From patchwork Thu Mar 8 12:48:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10268055 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E276060211 for ; Thu, 8 Mar 2018 13:17:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D211326222 for ; Thu, 8 Mar 2018 13:17:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C5DC32987F; Thu, 8 Mar 2018 13:17:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id F195F26222 for ; Thu, 8 Mar 2018 13:17:25 +0000 (UTC) Received: from localhost ([::1]:38739 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etvQC-0004aO-JN for patchwork-qemu-devel@patchwork.kernel.org; Thu, 08 Mar 2018 08:17:24 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58981) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etuzt-0005Oa-UJ for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:50:18 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1etuzn-00048L-CZ for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:50:13 -0500 Received: from mail-co1nam03on0062.outbound.protection.outlook.com ([104.47.40.62]:49216 helo=NAM03-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1etuzn-00047i-1q for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:50:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ade4jJzUv7oN2gmBFhcFGgJkOYwr7DwjFTnbZJdvhqE=; b=OG7FxVabUEqu9nqYgTO6LEcW3kHLC7acz5OdMHZIZhVQ/nQCq8urUyBD4c35c0MyIuT8sWu/4z9NRTXas2IRjSNpDa4/dQY+wDbAkmOAf7tlRzJrDkCZ1hbK72KKEhq7EufUzT/eqYN2i3SaUW5UjMFxTh21Q1b5A77I9apIBeI= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Thu, 8 Mar 2018 12:50:00 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Thu, 8 Mar 2018 06:48:48 -0600 Message-Id: <20180308124901.83533-16-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180308124901.83533-1-brijesh.singh@amd.com> References: <20180308124901.83533-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0031.namprd14.prod.outlook.com (2603:10b6:404:13f::17) To DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 10cc3e64-a0fb-4e55-67aa-08d584f31c14 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM2PR12MB0156; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 3:8PIgK2meNU3IlPBFDw21x/71ZX7BT3mvR47Nqvl8lNeeafrLISc3Mr5rGRXxF9ZjR0f3yUoLpKUMfqOj7zHsHmhyuWroeWe8Jc8yAZ/3izwnpDLbBfGL8IUz9H/kXTiU19b2byOQ//sOGxg4CPt3PJcw9pPSiCfB2n006SrhD6OLpJFzjh62yPndvDevwQriTWRrUVSYX+vNj47eACDS8fkHMUI5mZB0ArkMyULpWdeqkSFcrquJ0qyx3tZAZtIT; 25:PHKlhICGlXjg79hqmBWrFPH01BV8KZzmIb7LEBE6Hu5zPm6GwdFUpvXKgFboTTnHJttbipGjVa1evY2TQjTYMiCbkCpCAwh/7ZusxXv6B68u0TYp3FQs6mzOcqIlfAxKPLgCM+vgmvgJ3gNUN22CHc9BIyR/j4TdDq36z1WhxEGOJAHA1BmTUzGp3VMIOFXdc8uW8vJ3DxC6HkrSn9+x/70nxCKTgkzh9c/Img4YCezgDXXv3DWRoT9CGBymlsXDsP+ET79JWBwwqHlUP2BetKpSdrdazM0q8ct7wfapu3Sp/1FsrxQ6iuS6MM9mttXSgDDf/6bkFnTXc11S0WmbOw==; 31:zgsfW6qNFmI71Riiim9NmTosanag0o/81KMbEWUizfxcwK6gc5Hd/azdWGOZDCjhrNCOlaJcu2kz6dzFp9lK2gmhnZOjKTbvFK75P2j5jKCJ5jgsRHKzPvZJBGTlQPHliYlES05sjuEBSuV4rrksUeW1p76YAbPV1HGuKl3dvXmjewn1uWzpdFHjsBKCRtFwamIUvaiv0y2KgPKGbm+7Zc5xIp4hb50fu8+7Wd/cXoc= X-MS-TrafficTypeDiagnostic: DM2PR12MB0156: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:qUHVip4RBXA0wpnRGOueBpt97wXF5IMHWgrqK4/k9mnUaUazSF1YyiWlQyar818w+gkJ1yKdwGc3joVV1E3rrqwNixMPkoUiPLgNPC3zSDFeSy9oHYcxI0LuYtZxoNybh+wTt6wW88QJ11DeFnxzmkyIjp+Rfm/wI657mrBy6D+qAEP/Qde3F9E84aqhXEArstAgS7jcrLTRz7lJaKkZgIWf453khchbWeyi2d61rVnxk7rbSdGLqNLUSux1mfMG7kB8TL0s77xH0DpI+bdIdccKmPRXxlvqulPO6aFD1fM14UKt68Tufj3DldrPlqob2KawsHqlMUkFc3OvE5wX7sNPgXQgOHO04FQXYPzbBk8YY9jOEldPp/VgbCqp0Xzd3GcnWZJTCgjUw+s3c3zpS+U9ecXCCpkruR3hsY79b21QUeYYFcSMWLKnL2Atxd3aro2Y4VaqG8kN9+LG4yt1Bj08WVeGbIX06MVFRa3vUXHCknGMM1EAGPHDn140JQp+; 4:YhF5v6OmBlGEYPkcWSUqeuFFcfA4q50liIO6rjrOyECGOAOMAIyKWhsoN0qpiETx9pUoqXzDzEeVX+vXmPbCqWN6NyDwfLVcnHbGzQfRUWS5of9XxnUjcOWOlcJON2Ehs365b1/RhKFFvFBfloAK70U7JTxvtybnkHzDk+PXHpxm2ZunRONV0b9+YpWID54/Y0VPfBsMQYTb9ofgR/f/45OQZxPSHkxyMzaRoAWhaF3cr71Ty6LjnmfP13Ov06x81/BITbk1GvmHSTxOidXb82mNQw2qGuYtQMUEV8pn9GqHQxZWX4T5QCMPLRNbrMuL X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(3002001)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011); SRVR:DM2PR12MB0156; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0156; X-Forefront-PRVS: 060503E79B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39380400002)(39860400002)(376002)(396003)(346002)(366004)(199004)(189003)(50226002)(53936002)(2950100002)(6916009)(2906002)(2361001)(6666003)(2351001)(106356001)(81156014)(53416004)(8676002)(81166006)(7736002)(36756003)(305945005)(8936002)(105586002)(48376002)(50466002)(68736007)(97736004)(47776003)(66066001)(25786009)(4326008)(39060400002)(6486002)(7416002)(5660300001)(3846002)(478600001)(76176011)(51416003)(7696005)(52116002)(6116002)(16586007)(16526019)(186003)(26005)(1076002)(8656006)(386003)(54906003)(86362001)(316002)(59450400001)(8666007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0156; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0156; 23:zc5HSGNhF/rfrFM9jJLmPiuvEJaSImZJM0uOGQ9Dr?= =?us-ascii?Q?ahQ/zIJIMj/0Z4ED+zKsCCWg6Q66V3Hd+JN7Cig+8gQ4KjJK9jU9+g6lbxpC?= =?us-ascii?Q?7ExAcbH8MMHOS4N9246DYhTy2ZhwbPcryoS0OqLMnJk8VK1woSFO3L0FZKeW?= =?us-ascii?Q?Nu1wtS9UIWbJb7fAF16Y6l0H0RAlebCmarhP0CpVoCDxD9ijhLQfz8yYTUUF?= =?us-ascii?Q?LL0iHm7URDVUJckMsaZdp4ievLoUKdFkRV0Lqa5PLsie3id/WpLGPwR6Ve9E?= =?us-ascii?Q?EJxxRDSncWJQ5EUFCWtmh5zVSuGZ5rHLqdN4NXkCP8G4HRVSAVBLSfqZtpAg?= =?us-ascii?Q?HFR6kZw9McEk/EQjiu4YZ0xxIKZzj+GzT0gm2Sp1XiQHTMhTZ3AzwIZHN7Mc?= =?us-ascii?Q?JUfDGKmr+hHsz4ibspbaRP1h3jL49pARDZ1BMckdFSa7dK3iYusUAqSj70br?= =?us-ascii?Q?qIzAfrIk0zc3gTprrtD9f5B94QT20+0aPV7X+auJX5PKi+WddoO9sa6dHJEh?= =?us-ascii?Q?BHFTvUysTbGQBW0wQJgJAVxWBj2dhqjtB+E9b9xkxhO2yIdRwKs5wuzzhh3z?= =?us-ascii?Q?Kevu9MGaj6GZa8v9xBVs/in6xJWp2WZXoqGeGhbUYbJ2P+gdW9Xmc6wNxqU4?= =?us-ascii?Q?fm1UlX+p/hk+HwAKWetEJwnVdKUQvVLxgZklPDNdICCjZ9SC8zG3AD1CnVwe?= =?us-ascii?Q?G723GvJN7p/Ol42+RJfmEDDqj7x0VX7qRnbxZryDxerzO+u/ROi/D9ZHeUF9?= =?us-ascii?Q?nTYbZdn6xoywz3cSGoDhh88mBF4uv/IflrDz9LqrenC6zSMzSp5xZbjWn7yH?= =?us-ascii?Q?AJmNLSNsZTxpZpf9PH5dWgfYq1YrtZ9n37PNDNcrCYlPWNzM8dTG2PslemFI?= =?us-ascii?Q?oG2Bk7FO/3F7+qNWsT2e7oWavctPh4BhmFFh+pUMgdL4TJW0NPpgftlgLj3y?= =?us-ascii?Q?5eL6QjDKm/TTCw8WFQNsQHi+Q6mMmCXnHGoGOuwJuGjEkNftebnhznWmWdYt?= =?us-ascii?Q?Okh9p/TRj3TCxlBLof6hNFcfYgT804+GJqOJLncew6KA3p2cbB7nJqVIG8EI?= =?us-ascii?Q?OHnphXGyaFHxBuLBiPe9A8l81neGKDjMA7oPYyADdklsySu0YnQbNQzS6VQh?= =?us-ascii?Q?gZpDSOd/LyH69LFN5jBVMwK3a07Trm+CBH26MhV5s7iUtajFK9JNWvoT9ids?= =?us-ascii?Q?MmvlJBp9Jklj3e52YwLOsJcR/KJFNPlMBKWOWeJK3egWhYfSu2MpzZCPTVN/?= =?us-ascii?Q?EFbZ/LLsQmz5FaTzM438RoE5AqkBBP/JfxRrWdqN0y59mFVB9QXRmkBFARH1?= =?us-ascii?Q?Moxtb6nIZcpf0dR8aWj3Yg=3D?= X-Microsoft-Antispam-Message-Info: 9UOrHBFZlTGykQx/3d1pBz3hBO1HRPHp3jIXqnODVsVjunBVZmEKFtLnpLKNYK0Pfd/8m9b4GAfbaaf7yLVHe60tEsN6Gk7uo8Sem3zF5Mlu+uh+1wBULRKmAOt+NziYqVlirKsRGPrpFfw6aGua/NehO5BIVT7M1DrR2uUUi+rjk8zvZ+/zBnzd5bG4LMHG X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 6:QluvKOLGlUzMJq8DE+Y6dSeePE/nfXnBnr+t3aFyVrgiqLGdYLO+cU28cpRzrc5yPDGgj7JV29X4zoaUqJDmFL//uSr0+Waavsah0bXhrty9vtiYh1Qaf14XkYUrR1E2XVg/S/YyJp3h0P1lfLFfrIxENsU4Oy4IaN/m0TNsDbSKxOhYsX4aFkfwUZ6lZTko8OERNXUbPgzcrDKOd10aucop2N6miZnIzGi6F3SNtxswQBfkw60lnWu/iYLQo3eFzwVaC6/F+x4GalJakDf0I/3JOf76aI886wh9M3kZu6rW8d4epGqXrdc30OdIPKlk83OcJC/NWtZ06Wofg4x/oRpifIFCMB0EKDuvr8ZAty0=; 5:NyEp0ZyINt798FfgTqqnMWV1bZOKogsWbB6XPE3wwof9v6pbXkNtY9QbzdthevWcEIrHlSiRqXon4LgQjwP5xW4dEmz1Q25xqFpz/UhbFA8XH5gowLABDEKjFlXDAArOButoQha9uFs+nxW+3Dz+Nr7tOSh7SPdQDudadoeoo1M=; 24:ubAFhSNV8RMes4Zr/z/v44aUIGHsIJYIaKBFnk18OF8/0/lGzb+8MYc4Zfj5FjKg9YGUkmZ2UFP1pYPyr7flaR1cbu+ky6/36HHrinvRvfY=; 7:HR0IHPs4BWyPsmw79H9u5SpyGJmzHpc4v3egQtDDNhtlbGflP0al+LDO2TkPl5U8vxz62KwPMurE66Af4PkgmUd7LzqrSKmjgDjNOAKap8tfJLdZQcSJaHxYNLBk/5K07smeCjuwk1p29NBpRtV5D9TqzcXKZrSV2D7DCe9wSI91LadqMgFMRPYV0vzWaJxrSSSdnCgRvAmegCjVeHZTe3/ikAKOwdSh7MfPyArjNoiyUzAgj2EXOnilTWi69u9m SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:KOPxhP5y6FWl65wUibMic5x9bgmA7YZGy1aM/AQAuiJ7cbiLjRmrr5ZFSgYA16qGZL4HPoL/87C4oZ8NDNR0ve34TqabR6Dwgw6a1do1T28Hx9b2bl5yU9d/oXe50Et/YAHf+mmA/7Y8wrWERqGfjqjAXxZ8r6nsyePCGwkdHlNvdRHErzseGrcO+XjNirrN4ADfZouvXOoLbdc7KZql0q54AdzjHjodsga/L46CYJf2kL6IbyLwDcJY/wXQyVP2 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2018 12:50:00.4561 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 10cc3e64-a0fb-4e55-67aa-08d584f31c14 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0156 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.40.62 Subject: [Qemu-devel] [PATCH v12 15/28] sev/i386: add command to create launch memory encryption context X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The KVM_SEV_LAUNCH_START command creates a new VM encryption key (VEK). The encryption key created with the command will be used for encrypting the bootstrap images (such as guest bios). Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- target/i386/sev.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 2 ++ 2 files changed, 88 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 4f85035d5203..eee693745103 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -105,6 +105,17 @@ fw_error_to_str(int code) return sev_fw_errlist[code]; } +static void +sev_set_guest_state(SevState new_state) +{ + assert(new_state < SEV_STATE__MAX); + assert(sev_state); + + trace_kvm_sev_change_state(SevState_str(sev_state->state), + SevState_str(new_state)); + sev_state->state = new_state; +} + static void sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size) { @@ -406,6 +417,75 @@ sev_get_info(void) return info; } +static int +sev_read_file_base64(const char *filename, guchar **data, gsize *len) +{ + gsize sz; + gchar *base64; + GError *error = NULL; + + if (!g_file_get_contents(filename, &base64, &sz, &error)) { + error_report("failed to read '%s' (%s)", filename, error->message); + return -1; + } + + *data = g_base64_decode(base64, len); + return 0; +} + +static int +sev_launch_start(SEVState *s) +{ + gsize sz; + int ret = 1; + int fw_error; + QSevGuestInfo *sev = s->sev_info; + struct kvm_sev_launch_start *start; + guchar *session = NULL, *dh_cert = NULL; + + start = g_new0(struct kvm_sev_launch_start, 1); + + start->handle = object_property_get_int(OBJECT(sev), "handle", + &error_abort); + start->policy = object_property_get_int(OBJECT(sev), "policy", + &error_abort); + if (sev->session_file) { + if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) { + return 1; + } + start->session_uaddr = (unsigned long)session; + start->session_len = sz; + } + + if (sev->dh_cert_file) { + if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) { + return 1; + } + start->dh_uaddr = (unsigned long)dh_cert; + start->dh_len = sz; + } + + trace_kvm_sev_launch_start(start->policy, session, dh_cert); + ret = sev_ioctl(s->sev_fd, KVM_SEV_LAUNCH_START, start, &fw_error); + if (ret < 0) { + error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + return 1; + } + + object_property_set_int(OBJECT(sev), start->handle, "handle", + &error_abort); + sev_set_guest_state(SEV_STATE_LUPDATE); + s->handle = start->handle; + s->policy = start->policy; + + g_free(start); + g_free(session); + g_free(dh_cert); + + return 0; +} + void * sev_guest_init(const char *id) { @@ -476,6 +556,12 @@ sev_guest_init(const char *id) goto err; } + ret = sev_launch_start(s); + if (ret) { + error_report("%s: failed to create encryption context", __func__); + goto err; + } + ram_block_notifier_add(&sev_ram_notifier); return s; diff --git a/target/i386/trace-events b/target/i386/trace-events index ffa3d2250425..9402251e9991 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -10,3 +10,5 @@ kvm_x86_update_msi_routes(int num) "Updated %d MSI routes" kvm_sev_init(void) "" kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu" +kvm_sev_change_state(const char *old, const char *new) "%s -> %s" +kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p"