From patchwork Wed Mar 7 16:50:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10264503 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 85E0D602C8 for ; Wed, 7 Mar 2018 17:02:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7318F29719 for ; Wed, 7 Mar 2018 17:02:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 67C8D29729; Wed, 7 Mar 2018 17:02:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D9A3B29719 for ; Wed, 7 Mar 2018 17:02:10 +0000 (UTC) Received: from localhost ([::1]:34393 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etcSA-0005kq-3F for patchwork-qemu-devel@patchwork.kernel.org; Wed, 07 Mar 2018 12:02:10 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50387) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etcHk-0004oB-Mu for qemu-devel@nongnu.org; Wed, 07 Mar 2018 11:51:25 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1etcHg-0008Lf-OP for qemu-devel@nongnu.org; Wed, 07 Mar 2018 11:51:24 -0500 Received: from mail-bl2nam02on0087.outbound.protection.outlook.com ([104.47.38.87]:26318 helo=NAM02-BL2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1etcHg-0008Ko-Hd for qemu-devel@nongnu.org; Wed, 07 Mar 2018 11:51:20 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=QttApNJBDSLE6tOyhQF0qOnOzCBUhvT7OYtYLLZ/VP0=; b=M8giJWkxLNfTM3KiejJ6YqAZbTXKvJvAoZhvohn3+SJVKGqiIHvKsb6D3tJAV4iIcEyqva1StEEeGok5YtKjJieS2UbGHbU3ihXkK6urgaohc8mSJ70HHtHfmKNrdGQNzIW9qnSphSdPsnHT1BF3ncojP2htFO89MAvaIqy7XI4= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0158.namprd12.prod.outlook.com (2a01:111:e400:5144::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Wed, 7 Mar 2018 16:51:15 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Wed, 7 Mar 2018 10:50:25 -0600 Message-Id: <20180307165038.88640-16-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180307165038.88640-1-brijesh.singh@amd.com> References: <20180307165038.88640-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0095.namprd05.prod.outlook.com (2603:10b6:803:22::33) To SN1PR12MB0158.namprd12.prod.outlook.com (2a01:111:e400:5144::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 24d81d96-5984-4deb-fdc2-08d5844ba4eb X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:3/YXXQcPUIEnyPcrN6CqPrZIFbF2TmPJNCS81E4+xqRDNC3jwDbt0NFbkJMcnTgLyQhuf3Cd79ln1Kg+eagB8YTMKVi/ibuAXF5LLoM2JT9WCixJmoNPTTz0dn9DjviksstB0QMNK/k5DFMpBco5Ze6OZo2jkwG3w6J4Ect9rp/ARcTs1LstwX+rZvdCTmsEwfZPDjQ2lU2X2tGM1ksiW0S+fTVd6f2tGAip4r+Vp8W6RyyEDJAV9MQPOf+Wi3pB; 25:zlbCuc8JbH3OdJN7JRFt09njesVDb36ZeHxpn9d5Zhcr9g6QDN1NpF1ZprS/nTbOp4tYrovq0mRmJ2K+k+Bs4T9TbYx9+7s5K73GEVOHA9sF4z+ckSDKkJz8hCv6jCuweV4FRjkhJgMM6OqBRD+8tS5hYLLBjaibxdKnGWu+7VZ/Bm6y1u3jliizDRxMRqei4UJ6uNLCIFXqrfj/c3yN1o779SdIlNsgKc4LoX9N4J6SJwztVBFirh+2CeUDQo88wPwzo1TCzFRli2znTiLe2kt7HjzJjE9uapEwd8+RwO2YEueG/4Qev0KUJyy0HpXb47VlnTSlwvTQdJ1Spkzadg==; 31:e5spF5YAl7Qn/LDHaMGJTliAmg+xtsP3aVQ6kctqRjxAJOtHNBcQSniExKzwBKHpjalRu4xiPOO6kSENU7/ts4tCRhonXy6Y+e5+QuM6lenDlVLcVHfJWvXDe/C9+rfnY9Gd0Jm2SeQY4Ba8VJ6yr5+j/maXlbCYnUij76s07R7SFB7YVD6iw1Z9255I4Yb1VSmoVNpOzUSkpoM53UV8bj02L3+Ih3tj+0kCOMuniuU= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:qvL7sGY/2xmbCyeBGDqZ7byuR33Wh0xRO6FvVwf65pxOlXUZVtrM7knK0H47AFZRTd/IIeNbkLwhglAqJXfAEYSnMdKpt5eMhlOd9ZRJcCRy/H9gvK9uWzJP3es7soAuzWrov3o8RnDalwHby3ZNUOzY+iPbvQi2/gvN9JOil2xR4va5Ycb/lmPP8y8LcdoapRJEaGc8FApIOB9Nzh+WFaStcXJ+DzUqpwaNS6exp1bvHT4jbGSQj69iXs9TqIjeNJ456BAYdZD1tJmx0TFIsAEJxWF6k+48ygNpuhw7t08NG7yuWvabIrKG8AEn64XAZ5WWFI9wAg7bONZIX8U3JSeQSxwnkfG4iwpa4Ruqmer5oiVfTttVbFuCsqWy9SekJv6y3P3SX+k9pr1CR1ggKZNqpP0FjMJxMwZEsuQamibko4ekINI3YxzyF4u2GWpfFn1OnGmhm2qmfTGRnmHnERN8elk3g7QV9i3oh9qHv7mGJ/GdFmhVyyClionl0r1o; 4:Oe7AJeUVXayHQo5j2BW1m9wt1eErWPyBgzh/tHI/FeJ6cFqrm4j1435t+S661PB/P7p24RsCr9Tc+q9G0a0FJKFrfCK1VOiJy6aY9KdC7eSVTYwlAGdTa6dIaXrWUlylU5H1ajoJ3xjRaVO0x/65AmfZndSv9N9Pw94wuMD877pd/wW+oCfrw8nrhgEf91l/RBLzV21pAaQKXj0POo5iIXG8/TDS8f+hfdEt7OQN3+1O+ClR8szmObfaXvTmsIXYesUZJU2P4ipk5/wbd++lhfky8NffQKl5rVN3EurK+Ps7fVei8rnn1TNvyXAPefX1 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(3002001)(6055026)(6041288)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(6072148)(201708071742011); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB0158; X-Forefront-PRVS: 0604AFA86B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39380400002)(39860400002)(376002)(346002)(396003)(366004)(189003)(199004)(53936002)(8666007)(2950100002)(6486002)(6666003)(6916009)(53416004)(3846002)(1076002)(6116002)(4326008)(54906003)(8656006)(2906002)(25786009)(59450400001)(386003)(68736007)(478600001)(48376002)(50466002)(105586002)(2361001)(2351001)(575784001)(86362001)(66066001)(106356001)(47776003)(186003)(16526019)(51416003)(76176011)(52116002)(7696005)(26005)(16586007)(316002)(50226002)(8936002)(8676002)(81156014)(81166006)(36756003)(7416002)(97736004)(305945005)(7736002)(39060400002)(5660300001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158; 23:Ytz7HtdGZkP6flZJSj/0M7F16e1Tu9wEkU5jO6B0C?= =?us-ascii?Q?N20y5F6OLo3O97F7tD0wC8VICG20LU7c/ZiN3nXeHDdEqXUN0Eemg1Crx9bh?= =?us-ascii?Q?SoUKzwTdAfvNgck/y7YUhwe1KWN8D8Dtck4lZz1ebirk4nTeQlRAuc9HpaER?= =?us-ascii?Q?Z/s0sYa75VOLR0vpYpkkqQxd0M8rQdzCQFMbXX6kByYYPqBgTeTup+Ycp29Q?= =?us-ascii?Q?pIuZN8d2L/pOW1Cu0+nsd5QbvYXfpAd9JhZxiOEdeKqE6P5RNWRx3pA09y5G?= =?us-ascii?Q?4aOW0OA2LWE+EavB/4c9D+1RjYzW4i9bYkY1S5pnNn2aVL6s0ekXHgTbjUYs?= =?us-ascii?Q?k6qgxJBUS3zxlveuKgqPyqsuTjHmW4oAhLsNB9nGF0Bum0KKJxhHkHF53ZJv?= =?us-ascii?Q?eL+nDlpuAdMh+9d/GeN6Mv6Y7V14LNvKkbsDIo4l7xRA/bkx/v8XVLMLxLFh?= =?us-ascii?Q?M3/A3nNH8spIxttzcrddlDZn58dwyZtR2VOCLpHwxuMuhiGTr3J6X+HfICYJ?= =?us-ascii?Q?xyrpo9Q4P4Uaoe91NqCzMSp7lR16a3GjutLmh3tqTcL7htXxx9+AmKRU5IZa?= =?us-ascii?Q?XWpNAtj0hV7jf7/5a3inpCYWrAmaZOLLXV3OSPDT87Kvvt5kk2FDL1jaHpdU?= =?us-ascii?Q?ZjicXSfZ4TdPW3ot2HuvReUvGTMrx3DwI/eM+vG9h/m2ugymofJkbOH8lo25?= =?us-ascii?Q?Nqp/5KLOqkcEYTkXPIsT6kwucqtQXE3E0JXvrNvy2C+tMeL5hZJ5zSKicO72?= =?us-ascii?Q?f31fbqvUHdMuPaEv4K/WGIK1JR6EuvTwaM8BE6PHoqQfmYcFCRJww8PwHVbi?= =?us-ascii?Q?xTOh6cS8VN09Ly40xL7+zUcsJJWF1WICTrHR7tbHnUiwlTJ1m5IBYTyo+O4X?= =?us-ascii?Q?5HSxTTisEu4p/10LGRpozvR2wm+wkoyPijipg6CsVa/r/a+rR0EwhXkyn+E4?= =?us-ascii?Q?ZSFHJtX7nUN7nwyhSmkYtaxXE4UblXSdn3156mWEQjdbCtkL4tGTZSREd0hU?= =?us-ascii?Q?MVwPFgadqd0/C74OSquzcnIV69BJH2tQCellmfrDPHk5KxErhkIE9oKvoPK8?= =?us-ascii?Q?ISr61H2zE18TjM507IUpQpQMtdC2P7MbNDyLFjJdGi3oousbLu1ZWmPEG91d?= =?us-ascii?Q?2yhTcswn9kDdrlBMhLdFOOvZSBbzVbhFP6XLgbsyPHGhNvv18HhhZZWbIs5B?= =?us-ascii?Q?d3JFKJPbFvR7rWHl1fpSGazvH058dT3TuXOsFSATX4WuRCav0PBaNbMnOE9p?= =?us-ascii?Q?890FmQf73cvXB0v5LhTwyqFEWx+uUU+oVSGQ7NZ4G6Li8Zl/tdIDpfHibOUQ?= =?us-ascii?Q?4bEQf2j0tdJRsGmNGqcfK33yoQ16TW33sJdtGt14oQU?= X-Microsoft-Antispam-Message-Info: IXFdm1/XXG8b259qktIwGw1+E5eq6EP913BduowEisyDM0LYXI0b26pk7C0agzBsA65izvY0Q3c68q/NxY0XMdSIqsYmWTT5gZN04mFNBFapYvZ4aW1/3oEGYdI/Mce91rFQxg7Ycdeoj9aRnu2R7l4ketdclytwmAXGABOwAXLMbR+ksTww8Kkn9zoQjnta X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:senszIcjxJFsD5Q1iznSbU+4S2HrjAsO+3Us6k66iJb4DaVhcBt8+vhY6G2Fg4s2m8UfIAEjsVHrOb011WNxsQaS+5p3Heys4XSxc3r7Vv7x1pPqPnPGAUecVo++urlWRs1VnaFTnpeZ018dH49uyB8YhiFnDsk6t3+X8WPMC+n+Z2E4yncjNElRvD7bPEnb68c7UTioj1qkLwg1Tf6drFtLAJ6kiRemGaBb/Kh4fouMW5zbSGT2YIeHwVQRYKJgkt9DxFB5CAMnwLI4xka71xOWNkXch1gWxogg2igeoAWIwYzLkHT1/7Sl0cfEjed7cl+eYaYHGhLAQ/7ah7UshyU79TB1jlo3QAwasIOqoXc=; 5:ps8BSnASahTytrarGtM8fBXRj2q9CZ1y5c9ye74WMXxoiLgxDxApZ1C7gEDde/2i0Jne9uYehyeBJsMIFqW9IPUzL909lu8mS/Kfv70qf3G7MsBPZ8kGm+qULj0Gd0moGTxsoHIkhA/Vb3v3QBqJCATulzUGUdYVituOQUx1gPk=; 24:s3V37BVE7fnBjqYYyoCieyqrphyMB/h821gsHl8NBir+e4W8f3jbcp3Wiux2PduXyUUMIFzKhHmLvk5z1zKCoRSN9XXXL/h6gY+xk/jXh9c=; 7:1xz5bMauBz2kffEhItRFRE6PDZDCXbjmk9uXli/L8CAhqVCTJk4JuzCL0NUF0XPt57DKc32tEJnhXJSWbKI9i9qkVAsn8OPf71rBO9RQobrnSJ9fwYinqRSnRecb3cYGF/iWdlcj0kb8/fHITmst6DNz1Yhw7Z6VpExbJyZvaTav6ofk0fAwZCr0nKks6uSJVacx3pap2M1u5Mqso9GvW1Q4DhLwUPgjJzr4CQmNHPGS9/1iE1SRQiVvCcRPzndK SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:vJPuqwvxQWyHRzmtx1iRehSLz21kI3NlU+TmbepJfx6FYVhdzJXGOZwjOw4Ewn5q2bNGUUmXMDvPJF4I0YGcc2em7zbacefvnnzCA9hAIx5xdoZ+I2b2tDnbnswsljASbHGcVsGxAxNpBM3Lnd0VVQIo0+9tbenZyDcQdtWgZDIB9uNRRwkp6Hz5rVJqDCpUc1rqf05QKi+pIp7pMxdffi2MHKFROtnKhYVXGZSLNecWMigvzhSkVE+tlPzVjFJU X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Mar 2018 16:51:15.5886 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 24d81d96-5984-4deb-fdc2-08d5844ba4eb X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.38.87 Subject: [Qemu-devel] [PATCH v11 15/28] sev/i386: add command to create launch memory encryption context X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The KVM_SEV_LAUNCH_START command creates a new VM encryption key (VEK). The encryption key created with the command will be used for encrypting the bootstrap images (such as guest bios). Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- target/i386/sev.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 2 ++ 2 files changed, 88 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index a17b0c525f9b..1c8fcf32df93 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -100,6 +100,17 @@ fw_error_to_str(int code) return sev_fw_errlist[code]; } +static void +sev_set_guest_state(SevState new_state) +{ + assert(new_state < SEV_STATE__MAX); + assert(sev_state); + + trace_kvm_sev_change_state(SevState_str(sev_state->state), + SevState_str(new_state)); + sev_state->state = new_state; +} + static void sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size) { @@ -401,6 +412,75 @@ sev_get_info(void) return info; } +static int +sev_read_file_base64(const char *filename, guchar **data, gsize *len) +{ + gsize sz; + gchar *base64; + GError *error = NULL; + + if (!g_file_get_contents(filename, &base64, &sz, &error)) { + error_report("failed to read '%s' (%s)", filename, error->message); + return -1; + } + + *data = g_base64_decode(base64, len); + return 0; +} + +static int +sev_launch_start(SEVState *s) +{ + gsize sz; + int ret = 1; + int fw_error; + QSevGuestInfo *sev = s->sev_info; + struct kvm_sev_launch_start *start; + guchar *session = NULL, *dh_cert = NULL; + + start = g_new0(struct kvm_sev_launch_start, 1); + + start->handle = object_property_get_int(OBJECT(sev), "handle", + &error_abort); + start->policy = object_property_get_int(OBJECT(sev), "policy", + &error_abort); + if (sev->session_file) { + if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) { + return 1; + } + start->session_uaddr = (unsigned long)session; + start->session_len = sz; + } + + if (sev->dh_cert_file) { + if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) { + return 1; + } + start->dh_uaddr = (unsigned long)dh_cert; + start->dh_len = sz; + } + + trace_kvm_sev_launch_start(start->policy, session, dh_cert); + ret = sev_ioctl(s->sev_fd, KVM_SEV_LAUNCH_START, start, &fw_error); + if (ret < 0) { + error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + return 1; + } + + object_property_set_int(OBJECT(sev), start->handle, "handle", + &error_abort); + sev_set_guest_state(SEV_STATE_LUPDATE); + s->handle = start->handle; + s->policy = start->policy; + + g_free(start); + g_free(session); + g_free(dh_cert); + + return 0; +} + void * sev_guest_init(const char *id) { @@ -471,6 +551,12 @@ sev_guest_init(const char *id) goto err; } + ret = sev_launch_start(s); + if (ret) { + error_report("%s: failed to create encryption context", __func__); + goto err; + } + ram_block_notifier_add(&sev_ram_notifier); return s; diff --git a/target/i386/trace-events b/target/i386/trace-events index ffa3d2250425..9402251e9991 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -10,3 +10,5 @@ kvm_x86_update_msi_routes(int num) "Updated %d MSI routes" kvm_sev_init(void) "" kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu" +kvm_sev_change_state(const char *old, const char *new) "%s -> %s" +kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p"