitpos", "uint32", qsev_guest_get_cbitpos, + qsev_guest_set_cbitpos, NULL, NULL, NULL); + object_property_add(obj, "reduced-phys-bits", "uint32", + qsev_guest_get_reduced_phys_bits, + qsev_guest_set_reduced_phys_bits, NULL, NULL, NULL); +} + +/* sev guest info */ +static const TypeInfo qsev_guest_info = { + .parent = TYPE_OBJECT, + .name = TYPE_QSEV_GUEST_INFO, + .instance_size = sizeof(QSevGuestInfo), + .instance_finalize = qsev_guest_finalize, + .class_size = sizeof(QSevGuestInfoClass), + .class_init = qsev_guest_class_init, + .instance_init = qsev_guest_init, + .interfaces = (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { } + } +}; + +static void +sev_register_types(void) +{ + type_register_static(&qsev_guest_info); +} + +type_init(sev_register_types); diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h new file mode 100644 index 000000000000..caf879c3b874 --- /dev/null +++ b/target/i386/sev_i386.h @@ -0,0 +1,61 @@ +/* + * QEMU Secure Encrypted Virutualization (SEV) support + * + * Copyright: Advanced Micro Devices, 2016-2018 + * + * Authors: + * Brijesh Singh + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + */ + +#ifndef QEMU_SEV_I386_H +#define QEMU_SEV_I386_H + +#include "qom/object.h" +#include "qapi/error.h" +#include "sysemu/kvm.h" +#include "qemu/error-report.h" + +#define SEV_POLICY_NODBG 0x1 +#define SEV_POLICY_NOKS 0x2 +#define SEV_POLICY_ES 0x4 +#define SEV_POLICY_NOSEND 0x8 +#define SEV_POLICY_DOMAIN 0x10 +#define SEV_POLICY_SEV 0x20 + +#define TYPE_QSEV_GUEST_INFO "sev-guest" +#define QSEV_GUEST_INFO(obj) \ + OBJECT_CHECK(QSevGuestInfo, (obj), TYPE_QSEV_GUEST_INFO) + +typedef struct QSevGuestInfo QSevGuestInfo; +typedef struct QSevGuestInfoClass QSevGuestInfoClass; + +/** + * QSevGuestInfo: + * + * The QSevGuestInfo object is used for creating a SEV guest. + * + * # $QEMU \ + * -object sev-guest,id=sev0 \ + * -machine ...,memory-encryption=sev0 + */ +struct QSevGuestInfo { + Object parent_obj; + + char *sev_device; + uint32_t policy; + uint32_t handle; + char *dh_cert_file; + char *session_file; + uint32_t cbitpos; + uint32_t reduced_phys_bits; +}; + +struct QSevGuestInfoClass { + ObjectClass parent_class; +}; + +#endif