Message ID | 20220512031803.3315890-37-xiaoyao.li@intel.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | TDX QEMU support | expand |
On Thu, May 12, 2022 at 11:18:03AM +0800, Xiaoyao Li <xiaoyao.li@intel.com> wrote: > Add docs/system/i386/tdx.rst for TDX support, and add tdx in > confidential-guest-support.rst > > Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com> > --- > docs/system/confidential-guest-support.rst | 1 + > docs/system/i386/tdx.rst | 103 +++++++++++++++++++++ > docs/system/target-i386.rst | 1 + > 3 files changed, 105 insertions(+) > create mode 100644 docs/system/i386/tdx.rst > > diff --git a/docs/system/confidential-guest-support.rst b/docs/system/confidential-guest-support.rst > index 0c490dbda2b7..66129fbab64c 100644 > --- a/docs/system/confidential-guest-support.rst > +++ b/docs/system/confidential-guest-support.rst > @@ -38,6 +38,7 @@ Supported mechanisms > Currently supported confidential guest mechanisms are: > > * AMD Secure Encrypted Virtualization (SEV) (see :doc:`i386/amd-memory-encryption`) > +* Intel Trust Domain Extension (TDX) (see :doc:`i386/tdx`) > * POWER Protected Execution Facility (PEF) (see :ref:`power-papr-protected-execution-facility-pef`) > * s390x Protected Virtualization (PV) (see :doc:`s390x/protvirt`) > > diff --git a/docs/system/i386/tdx.rst b/docs/system/i386/tdx.rst > new file mode 100644 > index 000000000000..96d91fea5516 > --- /dev/null > +++ b/docs/system/i386/tdx.rst > @@ -0,0 +1,103 @@ > +Intel Trusted Domain eXtension (TDX) > +==================================== > + > +Intel Trusted Domain eXtensions (TDX) refers to an Intel technology that extends > +Virtual Machine Extensions (VMX) and Multi-Key Total Memory Encryption (MKTME) > +with a new kind of virtual machine guest called a Trust Domain (TD). A TD runs > +in a CPU mode that is designed to protect the confidentiality of its memory > +contents and its CPU state from any other software, including the hosting > +Virtual Machine Monitor (VMM), unless explicitly shared by the TD itself. > + > +Prerequisites > +------------- > + > +To run TD, the physical machine needs to have TDX module loaded and initialized > +while KVM hypervisor has TDX support and has TDX enabled. If those requirements > +are met, the ``KVM_CAP_VM_TYPES`` will report the support of ``KVM_X86_TDX_VM``. > + > +Trust Domain Virtual Firmware (TDVF) > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > + > +Trust Domain Virtual Firmware (TDVF) is required to provide TD services to boot > +TD Guest OS. TDVF needs to be copied to guest private memory and measured before > +a TD boots. > + > +The VM scope ``MEMORY_ENCRYPT_OP`` ioctl provides command ``KVM_TDX_INIT_MEM_REGION`` > +to copy the TDVF image to TD's private memory space. > + > +Since TDX doesn't support readonly memslot, TDVF cannot be mapped as pflash > +device and it actually works as RAM. "-bios" option is chosen to load TDVF. > + > +OVMF is the opensource firmware that implements the TDVF support. Thus the > +command line to specify and load TDVF is `-bios OVMF.fd` > + > +Feature Control > +--------------- > + > +Unlike non-TDX VM, the CPU features (enumerated by CPU or MSR) of a TD is not > +under full control of VMM. VMM can only configure part of features of a TD on > +``KVM_TDX_INIT_VM`` command of VM scope ``MEMORY_ENCRYPT_OP`` ioctl. > + > +The configurable features have three types: > + > +- Attributes: > + - PKS (bit 30) controls whether Supervisor Protection Keys is exposed to TD, > + which determines related CPUID bit and CR4 bit; > + - PERFMON (bit 63) controls whether PMU is exposed to TD. > + > +- XSAVE related features (XFAM): > + XFAM is a 64b mask, which has the same format as XCR0 or IA32_XSS MSR. It > + determines the set of extended features available for use by the guest TD. > + > +- CPUID features: > + Only some bits of some CPUID leaves are directly configurable by VMM. > + > +What features can be configured is reported via TDX capabilities. > + > +TDX capabilities > +~~~~~~~~~~~~~~~~ > + > +The VM scope ``MEMORY_ENCRYPT_OP`` ioctl provides command ``KVM_TDX_CAPABILITIES`` > +to get the TDX capabilities from KVM. It returns a data structure of > +``struct kvm_tdx_capabilites``, which tells the supported configuration of > +attributes, XFAM and CPUIDs. > + > +Launching a TD (TDX VM) > +----------------------- > + > +To launch a TDX guest: > + > +.. parsed-literal:: > + > + |qemu_system_x86| \\ > + -machine ...,confidential-guest-support=tdx0 \\ > + -object tdx-guest,id=tdx0 \\ > + -bios OVMF.fd \\ Don't we need kernel-irqchip=split? Or this patch series set it automatically? Thanks, > + > +Debugging > +--------- > + > +Bit 0 of TD attributes, is DEBUG bit, which decides if the TD runs in off-TD > +debug mode. When in off-TD debug mode, TD's VCPU state and private memory are > +accessible via given SEAMCALLs. This requires KVM to expose APIs to invoke those > +SEAMCALLs and resonponding QEMU change. > + > +It's targeted as future work. > + > +restrictions > +------------ > + > + - No readonly support for private memory; > + > + - No SMM support: SMM support requires manipulating the guset register states > + which is not allowed; > + > +Live Migration > +-------------- > + > +TODO > + > +References > +---------- > + > +- `TDX Homepage <https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html>`__ > diff --git a/docs/system/target-i386.rst b/docs/system/target-i386.rst > index 96bf54889a82..16dd4f1a8c80 100644 > --- a/docs/system/target-i386.rst > +++ b/docs/system/target-i386.rst > @@ -29,6 +29,7 @@ Architectural features > i386/kvm-pv > i386/sgx > i386/amd-memory-encryption > + i386/tdx > > .. _pcsys_005freq: > > -- > 2.27.0 > >
diff --git a/docs/system/confidential-guest-support.rst b/docs/system/confidential-guest-support.rst index 0c490dbda2b7..66129fbab64c 100644 --- a/docs/system/confidential-guest-support.rst +++ b/docs/system/confidential-guest-support.rst @@ -38,6 +38,7 @@ Supported mechanisms Currently supported confidential guest mechanisms are: * AMD Secure Encrypted Virtualization (SEV) (see :doc:`i386/amd-memory-encryption`) +* Intel Trust Domain Extension (TDX) (see :doc:`i386/tdx`) * POWER Protected Execution Facility (PEF) (see :ref:`power-papr-protected-execution-facility-pef`) * s390x Protected Virtualization (PV) (see :doc:`s390x/protvirt`) diff --git a/docs/system/i386/tdx.rst b/docs/system/i386/tdx.rst new file mode 100644 index 000000000000..96d91fea5516 --- /dev/null +++ b/docs/system/i386/tdx.rst @@ -0,0 +1,103 @@ +Intel Trusted Domain eXtension (TDX) +==================================== + +Intel Trusted Domain eXtensions (TDX) refers to an Intel technology that extends +Virtual Machine Extensions (VMX) and Multi-Key Total Memory Encryption (MKTME) +with a new kind of virtual machine guest called a Trust Domain (TD). A TD runs +in a CPU mode that is designed to protect the confidentiality of its memory +contents and its CPU state from any other software, including the hosting +Virtual Machine Monitor (VMM), unless explicitly shared by the TD itself. + +Prerequisites +------------- + +To run TD, the physical machine needs to have TDX module loaded and initialized +while KVM hypervisor has TDX support and has TDX enabled. If those requirements +are met, the ``KVM_CAP_VM_TYPES`` will report the support of ``KVM_X86_TDX_VM``. + +Trust Domain Virtual Firmware (TDVF) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Trust Domain Virtual Firmware (TDVF) is required to provide TD services to boot +TD Guest OS. TDVF needs to be copied to guest private memory and measured before +a TD boots. + +The VM scope ``MEMORY_ENCRYPT_OP`` ioctl provides command ``KVM_TDX_INIT_MEM_REGION`` +to copy the TDVF image to TD's private memory space. + +Since TDX doesn't support readonly memslot, TDVF cannot be mapped as pflash +device and it actually works as RAM. "-bios" option is chosen to load TDVF. + +OVMF is the opensource firmware that implements the TDVF support. Thus the +command line to specify and load TDVF is `-bios OVMF.fd` + +Feature Control +--------------- + +Unlike non-TDX VM, the CPU features (enumerated by CPU or MSR) of a TD is not +under full control of VMM. VMM can only configure part of features of a TD on +``KVM_TDX_INIT_VM`` command of VM scope ``MEMORY_ENCRYPT_OP`` ioctl. + +The configurable features have three types: + +- Attributes: + - PKS (bit 30) controls whether Supervisor Protection Keys is exposed to TD, + which determines related CPUID bit and CR4 bit; + - PERFMON (bit 63) controls whether PMU is exposed to TD. + +- XSAVE related features (XFAM): + XFAM is a 64b mask, which has the same format as XCR0 or IA32_XSS MSR. It + determines the set of extended features available for use by the guest TD. + +- CPUID features: + Only some bits of some CPUID leaves are directly configurable by VMM. + +What features can be configured is reported via TDX capabilities. + +TDX capabilities +~~~~~~~~~~~~~~~~ + +The VM scope ``MEMORY_ENCRYPT_OP`` ioctl provides command ``KVM_TDX_CAPABILITIES`` +to get the TDX capabilities from KVM. It returns a data structure of +``struct kvm_tdx_capabilites``, which tells the supported configuration of +attributes, XFAM and CPUIDs. + +Launching a TD (TDX VM) +----------------------- + +To launch a TDX guest: + +.. parsed-literal:: + + |qemu_system_x86| \\ + -machine ...,confidential-guest-support=tdx0 \\ + -object tdx-guest,id=tdx0 \\ + -bios OVMF.fd \\ + +Debugging +--------- + +Bit 0 of TD attributes, is DEBUG bit, which decides if the TD runs in off-TD +debug mode. When in off-TD debug mode, TD's VCPU state and private memory are +accessible via given SEAMCALLs. This requires KVM to expose APIs to invoke those +SEAMCALLs and resonponding QEMU change. + +It's targeted as future work. + +restrictions +------------ + + - No readonly support for private memory; + + - No SMM support: SMM support requires manipulating the guset register states + which is not allowed; + +Live Migration +-------------- + +TODO + +References +---------- + +- `TDX Homepage <https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html>`__ diff --git a/docs/system/target-i386.rst b/docs/system/target-i386.rst index 96bf54889a82..16dd4f1a8c80 100644 --- a/docs/system/target-i386.rst +++ b/docs/system/target-i386.rst @@ -29,6 +29,7 @@ Architectural features i386/kvm-pv i386/sgx i386/amd-memory-encryption + i386/tdx .. _pcsys_005freq:
Add docs/system/i386/tdx.rst for TDX support, and add tdx in confidential-guest-support.rst Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com> --- docs/system/confidential-guest-support.rst | 1 + docs/system/i386/tdx.rst | 103 +++++++++++++++++++++ docs/system/target-i386.rst | 1 + 3 files changed, 105 insertions(+) create mode 100644 docs/system/i386/tdx.rst