From patchwork Thu Mar 8 12:48:41 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10267991 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D709560211 for ; Thu, 8 Mar 2018 12:56:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C68C529905 for ; Thu, 8 Mar 2018 12:56:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BA9CA29907; Thu, 8 Mar 2018 12:56:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id C527D29906 for ; Thu, 8 Mar 2018 12:56:25 +0000 (UTC) Received: from localhost ([::1]:38496 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etv5s-0002pZ-Vu for patchwork-qemu-devel@patchwork.kernel.org; Thu, 08 Mar 2018 07:56:25 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58840) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etuzZ-000580-01 for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:49:57 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1etuzU-0003tz-Vm for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:49:53 -0500 Received: from mail-cys01nam02on0054.outbound.protection.outlook.com ([104.47.37.54]:31438 helo=NAM02-CY1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1etuzU-0003sX-Jw for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:49:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=tjX2wpu/jA0xOPADPxPrKXSVhFTHf8Nd0l5T84yJSoQ=; b=4yZna5rzXkzO7etB2e8ssG0KACcikA3sLDFKfpOCzM28GYmhfgH93fYwWa9aoTaNE/7r9wrtMxH+Ug7X/hKEKcd3OnFK/KiK6AcCcjzsfqVnCJJmTGljqByv4rikLeUQ9Pb2k1msoofnHMXFPwQeNF4oQkUOPgpulc5mEbyQwp0= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Thu, 8 Mar 2018 12:49:42 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Thu, 8 Mar 2018 06:48:41 -0600 Message-Id: <20180308124901.83533-9-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180308124901.83533-1-brijesh.singh@amd.com> References: <20180308124901.83533-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0031.namprd14.prod.outlook.com (2603:10b6:404:13f::17) To DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: a9def2c3-0282-456e-5519-08d584f31182 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM2PR12MB0156; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 3:hSL1P9e4Zpv4cVH+MOKS5LbED5BDIYi5BFhhEA6KloMtw+Or4v6YURqTgTpDf2JiD4bL8l0qVVPcABmE1wZccsjxA5/SYLhNyUi8ScEiJobYPBmSlJPNUxHAskrP6FBHCifk+ghicDR5d0FgL1vOSY24AhBLWJNT5pKMo1YpNuvqUp3Z9OgNlSXGlv2sqoRsZnwyqqKUtkRY2gDlJyt4cObYMHt8B3sK3X4b5RMrVEiiU9LEMDh3mch2KNl7zpen; 25:LSYctKjNoULfN3uxCjh5m0KKU4sprLBiFqZ8bt4Jb0RUdwMQEbEoBQmcbZ8l668nhvM1grJ7xkojrHrFkxBo5RaiPidG5S0UXkT2Fdx3b8RjYkOsCa3Pt4djQEbP+4JobjM+xC+UooYF92ybDVdZK069lmR+DdRDNPyjevy6jxYgS3keCGd3kinUDBDHqywB3cQRu82ZD2/iMeZYSM/94g4BdIKbIN1jAZG848UJXehz4KWLD6DTirVHQiqSSVBbvqYkJePRYi6thgm9lK5nrd6hb2PFG/tB9dubobdN75mRxTR/v1Q1bMPzFgSAsvZZTQMayBXOWndX5ZSCW+H16w==; 31:wjxgDaXeA2p0x+PLxPu7e8cIhyY1gVZFW5DIvl5aZYEiELwEvsgvbzqqehU2eFpCPR6eB+5V60/oESC0Z0AHHy/8xusCnBBmIAA3Wuv9Sw3iqzwALt0+jpDw7SNoeJryFAbqc6TSShIkAbk2j4/JRk4PRCiYzDy5LqeIWO5X/YhZqPIOV3SFbSHf7dL2euWhyUPo4eiTkmy/DGsPgssGdH9OML4ra9dzpuns5PpxZgc= X-MS-TrafficTypeDiagnostic: DM2PR12MB0156: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:Z0Di7cxoSJzdVNdcTq8zehpzsFAp8wUyL/GJtMkAnFhv9BeLCBBPcBWghkFF1muJE4SLAZ2D4VzesANUVwX6wcxGaPXc/hguglcRNxFybUcwxEuPIOx6rg/YySFzZH/tnjtAcGs2fpFPertzntSVbqHz12AdSotw67tejZhQppGQdvkTxSOUbwsg7J6HIEm0szcJeFND774dsdX+amLl+9fJlVmqKXZj1+oJpE22iv8XGeKHyZfVvfp8+O8+5iR1qWJqupqkWHkDyXkETc2ehG1zqx93noafKvt0paOW0LXDp9Uab3h9rbLKkb/x4CFok36oY4efFf2cmZlu34RafH8dWAsEpM4F5ZvG0JoN6BC2Bd2+DJ9yzGQbkrMBH97LNPeewNOKaD2gm70+r8WIkGdU263xokxCwIFCgpsdmWCCKz9JEC3k7rNViaDbr6rxy7DmS2uz5nv0AkrxLStLIyRJUVfwRGZYLd3gw3Vt7K1YHhfY5+NYCy2YcL6IK+/I; 4:Oo1UwsuBIcnurxu+XiXmzMR+X4TkNBW8X73+2uG9jgHnQc7vPjRFpwV++qDlsHMJMDJQo7Zkdic4CPtuXtoBRFLyYB71fgQr6yLJ3hOP7O6fqIK3vOF9rz2oWWshshnk1im9PTO5GlPExCTKBqLdITHBl/+avohnl2sYnlEk8G1TQohz7c7z4LwFJ/xSc1Y3QgyCIP+zu7YzFY1QMch6ny02QGv8dOQessZehcPZIgvkeZyGG16vsqyuYqhl54IgwNRca+x3vcO/DyGldVbYNQA2ye2bHSsxgKeFLKpNxuSeLnvt2W/k2zP7R0ZIPKAVMTFvFT/981nOZ82hNixPpA== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110)(17755550239193); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(3002001)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011); SRVR:DM2PR12MB0156; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0156; X-Forefront-PRVS: 060503E79B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39380400002)(39860400002)(376002)(396003)(346002)(366004)(199004)(189003)(50226002)(53936002)(2950100002)(6916009)(2906002)(2361001)(2351001)(106356001)(81156014)(53416004)(8676002)(81166006)(7736002)(36756003)(305945005)(8936002)(105586002)(48376002)(50466002)(68736007)(97736004)(47776003)(66066001)(25786009)(4326008)(39060400002)(6486002)(7416002)(5660300001)(3846002)(478600001)(76176011)(51416003)(7696005)(52116002)(6116002)(16586007)(16526019)(186003)(26005)(1076002)(8656006)(386003)(54906003)(86362001)(316002)(59450400001)(8666007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0156; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0156; 23:PGZgWs8vKU7hYBqtmhagLKzcrHauV6MmzbYSgdDtv?= =?us-ascii?Q?HLmEt6+uwmke34wPVR8dTcyCQHEZzUATqtCpFlp1vqBK56fziuB1NnAxK3py?= =?us-ascii?Q?SgVUPZgOS6WXl1JIfOLwvBioXdfuD7TBkVeVBbr3y1GYoTMWBngT9Awq+clM?= =?us-ascii?Q?kECRhXFt1qvInQMe4iBoj2Kvl0zeF7XudxEtr5EcQhpJ7y038V0liWJ62DUr?= =?us-ascii?Q?EV8MHA8eQuDxRcphq2hPvpj76xrY9jaSKPr3R6opK9ZMptyRLQk4R8c1NkdQ?= =?us-ascii?Q?KNZpfS9ryRXNVm2OIZFKS5qLFbONzQhvZuOSbicU3Ezn2MlyT8zKwV3A+KwU?= =?us-ascii?Q?tqbruXtTq6pjNZfPpu0dl8zDxv+kz/dbh0fQ9IRrg8PkAEuR7rvm7p/0so9O?= =?us-ascii?Q?YLL37kxz1kV0CzgiAJIycLzTnj2glkzVqoy5cDlqaRWLDO/Ja/lsrlUVb3HX?= =?us-ascii?Q?uLi7OjcdfapCQ7JyRhBlOEon9bzLWltCTm5FD3JEQdHnf/D/s1eAZ6yzOEZE?= =?us-ascii?Q?KSs51jLITPxxv4FxvDW9opRTsUkRUlV9sqF4TCbnDi1XZK2lx71WYeCPi7On?= =?us-ascii?Q?EH8k48KHmuvuWGYK42kQvp04GGYeBDmwJzuSYMiQ5N/AlrMwJr8KC2NeQ3PE?= =?us-ascii?Q?Obkf9s6XP+tIezgjKCyrBnBvj9L16lqlYNPojdUsHI4X0HCZDVdkpdc44ROD?= =?us-ascii?Q?G1Ti7OFZ3MII4GrCbMG7RT/wUgeP3YTTU5AYmDvryemcQkWF+d3g9bsUPEub?= =?us-ascii?Q?9nQyu0GQDzbmhXrSlKFBZDFVy5jNGX/SntZdAzFSxPsKEJVrePB63I/v/cYq?= =?us-ascii?Q?k8b/g4K8QQjcX++T+5LXP2o9PE19VvYIi3QSbff1ekGcT10ds3aDfyoOeaWs?= =?us-ascii?Q?iGcHStknmKytCOYM1BVwD1cz8xvw2LES1iZm8iDUGOOQ1Pqps6q9uilKyXq4?= =?us-ascii?Q?TyFz2InwjOlx+g+TMJQPHVt1B4KV/qgt4ccmITk1SG/xPwDbgNQFRHdZOmfs?= =?us-ascii?Q?T55b45PPKLLVDdFV3izDO35ni3Qph1dQONiVAF3dqsVTGPqvCIYhYda+1lz4?= =?us-ascii?Q?kfYBC76ZhJdJFK4hXeHlTKvNPFaLK5RoXy0wIrvtTAcPOiEOh2xebFm9qcsL?= =?us-ascii?Q?LZZQjAmjEUcwscs7PJ9QaEXRTilfVVkBI4M+LllriMUiG/wP4Uc/lg5/aTI4?= =?us-ascii?Q?yeCws7nPbgqEOAkmNphJMDt0eAZL+kOlxMAqdiOvDPh8IG5fpGIffpupLovt?= =?us-ascii?Q?9uyLgVodp3DUey9Vhg6xWCBEHOLFlNW0r/ON2O8?= X-Microsoft-Antispam-Message-Info: mGew7zEH2cEWmDA1vF3UOLMpSgmTZsJseGTyVQMa/D86NUYPqHSAtsBaYPrgQHseatKDUOUPpok8Kw5llmwM6u5pXyxhMjtddDOBYhbNrZ6qehh6L7qy0ufyiweOMKqK76xDjSm6qLdfsYDWdU+m7S31Kn6MBmeO9cfuXdpX8d/7gBYs3EAp6EMgtySQvByv X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 6:wHSlkEbZvMD4CziuWzeki9TulLnWY2h4BtsEdlaSvo6Dzk+6h8q2+aw4SBjACiwC484BDkmug6IbfCn1m7aJjhVvYRIAKObQB3Xe5TlxMW7DsL/sLKUezm+yFSQOHjWhN+BJ1M1GMt6E/XTw4JSW3prSLlN0Vaysy4F+55PqtbvwVSEJNRNJuvgSmbE36r+odq+NTYtF+7W4AezrjnAVulvC+1XDLhTwnZsLKh611NLciC1TS8CZIx5qeytdcB+xf3CWttN6kSa/zVHC/WUDPVoWEt478qU2sm0ooq46a0B5S56FIANfmT6StykB61Jx+Ai81sHV9Wur2BSswex2eptfhSKSfGDY3z7xl+hs5MA=; 5:wlzCD2nNJJv4+KmHH+73131dp/yKPoGkI+T/OuF7nrwnSnSUtcAtnjdCkHoGYn55TqTAn02xLK+t4MjUgPGwg+AgVnGVxECm/OKyi37/dhCYw1xGWKVDqmQrlmOzsybYbLiBCv54YGa7FEHR2oJiSz5U2A2seFILlrGJnoWc1gA=; 24:WQrocUAWL085O26F8ZzzJdNuv8iD2WXlhL6f9XOUKNzWgDPosof/vTH11uidRol6YVaMj59xrePY31UmnqQXWV9LnfRjt/GO/1fEERZGPNo=; 7:p1jWNHODVptqFtb1x1q4RpqaHJ51/Rn7kCnHJnIc+zd2QdnQEXJG+mHFqzHPBoWogblg3/CGFzjQYDISeBCVUI2clVxYFPuNIL3ymMWR4OSxJlKdP3I2PILxn6ABs52vWqqmYHW2fB1Ax1pEqmxcGvb+IUiw8UdbeYF/KQNCNwIicBRHn7bGeGZ6hA7dtE+qkDU6xO5/+YXSc4UIXkhhTRwo8K0RuUmdzWJzOLlvOhlZXQqi7JFknvwIOnPewe1s SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:HcNLMAtVGsgJBerDrcEzWy/VpJfdldajWKFNbQNN4XHh+Gxt4SeOpWdbh0YayKXxvm+iRMusMUXEpMXSF8TXxNXLjcT6FYIArgPfk/Im4W7iTmfCmOQZhDAo4HR7MKp12eZyJznUpn+FqGeVKlhtN4/nQ4Cr38zuilMRMFXvbR91DUD4tL/3VFaz4wEVCPvkjAKSXhLUMSeOARvio39Nhkaq1PZftnI7q/iQTrgjuhvxyKbEnj63juD6EHl42Dn/ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2018 12:49:42.5341 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a9def2c3-0282-456e-5519-08d584f31182 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0156 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.37.54 Subject: [Qemu-devel] [PATCH v12 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Add a new memory encryption object 'sev-guest'. The object will be used to create enrypted VMs on AMD EPYC CPU. The object provides the properties to pass guest owner's public Diffie-hellman key, guest policy and session information required to create the memory encryption context within the SEV firmware. e.g to launch SEV guest # $QEMU \ -object sev-guest,id=sev0 \ -machine ....,memory-encryption=sev0 Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- docs/amd-memory-encryption.txt | 17 +++ qemu-options.hx | 44 ++++++++ target/i386/Makefile.objs | 2 +- target/i386/sev.c | 228 +++++++++++++++++++++++++++++++++++++++++ target/i386/sev_i386.h | 61 +++++++++++ 5 files changed, 351 insertions(+), 1 deletion(-) create mode 100644 target/i386/sev.c create mode 100644 target/i386/sev_i386.h diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt index 72a92b6c6353..05266fd41b23 100644 --- a/docs/amd-memory-encryption.txt +++ b/docs/amd-memory-encryption.txt @@ -35,10 +35,21 @@ in bad measurement). The guest policy is a 4-byte data structure containing several flags that restricts what can be done on running SEV guest. See KM Spec section 3 and 6.2 for more details. +The guest policy can be provided via the 'policy' property (see below) + +# ${QEMU} \ + sev-guest,id=sev0,policy=0x1...\ + Guest owners provided DH certificate and session parameters will be used to establish a cryptographic session with the guest owner to negotiate keys used for the attestation. +The DH certificate and session blob can be provided via 'dh-cert-file' and +'session-file' property (see below + +# ${QEMU} \ + sev-guest,id=sev0,dh-cert-file=,session-file= + LAUNCH_UPDATE_DATA encrypts the memory region using the cryptographic context created via LAUNCH_START command. If required, this command can be called multiple times to encrypt different memory regions. The command also calculates @@ -59,6 +70,12 @@ context. See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the complete flow chart. +To launch a SEV guest + +# ${QEMU} \ + -machine ...,memory-encryption=sev0 \ + -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1 + Debugging ----------- Since memory contents of SEV guest is encrypted hence hypervisor access to the diff --git a/qemu-options.hx b/qemu-options.hx index 4c280142c52c..6113bce08a8c 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4353,6 +4353,50 @@ contents of @code{iv.b64} to the second secret data=$SECRET,iv=$( + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qom/object_interfaces.h" +#include "qemu/base64.h" +#include "sysemu/kvm.h" +#include "sev_i386.h" +#include "sysemu/sysemu.h" + +#define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ +#define DEFAULT_SEV_DEVICE "/dev/sev" + +static void +qsev_guest_finalize(Object *obj) +{ +} + +static char * +qsev_guest_get_session_file(Object *obj, Error **errp) +{ + QSevGuestInfo *s = QSEV_GUEST_INFO(obj); + + return s->session_file ? g_strdup(s->session_file) : NULL; +} + +static void +qsev_guest_set_session_file(Object *obj, const char *value, Error **errp) +{ + QSevGuestInfo *s = QSEV_GUEST_INFO(obj); + + s->session_file = g_strdup(value); +} + +static char * +qsev_guest_get_dh_cert_file(Object *obj, Error **errp) +{ + QSevGuestInfo *s = QSEV_GUEST_INFO(obj); + + return g_strdup(s->dh_cert_file); +} + +static void +qsev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp) +{ + QSevGuestInfo *s = QSEV_GUEST_INFO(obj); + + s->dh_cert_file = g_strdup(value); +} + +static char * +qsev_guest_get_sev_device(Object *obj, Error **errp) +{ + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + + return g_strdup(sev->sev_device); +} + +static void +qsev_guest_set_sev_device(Object *obj, const char *value, Error **errp) +{ + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + + sev->sev_device = g_strdup(value); +} + +static void +qsev_guest_class_init(ObjectClass *oc, void *data) +{ + object_class_property_add_str(oc, "sev-device", + qsev_guest_get_sev_device, + qsev_guest_set_sev_device, + NULL); + object_class_property_set_description(oc, "sev-device", + "SEV device to use", NULL); + object_class_property_add_str(oc, "dh-cert-file", + qsev_guest_get_dh_cert_file, + qsev_guest_set_dh_cert_file, + NULL); + object_class_property_set_description(oc, "dh-cert-file", + "guest owners DH certificate (encoded with base64)", NULL); + object_class_property_add_str(oc, "session-file", + qsev_guest_get_session_file, + qsev_guest_set_session_file, + NULL); + object_class_property_set_description(oc, "session-file", + "guest owners session parameters (encoded with base64)", NULL); +} + +static void +qsev_guest_set_handle(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + uint32_t value; + + visit_type_uint32(v, name, &value, errp); + sev->handle = value; +} + +static void +qsev_guest_set_policy(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + uint32_t value; + + visit_type_uint32(v, name, &value, errp); + sev->policy = value; +} + +static void +qsev_guest_set_cbitpos(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + uint32_t value; + + visit_type_uint32(v, name, &value, errp); + sev->cbitpos = value; +} + +static void +qsev_guest_set_reduced_phys_bits(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + uint32_t value; + + visit_type_uint32(v, name, &value, errp); + sev->reduced_phys_bits = value; +} + +static void +qsev_guest_get_policy(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint32_t value; + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + + value = sev->policy; + visit_type_uint32(v, name, &value, errp); +} + +static void +qsev_guest_get_handle(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint32_t value; + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + + value = sev->handle; + visit_type_uint32(v, name, &value, errp); +} + +static void +qsev_guest_get_cbitpos(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint32_t value; + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + + value = sev->cbitpos; + visit_type_uint32(v, name, &value, errp); +} + +static void +qsev_guest_get_reduced_phys_bits(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint32_t value; + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + + value = sev->reduced_phys_bits; + visit_type_uint32(v, name, &value, errp); +} + +static void +qsev_guest_init(Object *obj) +{ + QSevGuestInfo *sev = QSEV_GUEST_INFO(obj); + + sev->sev_device = g_strdup(DEFAULT_SEV_DEVICE); + sev->policy = DEFAULT_GUEST_POLICY; + object_property_add(obj, "policy", "uint32", qsev_guest_get_policy, + qsev_guest_set_policy, NULL, NULL, NULL); + object_property_add(obj, "handle", "uint32", qsev_guest_get_handle, + qsev_guest_set_handle, NULL, NULL, NULL); + object_property_add(obj, "cbitpos", "uint32", qsev_guest_get_cbitpos, + qsev_guest_set_cbitpos, NULL, NULL, NULL); + object_property_add(obj, "reduced-phys-bits", "uint32", + qsev_guest_get_reduced_phys_bits, + qsev_guest_set_reduced_phys_bits, NULL, NULL, NULL); +} + +/* sev guest info */ +static const TypeInfo qsev_guest_info = { + .parent = TYPE_OBJECT, + .name = TYPE_QSEV_GUEST_INFO, + .instance_size = sizeof(QSevGuestInfo), + .instance_finalize = qsev_guest_finalize, + .class_size = sizeof(QSevGuestInfoClass), + .class_init = qsev_guest_class_init, + .instance_init = qsev_guest_init, + .interfaces = (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { } + } +}; + +static void +sev_register_types(void) +{ + type_register_static(&qsev_guest_info); +} + +type_init(sev_register_types); diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h new file mode 100644 index 000000000000..caf879c3b874 --- /dev/null +++ b/target/i386/sev_i386.h @@ -0,0 +1,61 @@ +/* + * QEMU Secure Encrypted Virutualization (SEV) support + * + * Copyright: Advanced Micro Devices, 2016-2018 + * + * Authors: + * Brijesh Singh + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + */ + +#ifndef QEMU_SEV_I386_H +#define QEMU_SEV_I386_H + +#include "qom/object.h" +#include "qapi/error.h" +#include "sysemu/kvm.h" +#include "qemu/error-report.h" + +#define SEV_POLICY_NODBG 0x1 +#define SEV_POLICY_NOKS 0x2 +#define SEV_POLICY_ES 0x4 +#define SEV_POLICY_NOSEND 0x8 +#define SEV_POLICY_DOMAIN 0x10 +#define SEV_POLICY_SEV 0x20 + +#define TYPE_QSEV_GUEST_INFO "sev-guest" +#define QSEV_GUEST_INFO(obj) \ + OBJECT_CHECK(QSevGuestInfo, (obj), TYPE_QSEV_GUEST_INFO) + +typedef struct QSevGuestInfo QSevGuestInfo; +typedef struct QSevGuestInfoClass QSevGuestInfoClass; + +/** + * QSevGuestInfo: + * + * The QSevGuestInfo object is used for creating a SEV guest. + * + * # $QEMU \ + * -object sev-guest,id=sev0 \ + * -machine ...,memory-encryption=sev0 + */ +struct QSevGuestInfo { + Object parent_obj; + + char *sev_device; + uint32_t policy; + uint32_t handle; + char *dh_cert_file; + char *session_file; + uint32_t cbitpos; + uint32_t reduced_phys_bits; +}; + +struct QSevGuestInfoClass { + ObjectClass parent_class; +}; + +#endif