From nobody Sat May 18 14:54:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1692968028; cv=none; d=zohomail.com; s=zohoarc; b=VEz0MM17HXZSqIBNKM7Q0ne4oriSzGyVU0HU2kNOmbiKVev3tzkFe/FmBsvQ+QA8gSSrpAJXUPn/EtACsRdr6dEJBoGWszO0fV4j8Oa8krRFCZ0Nekr9D7uePEX2CHrEj4DfR7RccxZbMAmVi2MQP8sHQ01x2KDMSbC40hIZ25s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1692968028; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=cXPeGnqPf5D89rlNqduwqJGLMIzavAYSb/DkYwYUW5k=; b=jO96YdBivqybz7WAAzXDlS14mXyYfYCiYyo6NJG2j95Pr3t6NJmWuzx0NNLpQj2o/V0u2pocLgUsGsk8GWg7Ps6Usr4oOsJuHx5loGcgWYxYdI/UNYWw6xJgZvrBWtkz8KOB+ukBvVVoWZdKGXoiNE+A4s/H1Od2ip+/HiQ6PTM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1692968028164470.18941579189755; Fri, 25 Aug 2023 05:53:48 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-292-2GmefaadO-q_JogyVB3RJw-1; Fri, 25 Aug 2023 08:53:41 -0400 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 68513858EED; Fri, 25 Aug 2023 12:53:18 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 543DF492C13; Fri, 25 Aug 2023 12:53:18 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 1F17319465B3; Fri, 25 Aug 2023 12:53:08 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id E06B919465B5 for ; Fri, 25 Aug 2023 12:53:00 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id CF4302166B28; Fri, 25 Aug 2023 12:53:00 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.42.28.144]) by smtp.corp.redhat.com (Postfix) with ESMTP id 65E242166B26; Fri, 25 Aug 2023 12:53:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1692968027; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=cXPeGnqPf5D89rlNqduwqJGLMIzavAYSb/DkYwYUW5k=; b=bw/Bsl6RzSpSjJPWVFj7P8sKgaknKo4UPTxtgtO1WIXV/k7wko1cx12P7YdEypFK0m/bFq jdIYiVzjWg/uxfNl5E+J8vaA0KhYRRFv972monQrdG7BRhz6UIVN5hutVbsMDzTeWu6vBD 1bRWzt3IOO7bLKKtCfj82xuCmrq9Pps= X-MC-Unique: 2GmefaadO-q_JogyVB3RJw-1 X-Original-To: libvir-list@listman.corp.redhat.com From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 1/2] tools: fix handling of CPU family/model/stepping in SEV validation Date: Fri, 25 Aug 2023 13:52:57 +0100 Message-ID: <20230825125258.651285-2-berrange@redhat.com> In-Reply-To: <20230825125258.651285-1-berrange@redhat.com> References: <20230825125258.651285-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1692968029555100001 The SEV-ES boot measurement includes the initial CPU register state (VMSA) and one of the fields includes the CPU identification. When building a VMSA blob we get the CPU family/model/stepping from the host capabilities, however, the VMSA must reflect the guest CPU not host CPU. Thus using host capabilities is only when whe the guest has the 'host-passthrough' CPU mode active. With 'host-model' it is cannot be assumed host and guest match, because QEMU may not (yet) have a named CPU model for a given host CPU. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Erik Skultety Reviewed-by: Peter Krempa --- tools/virt-qemu-sev-validate | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/virt-qemu-sev-validate b/tools/virt-qemu-sev-validate index 209f19a4a8..c279741004 100755 --- a/tools/virt-qemu-sev-validate +++ b/tools/virt-qemu-sev-validate @@ -1054,6 +1054,11 @@ class LibvirtConfidentialVM(ConfidentialVM): raise InsecureUsageException( "Using CPU SKU from capabilities is not secure") =20 + mode =3D doc.xpath("/domain/cpu/@mode") + if mode !=3D "host-passthrough": + raise UnsupportedUsageException( + "Using CPU family/model/stepping from host not possibl= e unless 'host-passthrough' is used") + sig =3D capsdoc.xpath("/capabilities/host/cpu/signature") if len(sig) !=3D 1: raise UnsupportedUsageException( --=20 2.41.0 From nobody Sat May 18 14:54:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1692967997; cv=none; d=zohomail.com; s=zohoarc; b=ci+98zdHnpoytF43npCIccEQkKUULqcX36p6zJi6op9QBDhq3DEbmpnRUunyg5Z6b0tZyh8+EgriHkNBzZxRtyty42ogu9iKPD3SY/frX+jfaQfxPRp30AzfxSK5pm4ljXv43zHhkRBzUGZ5RqM55KRqQ1Crihj9xcDKYmA9s9k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1692967997; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=whKhAzDBepMQVlXIDplAgkFfqgE6T1gHxhrOGiO1gmg=; b=brTMhOfyUylBacqDj091/t4qvqt9f2T6yPFP1MboW6xgeFM3RnURqoJg1VomejekYng/NN0MHAbDi2sMj2Xze6qG0Hhn11WsIujYm1cKAyM9KTtb1w1WkUwfGDbJrqwpuZVIKHWyPjwlYD3mk5+cwVyUP4HEeDqKQ9FLO4RDyiM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1692967997285626.2504466329299; Fri, 25 Aug 2023 05:53:17 -0700 (PDT) Received: from mimecast-mx02.redhat.com (66.187.233.73 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-533-34ifsggZNJazdsbJWr-rwQ-1; Fri, 25 Aug 2023 08:53:10 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8713828004F7; Fri, 25 Aug 2023 12:53:08 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 744A3C1602E; Fri, 25 Aug 2023 12:53:08 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 226D019465B2; Fri, 25 Aug 2023 12:53:03 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id B5A891946A42 for ; Fri, 25 Aug 2023 12:53:01 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 7E36D2166B28; Fri, 25 Aug 2023 12:53:01 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.42.28.144]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0BB012166B26; Fri, 25 Aug 2023 12:53:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1692967996; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=whKhAzDBepMQVlXIDplAgkFfqgE6T1gHxhrOGiO1gmg=; b=TjtU9thnvQrH1TLWM0jlXNOHHwgwoM7LTVNYVdH3g2Xu4ZopniqKvroRDNYHjtjgVT8HMp nIoSQH16LwL0IkcYrslaBQMyc91c8ns15NlHkzvDItZJLs8Ct183u/IG23bGKI4JfQtzDs EB4M4IIv4H83kj/tICV3+2YfwIRizK0= X-MC-Unique: 34ifsggZNJazdsbJWr-rwQ-1 X-Original-To: libvir-list@listman.corp.redhat.com From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 2/2] tools: fix VMSA construction with explicit CPU family/model/stepping Date: Fri, 25 Aug 2023 13:52:58 +0100 Message-ID: <20230825125258.651285-3-berrange@redhat.com> In-Reply-To: <20230825125258.651285-1-berrange@redhat.com> References: <20230825125258.651285-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1692967999481100001 If the CPU family/model/stepping are provided on the command line, but the firmware is being automatically extracted from the libvirt guest, we try to build the VMSA too early. This leads to an exception trying to parse the firmware that has not been loaded yet. We must delay building the VMSA in that scenario. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Erik Skultety Reviewed-by: Peter Krempa --- tools/virt-qemu-sev-validate | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/tools/virt-qemu-sev-validate b/tools/virt-qemu-sev-validate index c279741004..67edbd085f 100755 --- a/tools/virt-qemu-sev-validate +++ b/tools/virt-qemu-sev-validate @@ -940,7 +940,7 @@ class LibvirtConfidentialVM(ConfidentialVM): "kernel/initrd/cmdline not provided but kernel " "measurement is enabled") =20 - def load_domain(self, uri, id_name_uuid, secure, ignore_config): + def load_domain(self, uri, id_name_uuid, build_vmsa, secure, ignore_co= nfig): self.conn =3D libvirt.open(uri) =20 remote =3D socket.getfqdn() !=3D self.conn.getHostname() @@ -1049,7 +1049,7 @@ class LibvirtConfidentialVM(ConfidentialVM): capsxml =3D self.conn.getCapabilities() capsdoc =3D etree.fromstring(capsxml) =20 - if self.is_sev_es() and self.vmsa_cpu0 is None: + if self.is_sev_es() and build_vmsa: if secure: raise InsecureUsageException( "Using CPU SKU from capabilities is not secure") @@ -1263,17 +1263,19 @@ def attest(args): if args.vmsa_cpu1 is not None: cvm.load_vmsa_cpu1(args.vmsa_cpu1) =20 - if args.cpu_family is not None: - cvm.build_vmsas(args.cpu_family, - args.cpu_model, - args.cpu_stepping) - if args.domain is not None: + build_vmsa =3D args.vmsa_cpu0 is None and args.cpu_family is None cvm.load_domain(args.connect, args.domain, + build_vmsa, not args.insecure, args.ignore_config) =20 + if args.cpu_family is not None: + cvm.build_vmsas(args.cpu_family, + args.cpu_model, + args.cpu_stepping) + cvm.attest() if not args.quiet: print("OK: Looks good to me") --=20 2.41.0