From patchwork Thu Mar 8 12:48:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10267997 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0769660211 for ; Thu, 8 Mar 2018 12:58:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EABF829905 for ; Thu, 8 Mar 2018 12:58:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DF16229907; Thu, 8 Mar 2018 12:58:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4A6A829905 for ; Thu, 8 Mar 2018 12:58:23 +0000 (UTC) Received: from localhost ([::1]:38506 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etv7m-0004ml-GO for patchwork-qemu-devel@patchwork.kernel.org; Thu, 08 Mar 2018 07:58:22 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59006) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etuzw-0005T7-PL for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:50:20 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1etuzs-0004Am-LL for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:50:16 -0500 Received: from mail-cys01nam02on0076.outbound.protection.outlook.com ([104.47.37.76]:52544 helo=NAM02-CY1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1etuzs-0004AE-9S for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:50:12 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=hswdwbRPMNmiaZsogZDUeqLXXHCPFLfZq54ztWs1Z9A=; b=AO3kWvhYrMgSlmk92W0ASAFdu2YxnPDFlXsL4AN89qqlgGmFolBMQvHkFx6xraiIeZHzqOFGh/i02C6zR3OhMu3pvReC348TVrQK4nOEa5ernhEmRHkyPYzWlNDlu6+8SS4crDSWW5biNhaYPdZSSuAWRC6LMelDPq8/t1d5liQ= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Thu, 8 Mar 2018 12:50:05 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Thu, 8 Mar 2018 06:48:50 -0600 Message-Id: <20180308124901.83533-18-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180308124901.83533-1-brijesh.singh@amd.com> References: <20180308124901.83533-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0031.namprd14.prod.outlook.com (2603:10b6:404:13f::17) To DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: c601dfd7-73d9-4d13-0a35-08d584f31f20 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM2PR12MB0156; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 3:ef8HW5D6g/5BRqiGcOn7mpId3C9m9QBR+p+8pBmajfQsPqG/aT05sEjGBeeO8zUirPpThyERbpRNC+ZB907n/PfM9ZFPOFeZsiWUFZGWAW4S5NXcKR0e47WQlQKkrECYt9TYCrERCSV3fuXSdO0TJH1CvVqb8NdfN/+fZWxoOVowMSMfAbeXoJLlMkNc6JCc1vwc2l7gkDwaXdTjJKIqIJWRb1rChTgDNPmyRQLnhg0b6/+upSTFky2/EwI/vFwt; 25:39N1CA1PjQ/tJfM4Pida+/YsHUEqkh6Z20oKyfmSfZ9xE4yqwTbtAEKfUCJwYjsO06NeuwGTEj5JbVPkIzS3pwCchY0phMDYAdkfpYccnEKXyI+MYi+Ao8YSrGcIfdeOhktEWEube7jNmPnWPku2tyTCxW2ClLN2+IYL0p0rrRww22uWtaKgXTnWqnzt63wyHSkaskG05vWDki/MAjwfZashUYzxJ1BMnMVbdRR4vAw4scaFe//4rV5cc5HskTUmWmWY1qqdn6XUfNTAtFxnJiBJazZjQXXxGuW0/vofFTLtGacjSvQ1mV+bFCS1ryW5mAKh6TxITaBkZTq7KKoaKA==; 31:QBII8KfV2jYjz0J3HIG4wqWLmb2qmsTgGTHlDkrGVf3gjUf5LuJmMuuWs2p4Qf0AqqASRGHoGY2YNNtj6B8WA51MKOM49Q2B7iuOjQJdvKLP339gmYVCRarPmbDhhuyu8h7ONKRvCaBbS+z0S1w1Yfrv6Nn794X54pnz0h8Yp68avHhE8th2hUKUngs1dhYIl7vtXtEsnhqfEZxhImo2H+U3soH6CW9aNqG4lfDh28o= X-MS-TrafficTypeDiagnostic: DM2PR12MB0156: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:3jtHgVD5VKumpiSkqq98dkO1DGszyAegKIUzQ5E3BJSZ+Vf1hu+Fzh5MJri5BNAViYRsApNlpW6WBsPEaHRAvl+GA9qXCwa9OoWq15cAD0WT3ixxlst2lQV3oNld8edHl0zHuv2NLop6wPkxIiam6MjaILFtB4qpLTWLKhygIIH5RXXQH29WHXfaBPHwlQedNCYgjKdviK7H51nv1uIE6TI5E/6bRG9b596tlvkhDAi+7EHPcOqfbS2C39S3YFyBljG5xtO+LFcnvx3vqAxEQiJGHberuaxvLljWx11jRvcfZPTJwlzz2rlI9tm9o9XCXEVL53/AjIg4EVzhHkIOzA9wZSi+6N9e/lQc62zaUQHVSOendjm9HgCdby1eEraivdBwOc4wvJ27QZSW8W1B06sQkwfLCJGRSjI7jz6G2Ri9rLfR37f48sgGR62UAfTMMoOe0NwWvcEB25PiDmQAO210hXKClv9DuNgNK8JmXysLjkJ2m18I02smTtIQ1IGK; 4:HWl2qrDkUwyhUyEhH7nDfK5S8G/RjysS0+MssRYwNj2d91JbWcbFI/KgIsFx3EUl6XIfpcitDt3nMrZIkYQqatADmxZnY+fOrAgw0v66eaCTU40vs9TE2MlcWA2wOz9qQaoDmNTqb64DPRF1fAe5AstvNv60KUzsjtWN6UgQ4PhyzL2GaTtxiyEQ1SYPofzuLJUkryHiNapkb2q3JC23lnMHRTqqU66R1fV//FGNa9mM59+kpY+8hjuRpe2/PlyDpxElkPGIJfklLCQldHE2tJRJrbwGQlZKX1M/Odns6Z+Q51yqxK/8j6vJxOTZFmlZ X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(3002001)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011); SRVR:DM2PR12MB0156; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0156; X-Forefront-PRVS: 060503E79B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39380400002)(39860400002)(376002)(396003)(346002)(366004)(199004)(189003)(50226002)(53936002)(2950100002)(6916009)(2906002)(2361001)(6666003)(2351001)(106356001)(81156014)(53416004)(8676002)(81166006)(7736002)(36756003)(305945005)(8936002)(105586002)(48376002)(50466002)(68736007)(97736004)(47776003)(66066001)(25786009)(4326008)(39060400002)(6486002)(7416002)(5660300001)(3846002)(478600001)(76176011)(51416003)(7696005)(52116002)(6116002)(16586007)(16526019)(186003)(26005)(1076002)(8656006)(386003)(54906003)(86362001)(316002)(8666007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0156; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0156; 23:yS/VmfsaJ8zZvErHlBzQ8mPry7HQW7xt4caTD0fN7?= =?us-ascii?Q?aX4RIkjwiub6/n8JUwXa+Ho/XKwTv5r1mq6UUcX5TPh42eCdpJtpQCAU1ku8?= =?us-ascii?Q?Ynhd1iHs4ldY/gqjgGsanhAKn1qgqRB6MrgnlslhOh3SfZaldmaoq+TTekBC?= =?us-ascii?Q?WcHth1PPboT2SbUKzvLIvih6j8x9Uo5crQI1wy2sbID0qloDrjNh7Ajjmgok?= =?us-ascii?Q?mXZqe+3dfCCFzzT2Ef26apTqIwYaX8oxeBv72S85rXTQ22m32ZhvTjheq/lj?= =?us-ascii?Q?dVu9il+xOfDevKTbKo+Z+s9jPRNaUKBIi1YI1VttGhtjGqm8p/wJrnSKcr0g?= =?us-ascii?Q?+4ZLPDGy2/sJzIItLMytAaUM22/77+CZM7SwfNeET7ahsS4GxZNYrpR0vsUC?= =?us-ascii?Q?SDK+7QFPfhYrkV1dE7G0XB/edeoqv4n+QBNuGPVb9lsKr6hdYQdmdAklojcE?= =?us-ascii?Q?sXhs0CTiFUO009orWeo3jbF3DdS0BGXYl00qElHolxpHH8y6fWxGfYQ7c30z?= =?us-ascii?Q?3HiwnBPLK1zK2W/AtAszzyXnTWVzCK5816NfsN9fooTxzUhHz1MhLBP5o5mN?= =?us-ascii?Q?jv1OemjI/b6x/D2NRSoZsCocELladKtpqgg+CsLIFa32rygfidRWCr7AfgQD?= =?us-ascii?Q?TxMnHcGIJhMkWyKJrH101ti44/W/VGVJSe6uo6rC3ESFr9KZk2jwVCPghWRH?= =?us-ascii?Q?OUSHnhr+zB/eiUXnD+IrwENGoAcDIynZobyPtt1XmXsfst7n7D8Iba13Tn76?= =?us-ascii?Q?b+bm9BKmY3jyBDxHWyH7vGrqfWu6Cz40ovTe32l9EFMxT6rQmdJWfhMQowwV?= =?us-ascii?Q?dF6SbfMyfpdXwjXAuWTD/lIz0PPBBuozCdJdLgC6zW9qKPJ58+vs/paQxQ7G?= =?us-ascii?Q?xg+84UL3ZPfBR0JRtTzYhGLxyq6DO5G9bX4Ir7SGUzehZn2X4H8VN5XPct/l?= =?us-ascii?Q?NhJEDHqPKntYfNKS5h6jeOYaevx49FbcxffFE4NQKBnfeJHvoH25V6y3WcyW?= =?us-ascii?Q?tF2k2MN7c1yqKXj1eVYuqFqWfz+aayuISkbLoN52zirvqwlTXnRtkTop42eF?= =?us-ascii?Q?rHHIGGxXyw9aYHNDT6YEw/UdAZ24K3rq9fO6jhi58EUVvMNlLlaELiTQp0gk?= =?us-ascii?Q?J+WrlAJSUL46ca6r8tF6270D03nhhD1Fo09yN9nBVRY+SkUjZdIUjdZQ1/DX?= =?us-ascii?Q?OQrZFRdXiUrR0LuXX9DDKiItdTN9KYapRvlf3+oBi3cGFnf7c9PcUcbUd5Lz?= =?us-ascii?Q?3KZ8SiVHdHth2qOneIKUOlZtXuhL8ViJ9RWWJ2cwpommL1vYgEVQbmTo7tae?= =?us-ascii?B?dz09?= X-Microsoft-Antispam-Message-Info: xBMNmlctav18MgMiBFhm8x7tI0yDjkc8nkoHhZFxPQHMRZKwXGK3SMpp4O37XSB9G4mSdiQI5QQ8FanFH+G9vu9WAeBPqZB9/qcyZX48sRkYhG/eQ9d9PfYxqVnEwtXqIk4H4Y0M9G/UkSQEaaA8ad6Qk3+H9vur9M3lZiDOJA+aqlkxWtnNzEzLtYkUSLIG X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 6:gEeM1TQ2FqTo3sFaifL93wHigQh0OzSqfGTYx2uWjdo7cCsYd4bTAtmAHynQvCYjfJSaHDYVg3EpMt7jxiacUZZtNkvfsvxvRXpve8udBTqNl+B4e2HJCDOdMfxtAmbw+v1kbZpcXBW6t7k3kUIMPDJ21iZmtMl3Aq6zRInYwCc9RxbLr/kAUJF00/jfnfIZGPpsYjaxrYaetBOUCyUYT3oBLCRql1BCaCHObEca3+L8uuhMSyFbbkW34RPUvmjUTZauQAHpupdCCQR4FD6VkL2P+OKC1Ko5RP3FsNLn9/DpRPPdxbYzkkvtDduNRSmyOLOZ8OzbxvvS7PROxsBdN3LLaELww7h+tkJWKp2N8Tw=; 5:vlo4n/pYXBe6JABLvu9d75k0O5YDFHM4ZA0RUaxz6srGQATLeAe3urCAdSzTsx4Elo5RujrjLrrUqcWTR81aDBx95x/B4yPitagbsp+eIgcy44Ogxd4fsZL5IFW/D8+uTIKbY1WD2/11SHnnyP9XXHNsRJvZEVvoL8n9VN7ftbA=; 24:cE2u6Q8iTTsfeV5PqDYlECo9oVF7L4X/+wZ7tET37kuz8S0UdM/ZLwB/mIH7bNhfSkrkCr6BDveUxx8KgOlYLLb33s8mszYZ3mrQESpmDyo=; 7:EjaH69eSci/Oj5E1UeRgDuzWqCvp4aFmqccI+SGQYprXlWeMZs2tZ3MH47/jrdg3vaNl8PwF6tDl3Dyy4uy7ukZGYDjStWTsKnpck7sXP+KLVa3m9QhHMcZDofNZ2d649S3z61dSINI2LGpBqRXmjkBU1EF78/41c87jODXQXH72CflWN5SqQaRNc4TXxKu14J5rhr/7TYfvobdjzjxTxkAnbTGZgkEHb0z+UoFDD8gp5LkfLVcdTM62wD5cGNdU SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:UsI0ED47pQgwh3MqEB0NIcbRWfb5hQ1nG9CPAQMnvKfsfCmV/0xOKOep0HkzDRMnJetAH85USpuQfKpinv44sE/mtK4rTpeBXju8ihTCuG5yTUB8MERQ/HHhF9P5tZsN3NdgIxa9pWgVpjZ04hSpAF5o3bsSbrdsJx6Ix1pv2iJc3hTfpCt4pNgZIO6YifcwF2OXWm1AatlVXqx9boSf5kWhVAbDEzn8FSY6Mpi3H61NPc7jiBMSAUJBaWXsP6NU X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2018 12:50:05.5812 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c601dfd7-73d9-4d13-0a35-08d584f31f20 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0156 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.37.76 Subject: [Qemu-devel] [PATCH v12 17/28] target/i386: encrypt bios rom X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP SEV requires that guest bios must be encrypted before booting the guest. Cc: "Michael S. Tsirkin" Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- hw/i386/pc_sysfw.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index 4325575e7d82..73ac783f2055 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -113,6 +113,8 @@ static void pc_system_flash_init(MemoryRegion *rom_memory) pflash_t *system_flash; MemoryRegion *flash_mem; char name[64]; + void *flash_ptr; + int ret, flash_size; sector_bits = 12; sector_size = 1 << sector_bits; @@ -169,6 +171,17 @@ static void pc_system_flash_init(MemoryRegion *rom_memory) if (unit == 0) { flash_mem = pflash_cfi01_get_memory(system_flash); pc_isa_bios_init(rom_memory, flash_mem, size); + + /* Encrypt the pflash boot ROM */ + if (kvm_memcrypt_enabled()) { + flash_ptr = memory_region_get_ram_ptr(flash_mem); + flash_size = memory_region_size(flash_mem); + ret = kvm_memcrypt_encrypt_data(flash_ptr, flash_size); + if (ret) { + error_report("failed to encrypt pflash rom"); + exit(1); + } + } } } }