From nobody Mon May 20 16:32:55 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1696451739; cv=none; d=zohomail.com; s=zohoarc; b=Fg+L2vvT1MXzAVOWkTjhbHbjKkc+46CkdFVDri9tg9z2mt1ZEhm5nXrBn/UFqJMXIlXGADof8S9dF9y4YR5ktTzbk6s/V+JLpbowQ7Ifq6fZ1ZjyQRlCxChE3Eroif6SGeb47DGTXgYAmFXfg/EhqSKbeCW5WVgHdfP/P+kBVZs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1696451739; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=gY0kQDX7B48qQXt1ECYc+xk6dihwe6NmbzvrGlL5xrU=; b=EZVrOlnW4U4KWg35k17B1RnRKDWWv8nkdcWmhqw29Nu46VoHrin5LsbIEkm0IRUKJRbFr/hljjWGZ6f9tDE9jveNGthfSXx7B2Lp0yn68155MOoVY8/mOuarpB0H4XiF2zCMUDXIVy4s5pTFdy2zPAt1Xk+bSf3v6Hme1GwYOY8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1696451739685418.4611973464639; Wed, 4 Oct 2023 13:35:39 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qo8aF-0004Qi-9e; Wed, 04 Oct 2023 16:35:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8aD-0004Q0-A3 for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:35:01 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8a3-000207-4t for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:35:01 -0400 Received: from mail-qv1-f71.google.com (mail-qv1-f71.google.com [209.85.219.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-408-sEG0ejdsOwa7U80KEGPT8Q-1; Wed, 04 Oct 2023 16:34:34 -0400 Received: by mail-qv1-f71.google.com with SMTP id 6a1803df08f44-65afd7597baso1802776d6.2 for ; Wed, 04 Oct 2023 13:34:34 -0700 (PDT) Received: from fedora.redhat.com ([2600:4040:7c46:e800:32a2:d966:1af4:8863]) by smtp.gmail.com with ESMTPSA id i19-20020a0cf393000000b00632209f7157sm1561387qvk.143.2023.10.04.13.34.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Oct 2023 13:34:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696451690; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gY0kQDX7B48qQXt1ECYc+xk6dihwe6NmbzvrGlL5xrU=; b=I6mk9hNX1GPHXsskwdUuj4jR4+RttPh17aEO45g8MLO9dZM7oVrqRxr4wRz6rcIn/9Zg0X C1MiYmnNA87bOW3G59mRqZyRefARdMfRjGAORs2o9kIXl/4o8N7R9b09NBogcLBL4dU0+U yBDgHyVwu2YI8elcDqshLgPz7SKadyQ= X-MC-Unique: sEG0ejdsOwa7U80KEGPT8Q-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696451673; x=1697056473; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gY0kQDX7B48qQXt1ECYc+xk6dihwe6NmbzvrGlL5xrU=; b=G6KWRj3mi85vsv2TfVHhBFGOBYIONQ7VGO1ctCbAKIcGlLpbAvrqT3vzqQ3ej9WEOh 2IhuLkIH+b73A+QVc/pbYnOOr2Ip604z8EWgsN+N8i1B34JOmtufpAlGaZyStUhO8DJD i70Qhmj1+10sefm0pgmD0HenvxDXWf6gKnfYhv9IHy6xTPqMQnajSASKREixhbOaxZy6 1OdEgz39PM3B+yx1rJOJQlVekPZHHJCnztA6Bvoz5TDoF38xNWxYsLwtPGafVYn2eVOV frXwMZxxUUweEAigxKueck59J6z8Fvn000ZStTe+3eXFkJmMerb5PZxc68NCdJ+oL+BS zIwA== X-Gm-Message-State: AOJu0YyKz+re223X7dKpfcqTn2mOAvq6VuglC9ZEemku/aTZytqVJka1 PzahRGe68dr9A2orUYehEPNzgjY2FhI8kn8invQ+GZoGJ4AS/Y9Uy84Fyy541W9Ps5xUDbF9I1I os0Dz98oeYkChpkyiIy5i8g7I0qqYTKQ4zNb27hCiHfmXCPhag6NGyrfM3PMyr31EaY4ffFoUsc NsZQ== X-Received: by 2002:ad4:5807:0:b0:658:d8ec:c036 with SMTP id dd7-20020ad45807000000b00658d8ecc036mr3340325qvb.3.1696451672921; Wed, 04 Oct 2023 13:34:32 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGLS/2M2j2jhNeWk2DQUBwSbc2dZiGDVeOsckki27Hnjw2MW4WyXoj41E3N51+KbU07IsDysQ== X-Received: by 2002:ad4:5807:0:b0:658:d8ec:c036 with SMTP id dd7-20020ad45807000000b00658d8ecc036mr3340309qvb.3.1696451672628; Wed, 04 Oct 2023 13:34:32 -0700 (PDT) From: Tyler Fanelli To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, mtosatti@redhat.com, stefanha@redhat.com, philmd@linaro.org, berrange@redhat.com, marcandre.lureau@gmail.com, Tyler Fanelli Subject: [RFC PATCH v2 1/9] Add Rust SEV library as subproject Date: Wed, 4 Oct 2023 16:34:10 -0400 Message-Id: <20231004203418.56508-2-tfanelli@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231004203418.56508-1-tfanelli@redhat.com> References: <20231004203418.56508-1-tfanelli@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=tfanelli@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1696451740353100015 Content-Type: text/plain; charset="utf-8" The Rust sev library provides a C API for the AMD SEV launch ioctls, as well as the ability to build with meson. Add the Rust sev library as a QEMU subproject with the goal of outsourcing all SEV launch ioctls to C APIs provided by it. Signed-off-by: Tyler Fanelli --- meson.build | 8 ++++++++ meson_options.txt | 2 ++ scripts/meson-buildoptions.sh | 3 +++ subprojects/sev.wrap | 6 ++++++ target/i386/meson.build | 2 +- 5 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 subprojects/sev.wrap diff --git a/meson.build b/meson.build index 20ceeb8158..8a17c29de8 100644 --- a/meson.build +++ b/meson.build @@ -960,6 +960,13 @@ if not get_option('slirp').auto() or have_system endif endif =20 +sev =3D not_found +if not get_option('sev').auto() + sev =3D dependency('sev', + method: 'pkg-config', + required: get_option('sev')) +endif + vde =3D not_found if not get_option('vde').auto() or have_system or have_tools vde =3D cc.find_library('vdeplug', has_headers: ['libvdeplug.h'], @@ -4331,6 +4338,7 @@ summary_info +=3D {'libudev': libudev} # Dummy dependency, keep .found() summary_info +=3D {'FUSE lseek': fuse_lseek.found()} summary_info +=3D {'selinux': selinux} +summary_info +=3D {'sev': sev} summary_info +=3D {'libdw': libdw} summary(summary_info, bool_yn: true, section: 'Dependencies') =20 diff --git a/meson_options.txt b/meson_options.txt index 57e265c871..5b8d283717 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -204,6 +204,8 @@ option('sdl_image', type : 'feature', value : 'auto', description: 'SDL Image support for icons') option('seccomp', type : 'feature', value : 'auto', description: 'seccomp support') +option('sev', type : 'feature', value : 'auto', + description: 'Rust AMD SEV library') option('smartcard', type : 'feature', value : 'auto', description: 'CA smartcard emulation support') option('snappy', type : 'feature', value : 'auto', diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh index e4b46d5715..e585a548fa 100644 --- a/scripts/meson-buildoptions.sh +++ b/scripts/meson-buildoptions.sh @@ -161,6 +161,7 @@ meson_options_help() { printf "%s\n" ' sdl-image SDL Image support for icons' printf "%s\n" ' seccomp seccomp support' printf "%s\n" ' selinux SELinux support in qemu-nbd' + printf "%s\n" ' sev SEV library support' printf "%s\n" ' slirp libslirp user mode network backend supp= ort' printf "%s\n" ' slirp-smbd use smbd (at path --smbd=3D*) in slirp = networking' printf "%s\n" ' smartcard CA smartcard emulation support' @@ -440,6 +441,8 @@ _meson_option_parse() { --disable-seccomp) printf "%s" -Dseccomp=3Ddisabled ;; --enable-selinux) printf "%s" -Dselinux=3Denabled ;; --disable-selinux) printf "%s" -Dselinux=3Ddisabled ;; + --enable-sev) printf "%s" -Dsev=3Denabled ;; + --disable-sev) printf "%s" -Dsev=3Ddisabled ;; --enable-slirp) printf "%s" -Dslirp=3Denabled ;; --disable-slirp) printf "%s" -Dslirp=3Ddisabled ;; --enable-slirp-smbd) printf "%s" -Dslirp_smbd=3Denabled ;; diff --git a/subprojects/sev.wrap b/subprojects/sev.wrap new file mode 100644 index 0000000000..5be1faccf6 --- /dev/null +++ b/subprojects/sev.wrap @@ -0,0 +1,6 @@ +[wrap-git] +url =3D https://github.com/tylerfanelli/sev +revision =3D b81b1da5df50055600a5b0349b0c4afda677cccb + +[provide] +sev =3D sev_dep diff --git a/target/i386/meson.build b/target/i386/meson.build index 6f1036d469..8972a4fb17 100644 --- a/target/i386/meson.build +++ b/target/i386/meson.build @@ -20,7 +20,7 @@ i386_system_ss.add(files( 'monitor.c', 'cpu-sysemu.c', )) -i386_system_ss.add(when: 'CONFIG_SEV', if_true: files('sev.c'), if_false: = files('sev-sysemu-stub.c')) +i386_system_ss.add(when: 'CONFIG_SEV', if_true: [sev, files('sev.c')], if_= false: files('sev-sysemu-stub.c')) =20 i386_user_ss =3D ss.source_set() =20 --=20 2.40.1 From nobody Mon May 20 16:32:55 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1696451789; cv=none; d=zohomail.com; s=zohoarc; b=czXujoPDhyshq+VbLVIj0wlvXPjSbYGrDDtVbZNm80ttWLFPQNyR0bfF+AbNyk6eCkN8EGhFYhCRsJdK6nHIYZ0VcPpKiHCqLN95jBqZLYo+TvZHyEUGXu7v/oGX5v57+jrMpybu5EZq08SG9oZ7+x3re9wZH1VzoQT3Eq/Xxzw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1696451789; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=scWxnwDjrmK6aQsu5oW07E6oYDERanbs9KZaHEKVF9Q=; b=Bqz+UbkOZSEDSuMPmzhx/gC8Sj5r7TZ2Lnp6c9bYE9KA8oIvL/H1SXFwRJiTT2OrKh2MxRWv3UqNFplF1LJGFiRbOAGE09z6GJVrlVKm/VzocH6Hs+xZ0IGemz++qq+HDmDmARqXIEkQPjj1fMlaMmjX0zdIE11bfHL64nONdu4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1696451788835316.67719431412024; Wed, 4 Oct 2023 13:36:28 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qo8aA-0004Of-Th; Wed, 04 Oct 2023 16:34:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8a8-0004NR-6R for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:34:56 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8Zs-0001y0-T2 for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:34:55 -0400 Received: from mail-oa1-f70.google.com (mail-oa1-f70.google.com [209.85.160.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-110-mdcUPKDJPF6as3bQkhSHOg-1; Wed, 04 Oct 2023 16:34:38 -0400 Received: by mail-oa1-f70.google.com with SMTP id 586e51a60fabf-1d6fdbe39c8so213301fac.2 for ; Wed, 04 Oct 2023 13:34:37 -0700 (PDT) Received: from fedora.redhat.com ([2600:4040:7c46:e800:32a2:d966:1af4:8863]) by smtp.gmail.com with ESMTPSA id i19-20020a0cf393000000b00632209f7157sm1561387qvk.143.2023.10.04.13.34.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Oct 2023 13:34:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696451679; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=scWxnwDjrmK6aQsu5oW07E6oYDERanbs9KZaHEKVF9Q=; b=Cnk7DlyRPIgb74jKcrMTD6ujV49jGLNobz2faqwmTzM6Tib/6mnEwVX7nQEPLpxrq69c37 1jVabvHFAh/xPNGx3R2Dj8Ast5Fv9QhWXXhZvZt3tpZsC9x+Q9LmhgODBgZDBxHgSH5IlZ xOm3d6rG7M6fOidpFUeYlYHowTSoip8= X-MC-Unique: mdcUPKDJPF6as3bQkhSHOg-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696451676; x=1697056476; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=scWxnwDjrmK6aQsu5oW07E6oYDERanbs9KZaHEKVF9Q=; b=NyGr2IAXDkq4HsnebFZNstyGR4cIFg4I756XELcKdogIzhFiQxtGhsyefL5HgA/Hxq 90bBxksRdVxK23RBxAWWkRGLPze3aw1NlohNHXydj8sK9ksyhVVUz+/PFGmzK5vGyyDa 6+8LvhLcrZNoTM9wuuxEWnTa172BvhAjNockz+P7dHIUQWQP4BuFglrF6QMzCo0IgLTV 7qvTrVQsJg9NZswe+XXp7T/bSrdSv3gQ42kogGbsH7ytVGuOE885GMXRc3MzN2Fy4BQb vsPJjk1K8RSVbMQ3fqB9cUwRVvHceX/8/+HKN1UusrLFarIZwUc7Bavsx4AuVEfKOLiU SBxQ== X-Gm-Message-State: AOJu0YynbdHU6O7p9PageGx0J3gp+FmKDLfh03Rg5oddjNclLbdXB1tL 9wws1ihg78gNknCI2AEm0kCayP56WicgImC4yDz3qiF0XY9oLuFvf9uFF1hJX4kKFWS5J7tuSEJ N7OMF4CJWOS+JiMLhLVUrML0PMFh0i/9quYqzBA5j7GpFq3FtRFf0NkHvTpwM5G2vW353K1WBUa lOzQ== X-Received: by 2002:a05:6870:9721:b0:1d6:5fb5:1541 with SMTP id n33-20020a056870972100b001d65fb51541mr3936365oaq.35.1696451676265; Wed, 04 Oct 2023 13:34:36 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFHkG66hlImlPuhBj44N4kcOXd4S1W1Eh3/u73GUVcqVO8TBPTnqTHpTcNXI/SViEsCq+3CpA== X-Received: by 2002:a05:6870:9721:b0:1d6:5fb5:1541 with SMTP id n33-20020a056870972100b001d65fb51541mr3936341oaq.35.1696451675855; Wed, 04 Oct 2023 13:34:35 -0700 (PDT) From: Tyler Fanelli To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, mtosatti@redhat.com, stefanha@redhat.com, philmd@linaro.org, berrange@redhat.com, marcandre.lureau@gmail.com, Tyler Fanelli Subject: [RFC PATCH v2 2/9] i386/sev: Replace INIT and ES_INIT ioctls with sev library equivalents Date: Wed, 4 Oct 2023 16:34:11 -0400 Message-Id: <20231004203418.56508-3-tfanelli@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231004203418.56508-1-tfanelli@redhat.com> References: <20231004203418.56508-1-tfanelli@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=tfanelli@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1696451791148100003 Content-Type: text/plain; charset="utf-8" The sev library offers APIs for SEV_INIT and SEV_ES_INIT, both taking the file descriptors of the encrypting VM and /dev/sev as input. If this API ioctl call fails, fw_error will be set accordingly. Signed-off-by: Tyler Fanelli --- target/i386/sev.c | 14 +++++++++----- target/i386/trace-events | 1 + 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index fe2144c038..97388f5fa2 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -18,6 +18,8 @@ =20 #include =20 +#include + #include "qapi/error.h" #include "qom/object_interfaces.h" #include "qemu/base64.h" @@ -27,6 +29,7 @@ #include "crypto/hash.h" #include "sysemu/kvm.h" #include "sev.h" +#include "sysemu/kvm_int.h" #include "sysemu/sysemu.h" #include "sysemu/runstate.h" #include "trace.h" @@ -911,10 +914,11 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error= **errp) SevGuestState *sev =3D (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUE= ST); char *devname; - int ret, fw_error, cmd; + int ret, fw_error; uint32_t ebx; uint32_t host_cbitpos; struct sev_user_data_status status =3D {}; + KVMState *s =3D kvm_state; =20 if (!sev) { return 0; @@ -990,13 +994,13 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error= **errp) __func__); goto err; } - cmd =3D KVM_SEV_ES_INIT; + trace_kvm_sev_es_init(); + ret =3D sev_es_init(s->vmfd, sev->sev_fd, &fw_error); } else { - cmd =3D KVM_SEV_INIT; + trace_kvm_sev_init(); + ret =3D sev_init(s->vmfd, sev->sev_fd, &fw_error); } =20 - trace_kvm_sev_init(); - ret =3D sev_ioctl(sev->sev_fd, cmd, NULL, &fw_error); if (ret) { error_setg(errp, "%s: failed to initialize ret=3D%d fw_error=3D%d = '%s'", __func__, ret, fw_error, fw_error_to_str(fw_error)); diff --git a/target/i386/trace-events b/target/i386/trace-events index 2cd8726eeb..2dca4ee117 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -2,6 +2,7 @@ =20 # sev.c kvm_sev_init(void) "" +kvm_sev_es_init(void) "" kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%zx" kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%zx" kvm_sev_change_state(const char *old, const char *new) "%s -> %s" --=20 2.40.1 From nobody Mon May 20 16:32:55 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1696451737; cv=none; d=zohomail.com; s=zohoarc; b=KwakElmfPrnYeDt2aec5BYuR26qWrDiDbvgrpXpphacHYmnHShqIRrkbfPJ8O/UeHKABnCjpeFbZyUUEzz242xoanr059Ix2ryMWN+exBlB+rzjyVOwC0VYMDZRPnRVpBdxBUZwH1pHlZhJKojiFnjGbqMDo1VA2og5QkFRr7EQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1696451737; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=KBzjprgJ1bZ7gzci2vd9rFrED9M9PnaSbeaupz96L54=; b=WiliUMCb1bxdbLdkR1tt0DPeDBT4HEAv7dE+pbSlH+9YFH7cT6sZN3EqO3QaanOxYZkeN3eJyAegYbsvGvN/qbyhUBLbFU3xxcgvq/g9RfSiY71PF/NDjlEonhsTuVCka10zUNfqQGxoImN4Y1I0c3y6tUvznKA0jScDMSrI4Ds= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1696451737809565.8785590398394; Wed, 4 Oct 2023 13:35:37 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qo8a0-0004Lt-P1; Wed, 04 Oct 2023 16:34:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8Zw-0004EI-3P for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:34:44 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8Zu-0001yQ-MM for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:34:43 -0400 Received: from mail-ot1-f72.google.com (mail-ot1-f72.google.com [209.85.210.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-34-lboOQWJpOIyfJGiBgYD7hw-1; Wed, 04 Oct 2023 16:34:40 -0400 Received: by mail-ot1-f72.google.com with SMTP id 46e09a7af769-6c4b9cab821so302162a34.0 for ; Wed, 04 Oct 2023 13:34:40 -0700 (PDT) Received: from fedora.redhat.com ([2600:4040:7c46:e800:32a2:d966:1af4:8863]) by smtp.gmail.com with ESMTPSA id i19-20020a0cf393000000b00632209f7157sm1561387qvk.143.2023.10.04.13.34.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Oct 2023 13:34:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696451682; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KBzjprgJ1bZ7gzci2vd9rFrED9M9PnaSbeaupz96L54=; b=L6pxQkqEPz1NI7aNbNlPaVUMqpfmleVosoGcIf4/3ikiNPKnQQOS1xu1jL5JqEhE+GGOwF qm/VJnMBPvNTkTg7leSn6g/yjhYV51bXbXJdJfbjPlYYdoRixTsk9aFRQOuwGqOKAmBcHZ CcO7lbsk8uk6GV6wME1XVCC1dis6R+k= X-MC-Unique: lboOQWJpOIyfJGiBgYD7hw-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696451679; x=1697056479; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KBzjprgJ1bZ7gzci2vd9rFrED9M9PnaSbeaupz96L54=; b=ob4msvscDZRpwYR8rOzcy0V3auFXXvYb/4tr/tuZXxP8tPiRFGjebCArnP+qIgbk6A YHuS12NdaEiknkbgZ4Z4mMwK9eDMOCqPtLkOmM1F2tbpTE887h6IFWuvU/2bqKQ4NLvv gMFXIkEszctUb9YBQGTuamsVZCbmbvatmSUg2L8nmNRD6s2FPlNhh1jKZIKznTtiyVOj +IxREGPmtx1E90YuzxhGzVUq780efgf68ENPh4gDePI6NaHmQnU8ZxpQT2A4tnea2Nyl EbW8gfF1tKA9qdQjZv2r7pbYANk0y/3YVk5TuhONx8IZPhTMVncCHo552vkIZJVs03YA 6luQ== X-Gm-Message-State: AOJu0YwZkpSUUtvdEfjHnTBCHFcN6RltcZQo1g78gldOznnKKBDCCgtE 7cXeluWsncucRsgfGHuZg0W7a1BPvrTWrGzA9trzi3CCx5b4ytLjrEZoCuHxMd+CsYKak4swT7u toX/sDiw9SY7gtDp+50ztorehI6s7oR1f3JC6j+9xkM2AlwUQ+/EiaifCCzRD2FP3mD5WYWJ39t o2QA== X-Received: by 2002:a05:6870:14c1:b0:1bf:df47:7b5e with SMTP id l1-20020a05687014c100b001bfdf477b5emr3544949oab.16.1696451679022; Wed, 04 Oct 2023 13:34:39 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHlKbVSN/WBQbVgm/vd4fX99HW52s2CGCZ88USgdfqrUkt8aOB40SROFbOgm/aW6SrrWUCpmg== X-Received: by 2002:a05:6870:14c1:b0:1bf:df47:7b5e with SMTP id l1-20020a05687014c100b001bfdf477b5emr3544931oab.16.1696451678713; Wed, 04 Oct 2023 13:34:38 -0700 (PDT) From: Tyler Fanelli To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, mtosatti@redhat.com, stefanha@redhat.com, philmd@linaro.org, berrange@redhat.com, marcandre.lureau@gmail.com, Tyler Fanelli Subject: [RFC PATCH v2 3/9] i386/sev: Replace LAUNCH_START ioctl with sev library equivalent Date: Wed, 4 Oct 2023 16:34:12 -0400 Message-Id: <20231004203418.56508-4-tfanelli@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231004203418.56508-1-tfanelli@redhat.com> References: <20231004203418.56508-1-tfanelli@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=tfanelli@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -5 X-Spam_score: -0.6 X-Spam_bar: / X-Spam_report: (-0.6 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_SORBS_WEB=1.5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1696451738426100003 Content-Type: text/plain; charset="utf-8" The sev library offers an equivalent API for SEV_LAUNCH_START. The library contains some internal state for each VM it's currently running, and organizes the internal state for each VM via it's file descriptor. Therefore, the VM's file descriptor must be provided as input. If this API ioctl call fails, fw_error will be set accordingly. Signed-off-by: Tyler Fanelli --- target/i386/sev.c | 80 ++++++++++++++++++----------------------------- 1 file changed, 30 insertions(+), 50 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 97388f5fa2..4c888fa77f 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -715,51 +715,6 @@ sev_read_file_base64(const char *filename, guchar **da= ta, gsize *len) return 0; } =20 -static int -sev_launch_start(SevGuestState *sev) -{ - gsize sz; - int ret =3D 1; - int fw_error, rc; - struct kvm_sev_launch_start start =3D { - .handle =3D sev->handle, .policy =3D sev->policy - }; - guchar *session =3D NULL, *dh_cert =3D NULL; - - if (sev->session_file) { - if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) { - goto out; - } - start.session_uaddr =3D (unsigned long)session; - start.session_len =3D sz; - } - - if (sev->dh_cert_file) { - if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) { - goto out; - } - start.dh_uaddr =3D (unsigned long)dh_cert; - start.dh_len =3D sz; - } - - trace_kvm_sev_launch_start(start.policy, session, dh_cert); - rc =3D sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_START, &start, &fw_error); - if (rc < 0) { - error_report("%s: LAUNCH_START ret=3D%d fw_error=3D%d '%s'", - __func__, ret, fw_error, fw_error_to_str(fw_error)); - goto out; - } - - sev_set_guest_state(sev, SEV_STATE_LAUNCH_UPDATE); - sev->handle =3D start.handle; - ret =3D 0; - -out: - g_free(session); - g_free(dh_cert); - return ret; -} - static int sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) { @@ -913,11 +868,13 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error= **errp) { SevGuestState *sev =3D (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUE= ST); + gsize sz; char *devname; - int ret, fw_error; + int ret =3D -1, fw_error; uint32_t ebx; uint32_t host_cbitpos; struct sev_user_data_status status =3D {}; + guchar *session =3D NULL, *dh_cert =3D NULL; KVMState *s =3D kvm_state; =20 if (!sev) { @@ -1007,23 +964,46 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Erro= r **errp) goto err; } =20 - ret =3D sev_launch_start(sev); + if (!sev->session_file || !sev->dh_cert_file) { + goto err; + } + + if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) { + goto err; + } + + if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) { + goto err; + } + + ret =3D sev_launch_start(s->vmfd, sev->policy, (void *) dh_cert, + (void *) session, &fw_error); if (ret) { - error_setg(errp, "%s: failed to create encryption context", __func= __); + error_setg(errp, "%s: LAUNCH_START ret=3D%d fw_error=3D%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); goto err; } =20 + sev_set_guest_state(sev, SEV_STATE_LAUNCH_UPDATE); + ram_block_notifier_add(&sev_ram_notifier); qemu_add_machine_init_done_notifier(&sev_machine_done_notify); qemu_add_vm_change_state_handler(sev_vm_state_change, sev); =20 cgs->ready =3D true; =20 - return 0; + ret =3D 0; + goto out; + err: sev_guest =3D NULL; ram_block_discard_disable(false); - return -1; +out: + g_free(session); + g_free(dh_cert); + + return ret; + } =20 int --=20 2.40.1 From nobody Mon May 20 16:32:55 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1696451784; cv=none; d=zohomail.com; s=zohoarc; b=MN85zvj92UEe6YXFAd2I3cHmfUzLCC4eQYcn+sT72lOT4I/Ux44jQ04/fp9Nh0LY2tIzHWxzwWEiStOcM5ZN7E5DGCPRc/yhUR8aOoZfqtbG3ifhM8ana+pOEvQw+pAgcZ21bmmJnljyD/V0lvmFgUaYeVBeFzQffxh1AMi+/x4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1696451784; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=otx00toCbl4WuO6Wk0uUrBjrbYfmsKzeXoKLEHMJPHg=; b=JTJXE7BLgMjnKhKg/ZRJvMHjuCqxScH+CzQgcI0YLXC6rqms02ASIfgcdA3r027uoLW9YyFHk6ZgIE86UgrogYd9sv8vm23rBtgd8xsppo24XbtcLwt+QVqq6xNjydKkp2JohaRpuGkS9iGqdrxW54/LYQ9KbsRu84cf65dyJ3w= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1696451784598946.4498466010376; Wed, 4 Oct 2023 13:36:24 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qo8a7-0004NK-2w; Wed, 04 Oct 2023 16:34:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8a3-0004MZ-Rm for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:34:51 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8a2-0001zn-0z for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:34:51 -0400 Received: from mail-oi1-f198.google.com (mail-oi1-f198.google.com [209.85.167.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-230-MFNCKBAfM3KVnTAj5snV7A-1; Wed, 04 Oct 2023 16:34:43 -0400 Received: by mail-oi1-f198.google.com with SMTP id 5614622812f47-3ae4cefdee5so596722b6e.0 for ; Wed, 04 Oct 2023 13:34:42 -0700 (PDT) Received: from fedora.redhat.com ([2600:4040:7c46:e800:32a2:d966:1af4:8863]) by smtp.gmail.com with ESMTPSA id i19-20020a0cf393000000b00632209f7157sm1561387qvk.143.2023.10.04.13.34.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Oct 2023 13:34:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696451689; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=otx00toCbl4WuO6Wk0uUrBjrbYfmsKzeXoKLEHMJPHg=; b=a5zQ9tq/1iRjlDDpQSxbBkDY0Bj7F1wzVOdAPnfibWWlkZjZ2w/85OTnb2EHtPSBUpgnPz 1qvOCJ+yRcFtBKpnw93OGEbyCIrUKfEUs6+EyD3xTHwZpQg7vi/YZ/cbBF3EvKWdJmVWo8 GIxlbt9UQfg4Q+cL9UachDw44epzQr0= X-MC-Unique: MFNCKBAfM3KVnTAj5snV7A-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696451681; x=1697056481; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=otx00toCbl4WuO6Wk0uUrBjrbYfmsKzeXoKLEHMJPHg=; b=W2R95gEWV5SOk3fnhjikaecpZsDyBpoChpXwj9ZxIzh/eo6VZfxrC7nNOP5EUe8XV+ qSFLGj/tz77LPMAys1Ks0HZtBDkPoJh78hAkke4J8ct/QyuvD185/XynaYGgy6Kyhier E8x0WXGYJQGu41Cl5kTnpNnt/d+ek2AfFk2Yscav9Klm/wkyAATFUMX/FczbM2PpPirm 6Tbp5bC4lpQB+a0Hne+PBIepHrKY+b1n3euVPasa4K5JEFWL4jFwXhcJIi+SAPJA9uX5 HbWgkxrdzmD/2NReFJLn7qhecoG+uQj3hJkF+IcgRofswvLU9UlHoDfv6jyWp5T9JcyW Hprg== X-Gm-Message-State: AOJu0YxfJ3OuDkTwfSAcwnYpupYSUFEhyUEKCRK2iBpUrTL0REDpYWWM 2vzd4uuhyeU0yV19FmPfuW8cIXmjADLshAMXd1hO/T/DzfZOJ1tDOoTQY03bjsn/VFVpH32reLf 7NZQ7WPdyQ8N0EfarbXJoc0AB+zQ4DuwmrHB7S3OIKjeLospzIXOvDK3a8Y+05XdqiJPNWGt/4w c4SA== X-Received: by 2002:a05:6808:2187:b0:3a1:bfda:c6d2 with SMTP id be7-20020a056808218700b003a1bfdac6d2mr4219537oib.11.1696451681348; Wed, 04 Oct 2023 13:34:41 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHho/hqSZH+PCWkEUA+V9tqsuhmgyRGhyZkhOzhJR+GadG7zZubCkJz1cG5zkR6u3UqBbZlWw== X-Received: by 2002:a05:6808:2187:b0:3a1:bfda:c6d2 with SMTP id be7-20020a056808218700b003a1bfdac6d2mr4219521oib.11.1696451681040; Wed, 04 Oct 2023 13:34:41 -0700 (PDT) From: Tyler Fanelli To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, mtosatti@redhat.com, stefanha@redhat.com, philmd@linaro.org, berrange@redhat.com, marcandre.lureau@gmail.com, Tyler Fanelli Subject: [RFC PATCH v2 4/9] i386/sev: Replace UPDATE_DATA ioctl with sev library equivalent Date: Wed, 4 Oct 2023 16:34:13 -0400 Message-Id: <20231004203418.56508-5-tfanelli@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231004203418.56508-1-tfanelli@redhat.com> References: <20231004203418.56508-1-tfanelli@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=tfanelli@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1696451785058100001 Content-Type: text/plain; charset="utf-8" UPDATE_DATA takes the VM's file descriptor, a guest memory region to be encrypted, as well as the size of the aforementioned guest memory region. If this API ioctl call fails, fw_error will be set accordingly. Signed-off-by: Tyler Fanelli --- target/i386/sev.c | 31 ++++++------------------------- 1 file changed, 6 insertions(+), 25 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 4c888fa77f..73d3820364 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -715,29 +715,6 @@ sev_read_file_base64(const char *filename, guchar **da= ta, gsize *len) return 0; } =20 -static int -sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) -{ - int ret, fw_error; - struct kvm_sev_launch_update_data update; - - if (!addr || !len) { - return 1; - } - - update.uaddr =3D (__u64)(unsigned long)addr; - update.len =3D len; - trace_kvm_sev_launch_update_data(addr, len); - ret =3D sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, - &update, &fw_error); - if (ret) { - error_report("%s: LAUNCH_UPDATE ret=3D%d fw_error=3D%d '%s'", - __func__, ret, fw_error, fw_error_to_str(fw_error)); - } - - return ret; -} - static int sev_launch_update_vmsa(SevGuestState *sev) { @@ -1009,15 +986,19 @@ out: int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) { + KVMState *s =3D kvm_state; + int fw_error; + if (!sev_guest) { return 0; } =20 /* if SEV is in update state then encrypt the data else do nothing */ if (sev_check_state(sev_guest, SEV_STATE_LAUNCH_UPDATE)) { - int ret =3D sev_launch_update_data(sev_guest, ptr, len); + int ret =3D sev_launch_update_data(s->vmfd, (__u64) ptr, len, &fw_= error); if (ret < 0) { - error_setg(errp, "SEV: Failed to encrypt pflash rom"); + error_setg(errp, "SEV: Failed to encrypt pflash rom fw_err=3D%= d", + fw_error); return ret; } } --=20 2.40.1 From nobody Mon May 20 16:32:55 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1696451737; cv=none; d=zohomail.com; s=zohoarc; b=mtz7Bt+r15z8M6z1CJsdcaB4AqeGeG7Fr+Lm7tBp7nWa5KOKx29vU7+axKT9pvsCojH2OsT0q26DBgx9TOFOUTEDziZKqZJ1G8ho6RrQbA0TSXAF0/EcJzohLicuNS5snTTDPR12wA5DNHvsEoNiSU6bdJiIto/NdqdVsJ8xtnU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1696451737; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=uNWpsxDSOTDlAAXKt/5aQAuznyKUCgqDD8DtB37PvfA=; b=Jd75iKWjLaeM5k1ch5POfWwObef8+YUdju2hOzdcHzfPzvpmDoN3HxBwvVga8xhn64PrMlQjNAR2yC9VBDkcugZ1L8aIjS8F7JX8XNDFgGHl5K0WfERD9h5H9gudnacbFNP5g5kpq46iDmXPz17fJYa2HGPushb+ZG1s1ZneGnI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1696451737640234.28393577726342; Wed, 4 Oct 2023 13:35:37 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qo8aC-0004Pg-Mv; Wed, 04 Oct 2023 16:35:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8a9-0004OA-Nv for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:34:57 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8a5-00020W-3d for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:34:57 -0400 Received: from mail-oi1-f199.google.com (mail-oi1-f199.google.com [209.85.167.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-98-N6lNKty6Mvmipe_pDTeMsg-1; Wed, 04 Oct 2023 16:34:45 -0400 Received: by mail-oi1-f199.google.com with SMTP id 5614622812f47-3af5b5d816aso490748b6e.3 for ; Wed, 04 Oct 2023 13:34:45 -0700 (PDT) Received: from fedora.redhat.com ([2600:4040:7c46:e800:32a2:d966:1af4:8863]) by smtp.gmail.com with ESMTPSA id i19-20020a0cf393000000b00632209f7157sm1561387qvk.143.2023.10.04.13.34.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Oct 2023 13:34:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696451691; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uNWpsxDSOTDlAAXKt/5aQAuznyKUCgqDD8DtB37PvfA=; b=gdOdP2kIL0EOtus1w4hZcj3f5xKcPg/mEnvKAK0+4IsEQMNCOFGt/T1nVbIlPZIjN65lRZ xIlf64xi2pg4zNCq3uTFnM3QwJXhkyphFLRG8Swvnkf5YYRI/Ijv8Ldt8wWepuGniuHnY9 GV5ta+n5L0MvTII5wb2lRoFHEjS8m1g= X-MC-Unique: N6lNKty6Mvmipe_pDTeMsg-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696451683; x=1697056483; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uNWpsxDSOTDlAAXKt/5aQAuznyKUCgqDD8DtB37PvfA=; b=CIkmcxL/uB7MK2msXFdRA2TRUDjxcMeBE49DS9F3a3xppv6x47u5El7jOstIAKc4aD rxdSdbCZE0ENQ5I+s+4OqQQsEC/nZbN6OsIlruhXAlGtkhDz4kfHGTZKVIkSNLVZB71H lat0oOonYkhhuu2K5J1RkBJZlxwvqtrYAJqRZtP+1S5W15ve8ubgSkVpbSkAmmIRN6mn tfoHZIRhJ9s93k+dQcrJnPFgy/NRxwH0THU8FlhsjqL0IlLFJbvFXnsMyvoB+DLYv+ec QMFoUaytekP6aWUVOeX8rc78gSrrZGhjeybRr+5C2UpT0RGVCRm16xE6ALWjmemMbq64 HSNQ== X-Gm-Message-State: AOJu0Yxvc17a0ML3Mzh+8MwHDLcIUiI9GzVrE+270Y8//k0Y0QSe9FSP RA1weVh+UjMrUUHXLUY2ECTQL5jTrlBVUzCqPjfOrI9Us4Es7oICFdSTmZ9pIg4GSq6QWfPEsfN +lJnLzN8cRLvuTxWNsO8gpNzAjwLCYE3etTFNiu7iAw1x+wvKg1W8jb0//Rof7cgKzGj7Sd2Nm7 8frw== X-Received: by 2002:a05:6870:4710:b0:1d5:cba4:a6f6 with SMTP id b16-20020a056870471000b001d5cba4a6f6mr4261521oaq.6.1696451683438; Wed, 04 Oct 2023 13:34:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFYKcCtoymYzzE6MGDmeJm/mFH/vx69u7ug7zg9WFg1JTXo5McnhTDEcFnelRQz2hCePJOjmg== X-Received: by 2002:a05:6870:4710:b0:1d5:cba4:a6f6 with SMTP id b16-20020a056870471000b001d5cba4a6f6mr4261496oaq.6.1696451683115; Wed, 04 Oct 2023 13:34:43 -0700 (PDT) From: Tyler Fanelli To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, mtosatti@redhat.com, stefanha@redhat.com, philmd@linaro.org, berrange@redhat.com, marcandre.lureau@gmail.com, Tyler Fanelli Subject: [RFC PATCH v2 5/9] i386/sev: Replace LAUNCH_UPDATE_VMSA ioctl with sev library equivalent Date: Wed, 4 Oct 2023 16:34:14 -0400 Message-Id: <20231004203418.56508-6-tfanelli@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231004203418.56508-1-tfanelli@redhat.com> References: <20231004203418.56508-1-tfanelli@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=tfanelli@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -5 X-Spam_score: -0.6 X-Spam_bar: / X-Spam_report: (-0.6 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_SORBS_WEB=1.5, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1696451738565100007 Content-Type: text/plain; charset="utf-8" The LAUNCH_UPDATE_VMSA API takes the VM's file descriptor, as well as a field for any firmware errors as input. If this API ioctl call fails, fw_error will be set accordingly. Signed-off-by: Tyler Fanelli --- target/i386/sev.c | 29 +++++++++-------------------- 1 file changed, 9 insertions(+), 20 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 73d3820364..a5bd1653ef 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -715,27 +715,14 @@ sev_read_file_base64(const char *filename, guchar **d= ata, gsize *len) return 0; } =20 -static int -sev_launch_update_vmsa(SevGuestState *sev) -{ - int ret, fw_error; - - ret =3D sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL, &fw_e= rror); - if (ret) { - error_report("%s: LAUNCH_UPDATE_VMSA ret=3D%d fw_error=3D%d '%s'", - __func__, ret, fw_error, fw_error_to_str(fw_error)); - } - - return ret; -} - static void sev_launch_get_measure(Notifier *notifier, void *unused) { SevGuestState *sev =3D sev_guest; - int ret, error; + int ret, fw_error; g_autofree guchar *data =3D NULL; struct kvm_sev_launch_measure measurement =3D {}; + KVMState *s =3D kvm_state; =20 if (!sev_check_state(sev, SEV_STATE_LAUNCH_UPDATE)) { return; @@ -743,18 +730,20 @@ sev_launch_get_measure(Notifier *notifier, void *unus= ed) =20 if (sev_es_enabled()) { /* measure all the VM save areas before getting launch_measure */ - ret =3D sev_launch_update_vmsa(sev); + ret =3D sev_launch_update_vmsa(s->vmfd, &fw_error); if (ret) { + error_report("%s: LAUNCH_UPDATE_VMSA ret=3D%d fw_error=3D%d '%= s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); exit(1); } } =20 /* query the measurement blob length */ ret =3D sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE, - &measurement, &error); + &measurement, &fw_error); if (!measurement.len) { error_report("%s: LAUNCH_MEASURE ret=3D%d fw_error=3D%d '%s'", - __func__, ret, error, fw_error_to_str(errno)); + __func__, ret, fw_error, fw_error_to_str(fw_error)); return; } =20 @@ -763,10 +752,10 @@ sev_launch_get_measure(Notifier *notifier, void *unus= ed) =20 /* get the measurement blob */ ret =3D sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE, - &measurement, &error); + &measurement, &fw_error); if (ret) { error_report("%s: LAUNCH_MEASURE ret=3D%d fw_error=3D%d '%s'", - __func__, ret, error, fw_error_to_str(errno)); + __func__, ret, fw_error, fw_error_to_str(fw_error)); return; } =20 --=20 2.40.1 From nobody Mon May 20 16:32:55 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1696451737; cv=none; d=zohomail.com; s=zohoarc; b=ZuTiTfqD6cjRk5J+cFcGFcumFqXZvSAARA32RKK2swbGQ8IzJwAQuSb029VOil29iHzSu8UGsIthLYqSfzM9ge+VGRsmVjeAGe2lJZsxn9Ht25fhlfmaMBwGKfnINN4vtsv3BqTa5hQBYdCWaxi52eKARt4C5WyQiv/ffAA75H0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1696451737; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=HmyiL+0Vk4O8wUU4c+YaK7cVCigjWlx+T3yj2O2AriQ=; b=l+NgoHcn73VioFmn8yvbX9hJhZTx2iDkM1/3OlrUEFDE0fOHd833DT3GXmTgFQinY6tTJ9pM7NGndpebzlqZNsv5uL3OPMlc5OdG2azXZFyYpCz0rHyJXgZoewtJZQqYV3FU/tM1pChidodsIsKP63wSM4zusJKctniXKnpmLEE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1696451737640718.1447154562811; Wed, 4 Oct 2023 13:35:37 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qo8a5-0004N5-Ad; Wed, 04 Oct 2023 16:34:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8a3-0004MY-RQ for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:34:51 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8a1-0001zf-SG for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:34:51 -0400 Received: from mail-oa1-f72.google.com (mail-oa1-f72.google.com [209.85.160.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-14-PwGRnMCZOj2mlUwNkIfK9g-1; Wed, 04 Oct 2023 16:34:48 -0400 Received: by mail-oa1-f72.google.com with SMTP id 586e51a60fabf-187959a901eso219855fac.0 for ; Wed, 04 Oct 2023 13:34:47 -0700 (PDT) Received: from fedora.redhat.com ([2600:4040:7c46:e800:32a2:d966:1af4:8863]) by smtp.gmail.com with ESMTPSA id i19-20020a0cf393000000b00632209f7157sm1561387qvk.143.2023.10.04.13.34.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Oct 2023 13:34:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696451689; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HmyiL+0Vk4O8wUU4c+YaK7cVCigjWlx+T3yj2O2AriQ=; b=esq05+DTihrJZgb1bv63g6XLAF7qjKXDjdE9tS4oM32SQp56LUAHpSRESgdV/9G0HZZAjS SxgKtX7OsDQ2deH6bH7vDiOmghkOGwIDprd/mYvW2kMVAZfiU4d7E6dT9I8Ja0WnCUkPBl sxPlIi/AnnHjAv5xO08g983BMK9Y4zo= X-MC-Unique: PwGRnMCZOj2mlUwNkIfK9g-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696451686; x=1697056486; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HmyiL+0Vk4O8wUU4c+YaK7cVCigjWlx+T3yj2O2AriQ=; b=bdICZsF8gWB76i8y4aBTNzj4O9QtoSr7oRvj3iIxqgIQKSmIEpG4ke1IE7HhyCL6Dj KPEVsIA3PTf1DKWTdhXBhFjlRSVqjiWwGnBxnsDpXdATTVPvnspHfYGoxMwshAMFyk/z ryw475QTURDZegJJqeFiucIgmzcF7Clg0Voh+oXUBrOEqRG19/fMa8aSBZF8TjIqpTBd 1ftGTpmQYmSveVbesFbVwB9hx+X1G8kZQk/ZB1rxK1W+z9OUWnowIWwBNreZEiNe+vMK h05P+wxkJwtXgiSn/IioA4psFOCvMhKIIWCvLEQnUQ+bL9AcpNXuYLKk3SO3b396e4jn uzsg== X-Gm-Message-State: AOJu0YxJXnF6AKx6Cn24tCuz7WerjnSPeFZR9HQrqlusfl2eZRVrI53z nhR/YBSX0FL/w7aQwNbDPzhAExNCl6hK007b9rwZ5dRoHxuIBDBhevKdcHnKgV4DUuDZa9jUpmF iON+xePj/iBOll6no2UxWG99HSSdVIqps9myMidTPQAnKCBRj1Dtk9NjX54TxaO9hPjMIdpr0kP kbRQ== X-Received: by 2002:a05:6870:15d5:b0:1d6:5561:7e1d with SMTP id k21-20020a05687015d500b001d655617e1dmr4023040oad.44.1696451686191; Wed, 04 Oct 2023 13:34:46 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG3TBNaB7ZtNXIhB/ErYq9YUdyQWuqYEntPyUS872kalh5NRrkRbpGyaVp4fXe/EiHiLXkSDg== X-Received: by 2002:a05:6870:15d5:b0:1d6:5561:7e1d with SMTP id k21-20020a05687015d500b001d655617e1dmr4023018oad.44.1696451685873; Wed, 04 Oct 2023 13:34:45 -0700 (PDT) From: Tyler Fanelli To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, mtosatti@redhat.com, stefanha@redhat.com, philmd@linaro.org, berrange@redhat.com, marcandre.lureau@gmail.com, Tyler Fanelli Subject: [RFC PATCH v2 6/9] i386/sev: Replace LAUNCH_MEASURE ioctl with sev library equivalent Date: Wed, 4 Oct 2023 16:34:15 -0400 Message-Id: <20231004203418.56508-7-tfanelli@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231004203418.56508-1-tfanelli@redhat.com> References: <20231004203418.56508-1-tfanelli@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=tfanelli@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1696451738509100005 Content-Type: text/plain; charset="utf-8" The LAUNCH_MEASURE API returns the measurement of the launched guest's memory pages (and VMCB save areas if ES is enabled). The caller is responsible for ensuring that the pointer (identified as the "data" argument) is a valid pointer that can hold the guest's measurement (a measurement in SEV is 48 bytes in size). If this API ioctl call fails, fw_error will be set accordingly. Signed-off-by: Tyler Fanelli --- target/i386/sev.c | 24 ++++++------------------ target/i386/sev.h | 2 ++ 2 files changed, 8 insertions(+), 18 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index a5bd1653ef..3e2a3e07a7 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -721,7 +721,6 @@ sev_launch_get_measure(Notifier *notifier, void *unused) SevGuestState *sev =3D sev_guest; int ret, fw_error; g_autofree guchar *data =3D NULL; - struct kvm_sev_launch_measure measurement =3D {}; KVMState *s =3D kvm_state; =20 if (!sev_check_state(sev, SEV_STATE_LAUNCH_UPDATE)) { @@ -738,31 +737,20 @@ sev_launch_get_measure(Notifier *notifier, void *unus= ed) } } =20 - /* query the measurement blob length */ - ret =3D sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE, - &measurement, &fw_error); - if (!measurement.len) { - error_report("%s: LAUNCH_MEASURE ret=3D%d fw_error=3D%d '%s'", - __func__, ret, fw_error, fw_error_to_str(fw_error)); - return; - } + data =3D g_malloc(SEV_MEASUREMENT_SIZE); =20 - data =3D g_new0(guchar, measurement.len); - measurement.uaddr =3D (unsigned long)data; - - /* get the measurement blob */ - ret =3D sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE, - &measurement, &fw_error); + ret =3D sev_launch_measure(s->vmfd, data, &fw_error); if (ret) { - error_report("%s: LAUNCH_MEASURE ret=3D%d fw_error=3D%d '%s'", - __func__, ret, fw_error, fw_error_to_str(fw_error)); + error_report("%s: LAUNCH_MEASURE ret=3D%d fw_error=3D%d '%s'", __f= unc__, + ret, fw_error, fw_error_to_str(fw_error)); + return; } =20 sev_set_guest_state(sev, SEV_STATE_LAUNCH_SECRET); =20 /* encode the measurement value and emit the event */ - sev->measurement =3D g_base64_encode(data, measurement.len); + sev->measurement =3D g_base64_encode(data, SEV_MEASUREMENT_SIZE); trace_kvm_sev_launch_measurement(sev->measurement); } =20 diff --git a/target/i386/sev.h b/target/i386/sev.h index e7499c95b1..acb181358e 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -38,6 +38,8 @@ typedef struct SevKernelLoaderContext { size_t cmdline_size; } SevKernelLoaderContext; =20 +#define SEV_MEASUREMENT_SIZE 48 + #ifdef CONFIG_SEV bool sev_enabled(void); bool sev_es_enabled(void); --=20 2.40.1 From nobody Mon May 20 16:32:55 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1696451790; cv=none; d=zohomail.com; s=zohoarc; b=f7xYZZIOjS/ZSHHK2WfFv83fAcDzHYOunr1pIq2zz2djENTv8o9Ekwkd5HJMAaep1m5AIR+CPwCUKtTQXzxmnXAKKprUnfRVyQyoaDbH3VbAt2tihk+MxGeVVDx+4UFiGg4uX48Qvwzy3NkgAWAioXEtqpgb5RVrlYKu1UoMiX4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1696451790; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=RZGghBsZ/+2yO6dunrL73Gvrph7Y/ZHFPp8x2q2HGss=; b=F9ukE3jgY8ctx6UucPYETX8beUm1HaICx8Ww6RjGhWD+V97rCnG6+OyQPa0H4yqFKpNVW9Gi281Mp6HbQTQ0EJABK4R0RTgJXxYHywRb13qJ+bMIPOfWi4Q34xMkbjPpg67PKM+Y5h2k6d6NIT8T4pqtQrGStVYgzuHW6aHKAkk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 16964517906674.80568285473089; Wed, 4 Oct 2023 13:36:30 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qo8aA-0004Oc-Tb; Wed, 04 Oct 2023 16:34:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8a8-0004NZ-M0 for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:34:56 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8a6-000210-C4 for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:34:56 -0400 Received: from mail-qv1-f72.google.com (mail-qv1-f72.google.com [209.85.219.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-564-O4L-Ue4hMS-DSeNIJYAiJQ-1; Wed, 04 Oct 2023 16:34:51 -0400 Received: by mail-qv1-f72.google.com with SMTP id 6a1803df08f44-65afb9c405aso1876916d6.0 for ; Wed, 04 Oct 2023 13:34:51 -0700 (PDT) Received: from fedora.redhat.com ([2600:4040:7c46:e800:32a2:d966:1af4:8863]) by smtp.gmail.com with ESMTPSA id i19-20020a0cf393000000b00632209f7157sm1561387qvk.143.2023.10.04.13.34.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Oct 2023 13:34:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696451692; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RZGghBsZ/+2yO6dunrL73Gvrph7Y/ZHFPp8x2q2HGss=; b=WGUr5xtbXjdN5GOhb9H+c6JadWIbuz2tP43jAdIsbH9NRtHmcSbe4aEQ7Zwb2LrfarshEx qbuAU2oDQWcJkNKNW99nwoo0XLwbRsSORheenKzL1Dg+bBXqAu4ELyjWR35PsVPMD9DiG5 rt7FCu62dk72zLrSc6y+paBy7sUBe+k= X-MC-Unique: O4L-Ue4hMS-DSeNIJYAiJQ-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696451690; x=1697056490; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RZGghBsZ/+2yO6dunrL73Gvrph7Y/ZHFPp8x2q2HGss=; b=HL8l7bmd2HDzOKRikHpQyJh2x8rNr8pdiNN04EzZ6Kjh5Ysl145sToexfFjKn0JfUj IkBstb383sxNDXlPyrIKPbdYd7vpBCR02C7Ffpo6uFXVQe0LGSrq8CZnJoZFzXl6ajWI sad9e/Q1P+kQ2QNg9p4japxrYRfqHijpVlz3KEb6AA+v5UfQ1TJe7So+iuVYODAJEOY9 s8NzgfsmO1rEPsAdjJVRjVuYVPzrdcNNfT4XOakS3ThheKENzV1M965zS71M27CBjBlT Xrk4t+LgT9ubuCddXscDAQlOu/FV7uZAbEZKn7I8re7sgHSXVzW6S7DnmxAy0h76OIuF Q0Zg== X-Gm-Message-State: AOJu0YyC3tGh4xLpIVP2ojEt6PP+D9kRWCzB4tQcBO+KSXMz6mBHlcnm tTecuxm+tfFLu6RGVqr2azBgccL5LuKyUTNdQC5bLS7aO2/JdWoRnl1PyRc+2tS2fCocUd9kFpp 3OJHgrwJtcq6M0+L2fKnSNAmr/9LwTfsda8NOUKn36NOLuoUdocvYfyiunv9tXPF73R9ffQQ2EG Icsw== X-Received: by 2002:a05:6214:4a4c:b0:658:24e2:f237 with SMTP id ph12-20020a0562144a4c00b0065824e2f237mr3167193qvb.31.1696451690010; Wed, 04 Oct 2023 13:34:50 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEh0qU58vvmSqGQBsOsklwB8p6J1N7xPxlkjr1pLVKvHSR/msZmD7Z4dbUk99kWAiF9uMvU0Q== X-Received: by 2002:a05:6214:4a4c:b0:658:24e2:f237 with SMTP id ph12-20020a0562144a4c00b0065824e2f237mr3167172qvb.31.1696451689558; Wed, 04 Oct 2023 13:34:49 -0700 (PDT) From: Tyler Fanelli To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, mtosatti@redhat.com, stefanha@redhat.com, philmd@linaro.org, berrange@redhat.com, marcandre.lureau@gmail.com, Tyler Fanelli Subject: [RFC PATCH v2 7/9] i386/sev: Replace LAUNCH_SECRET ioctl with sev library equivalent Date: Wed, 4 Oct 2023 16:34:16 -0400 Message-Id: <20231004203418.56508-8-tfanelli@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231004203418.56508-1-tfanelli@redhat.com> References: <20231004203418.56508-1-tfanelli@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=tfanelli@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1696451791154100004 Content-Type: text/plain; charset="utf-8" The LAUNCH_SECRET API can inject a secret into the VM once the measurement has been retrieved. If this API ioctl call fails, fw_error will be set accordingly. Signed-off-by: Tyler Fanelli --- target/i386/sev.c | 105 ++++++++++++++++------------------------------ target/i386/sev.h | 2 - 2 files changed, 36 insertions(+), 71 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 3e2a3e07a7..38a90d4f00 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -983,88 +983,44 @@ sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error *= *errp) return 0; } =20 -int sev_inject_launch_secret(const char *packet_hdr, const char *secret, - uint64_t gpa, Error **errp) -{ - struct kvm_sev_launch_secret input; - g_autofree guchar *data =3D NULL, *hdr =3D NULL; - int error, ret =3D 1; - void *hva; - gsize hdr_sz =3D 0, data_sz =3D 0; - MemoryRegion *mr =3D NULL; - - if (!sev_guest) { - error_setg(errp, "SEV not enabled for guest"); - return 1; - } - - /* secret can be injected only in this state */ - if (!sev_check_state(sev_guest, SEV_STATE_LAUNCH_SECRET)) { - error_setg(errp, "SEV: Not in correct state. (LSECRET) %x", - sev_guest->state); - return 1; - } - - hdr =3D g_base64_decode(packet_hdr, &hdr_sz); - if (!hdr || !hdr_sz) { - error_setg(errp, "SEV: Failed to decode sequence header"); - return 1; - } - - data =3D g_base64_decode(secret, &data_sz); - if (!data || !data_sz) { - error_setg(errp, "SEV: Failed to decode data"); - return 1; - } - - hva =3D gpa2hva(&mr, gpa, data_sz, errp); - if (!hva) { - error_prepend(errp, "SEV: Failed to calculate guest address: "); - return 1; - } - - input.hdr_uaddr =3D (uint64_t)(unsigned long)hdr; - input.hdr_len =3D hdr_sz; - - input.trans_uaddr =3D (uint64_t)(unsigned long)data; - input.trans_len =3D data_sz; - - input.guest_uaddr =3D (uint64_t)(unsigned long)hva; - input.guest_len =3D data_sz; - - trace_kvm_sev_launch_secret(gpa, input.guest_uaddr, - input.trans_uaddr, input.trans_len); - - ret =3D sev_ioctl(sev_guest->sev_fd, KVM_SEV_LAUNCH_SECRET, - &input, &error); - if (ret) { - error_setg(errp, "SEV: failed to inject secret ret=3D%d fw_error= =3D%d '%s'", - ret, error, fw_error_to_str(error)); - return ret; - } - - return 0; -} - #define SEV_SECRET_GUID "4c2eb361-7d9b-4cc3-8081-127c90d3d294" struct sev_secret_area { uint32_t base; uint32_t size; }; =20 -void qmp_sev_inject_launch_secret(const char *packet_hdr, - const char *secret, +void qmp_sev_inject_launch_secret(const char *hdr_b64, + const char *secret_b64, bool has_gpa, uint64_t gpa, Error **errp) { + int ret, fw_error =3D 0; + g_autofree guchar *hdr =3D NULL, *secret =3D NULL; + uint8_t *data =3D NULL; + KVMState *s =3D kvm_state; + gsize hdr_sz =3D 0, secret_sz =3D 0; + MemoryRegion *mr =3D NULL; + void *hva; + struct sev_secret_area *area =3D NULL; + if (!sev_enabled()) { error_setg(errp, "SEV not enabled for guest"); return; } - if (!has_gpa) { - uint8_t *data; - struct sev_secret_area *area; =20 + hdr =3D g_base64_decode(hdr_b64, &hdr_sz); + if (!hdr || !hdr_sz) { + error_setg(errp, "SEV: Failed to decode sequence header"); + return; + } + + secret =3D g_base64_decode(secret_b64, &secret_sz); + if (!secret || !secret_sz) { + error_setg(errp, "SEV: Failed to decode secret"); + return; + } + + if (!has_gpa) { if (!pc_system_ovmf_table_find(SEV_SECRET_GUID, &data, NULL)) { error_setg(errp, "SEV: no secret area found in OVMF," " gpa must be specified."); @@ -1074,7 +1030,18 @@ void qmp_sev_inject_launch_secret(const char *packet= _hdr, gpa =3D area->base; } =20 - sev_inject_launch_secret(packet_hdr, secret, gpa, errp); + hva =3D gpa2hva(&mr, gpa, secret_sz, errp); + if (!hva) { + error_prepend(errp, "SEV: Failed to calculate guest address: "); + return; + } + + ret =3D sev_inject_launch_secret(s->vmfd, hdr, secret, secret_sz, + hva, &fw_error); + if (ret < 0) { + error_setg(errp, "%s: LAUNCH_SECRET ret=3D%d fw_error=3D%d '%s'", = __func__, + ret, fw_error, fw_error_to_str(fw_error)); + } } =20 static int diff --git a/target/i386/sev.h b/target/i386/sev.h index acb181358e..f1af28eca0 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -53,8 +53,6 @@ uint32_t sev_get_reduced_phys_bits(void); bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **err= p); =20 int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp); -int sev_inject_launch_secret(const char *hdr, const char *secret, - uint64_t gpa, Error **errp); =20 int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size); void sev_es_set_reset_vector(CPUState *cpu); --=20 2.40.1 From nobody Mon May 20 16:32:55 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1696451755; cv=none; d=zohomail.com; s=zohoarc; b=Jp4qKL3WXbo18n3GeVyz5CWHnPBfKcYxLygfw1Pu1NXAsfF3sKK/e2Pijt9wuKkgxpbEIinP+vvr3fKembP5e6l0MZ3856qIGCHPTXFOccldQ+BfuFROxkC5BVGwmhq46wNNCYBEQ8m+TNoJGktWLhH1DU6z5ZMIoL/5VerRUE8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1696451755; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=PrRv3m4bZGPyTAiy7BNkJo2MZlnYWNKA3gLTKlAQBJY=; b=DkBEHRMv1B+c6ImlF7GFq7ku403DyF3IGKVb0mc76Wg5HunosMn9kpk06LXZDq1i0lXZHEf2M+XeijumY2+8ShX7+9CR8UwyKhbirjfjdxsAtvj5vk6pvQB/tuq3TnAThFlN4GTZsMJdSMlWO+EXBWNXRGRn2lzRG/IgAdgYqew= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1696451755800699.217288178462; Wed, 4 Oct 2023 13:35:55 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qo8aC-0004Pf-Lm; Wed, 04 Oct 2023 16:35:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8a9-0004ON-RR for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:34:58 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8a8-00021y-Dr for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:34:57 -0400 Received: from mail-oa1-f70.google.com (mail-oa1-f70.google.com [209.85.160.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-127-CzEo7hYCO9OCQJPEIE4Jgw-1; Wed, 04 Oct 2023 16:34:54 -0400 Received: by mail-oa1-f70.google.com with SMTP id 586e51a60fabf-1dd691b1037so300166fac.3 for ; Wed, 04 Oct 2023 13:34:54 -0700 (PDT) Received: from fedora.redhat.com ([2600:4040:7c46:e800:32a2:d966:1af4:8863]) by smtp.gmail.com with ESMTPSA id i19-20020a0cf393000000b00632209f7157sm1561387qvk.143.2023.10.04.13.34.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Oct 2023 13:34:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696451695; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PrRv3m4bZGPyTAiy7BNkJo2MZlnYWNKA3gLTKlAQBJY=; b=aKtY/Yk+hr2C/tim/fb9tec+rusaWS+AVWDvs5uF7nFbYptrjO7AyZp6ejCFDA/oTxU24x MNneGmX8RyGqJgFa/pn6s75aRPJJrLXDAtyNzA5SFAUj/PJ5fxbjesrTp7RpinRlAxn5Lk eUkpNQONyd7liiN1PxZOXNyLCtXKZv8= X-MC-Unique: CzEo7hYCO9OCQJPEIE4Jgw-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696451692; x=1697056492; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PrRv3m4bZGPyTAiy7BNkJo2MZlnYWNKA3gLTKlAQBJY=; b=YSNSrOy2GQDAtZCU9185nbSgavBSLckPQSPsiJloiuRv+GXNRKgIkGxjXb+sbZt5CD dS/WyQV9XKIcBgPXlPlL3L78g+5TJ9A2+nGF1Wjt2SbBW28bUlFKEfQU5DnS9b1SjDg7 2WUV+B05yiTv6i97nGrTSQo5fhKQsHiNcEy8ayY63qZsqMC5onxfWKU/HZYyHExUdzmQ 46XIQjCIWNvS+57k3bd9OqzE8YK84DpZ1jrYfriJG2JsAMaE7i7c4IOBtubSi/RxHywk ucET/AxVRLBeqOYgz/sakkmo6pYETCKA4aCdfYhXghARBf2PHM4LHCB//l1u7Ze5HXIK 2WgQ== X-Gm-Message-State: AOJu0Yy5bP6cbXnwTv0Hp0rSzJ4Gca2ws92DSVIjPbwZSLrcvGba+FnY w2wUJUy1vjphWLt+jOcy+/J69+xVV8KCKfzMf7SPuIyzdy+sA4bb/g+fSlZ8EdJ2pilKCkqPrIa MiCNZwVG2/XKNYHtTfPyj9iTIi6iI/5hzqxKJu1H1xAk8AKnPQY3kPJ0Zy8IFBep0UPpJ4371NE qO+w== X-Received: by 2002:a05:6870:5492:b0:1d7:503:1502 with SMTP id f18-20020a056870549200b001d705031502mr3842050oan.59.1696451692726; Wed, 04 Oct 2023 13:34:52 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHgC6mhG9+MbWxiRb9At+VwcptAU8qp64tzyENOc4gpMInXsSCdd4RY0q7aKz371VkaKL5XCA== X-Received: by 2002:a05:6870:5492:b0:1d7:503:1502 with SMTP id f18-20020a056870549200b001d705031502mr3842029oan.59.1696451692418; Wed, 04 Oct 2023 13:34:52 -0700 (PDT) From: Tyler Fanelli To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, mtosatti@redhat.com, stefanha@redhat.com, philmd@linaro.org, berrange@redhat.com, marcandre.lureau@gmail.com, Tyler Fanelli Subject: [RFC PATCH v2 8/9] i386/sev: Replace LAUNCH_FINISH ioctl with sev library equivalent Date: Wed, 4 Oct 2023 16:34:17 -0400 Message-Id: <20231004203418.56508-9-tfanelli@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231004203418.56508-1-tfanelli@redhat.com> References: <20231004203418.56508-1-tfanelli@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=tfanelli@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1696451756460100007 Content-Type: text/plain; charset="utf-8" The LAUNCH_FINISH ioctl finishes the guest launch flow and transitions the guest into a state ready to be run. If this API ioctl call fails, fw_error will be set accordingly. Signed-off-by: Tyler Fanelli --- target/i386/sev.c | 38 ++++++++++++++++---------------------- 1 file changed, 16 insertions(+), 22 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 38a90d4f00..764a89d3a4 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -785,35 +785,29 @@ static Notifier sev_machine_done_notify =3D { .notify =3D sev_launch_get_measure, }; =20 -static void -sev_launch_finish(SevGuestState *sev) -{ - int ret, error; - - trace_kvm_sev_launch_finish(); - ret =3D sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, &error); - if (ret) { - error_report("%s: LAUNCH_FINISH ret=3D%d fw_error=3D%d '%s'", - __func__, ret, error, fw_error_to_str(error)); - exit(1); - } - - sev_set_guest_state(sev, SEV_STATE_RUNNING); - - /* add migration blocker */ - error_setg(&sev_mig_blocker, - "SEV: Migration is not implemented"); - migrate_add_blocker(sev_mig_blocker, &error_fatal); -} - static void sev_vm_state_change(void *opaque, bool running, RunState state) { SevGuestState *sev =3D opaque; + int ret, fw_error; + KVMState *s =3D kvm_state; =20 if (running) { if (!sev_check_state(sev, SEV_STATE_RUNNING)) { - sev_launch_finish(sev); + trace_kvm_sev_launch_finish(); + ret =3D sev_launch_finish(s->vmfd, &fw_error); + if (ret) { + error_report("%s: LAUNCH_FINISH ret=3D%d fw_error=3D%d '%s= '", + __func__, ret, fw_error, + fw_error_to_str(fw_error)); + exit(1); + } + + sev_set_guest_state(sev, SEV_STATE_RUNNING); + + // add migration blocker. + error_setg(&sev_mig_blocker, "SEV: Migration is not implemente= d"); + migrate_add_blocker(sev_mig_blocker, &error_fatal); } } } --=20 2.40.1 From nobody Mon May 20 16:32:55 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1696451776; cv=none; d=zohomail.com; s=zohoarc; b=icVxJGbGGDUX92hazVCWhuhUR0H+J+Hs8p50jUNmYxLydi9FDl6V9O5h2VCh49OSxUc2sisYSrw9VCGyay/M17susTNzqC0uphAlmWxxkhg/40BmWV1WWtmiAmwfAbieNZWY+U7Q2qbKmG1TFaQyqc86IxF35Huh42YPjqJjtCk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1696451776; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=/zlOj7GbVpzulZHNd3lOjzg5ksKZ21Mzc3rDM65AgJc=; b=lgrjgD559V2PcLqsMY8ZNKOHfoRCK3fLJaN96HfBcb0xSyCyFK+TGa4dQSzhkLaP9sBPhMTv9nWh70x2WNo7sSnr82uRVwL3yw4HAEIEHAw3+9npw9zrldcP/zBHxMG46t39BDVyhAQYEMXbCO7pAFeQoLR7DUfbhcipydxb+Qk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1696451776333746.3599096735838; Wed, 4 Oct 2023 13:36:16 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qo8aS-0004Rh-Vn; Wed, 04 Oct 2023 16:35:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8aQ-0004RW-JL for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:35:14 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qo8aD-00023D-Cc for qemu-devel@nongnu.org; Wed, 04 Oct 2023 16:35:14 -0400 Received: from mail-qv1-f71.google.com (mail-qv1-f71.google.com [209.85.219.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-73-ktEpcaB0PWCnvUjBK7Cqcw-1; Wed, 04 Oct 2023 16:34:58 -0400 Received: by mail-qv1-f71.google.com with SMTP id 6a1803df08f44-65b1c33bf59so1621026d6.3 for ; Wed, 04 Oct 2023 13:34:58 -0700 (PDT) Received: from fedora.redhat.com ([2600:4040:7c46:e800:32a2:d966:1af4:8863]) by smtp.gmail.com with ESMTPSA id i19-20020a0cf393000000b00632209f7157sm1561387qvk.143.2023.10.04.13.34.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Oct 2023 13:34:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696451700; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/zlOj7GbVpzulZHNd3lOjzg5ksKZ21Mzc3rDM65AgJc=; b=Ce6CkQGhhAH5hSB9Bvh0ArSTvXCWcMxg4ql6aoMvHXP+44ZFtD3Ggjx4jH3lepHgAVEqLN t3/W4mvnN8piYdNU0hUBZrjLfN81dFJ6xhzUtM9EtTZraS+EajeOx/6xwCcMew8s6YlcWs WFfYfYSdWl/DFFnYpYA4gHYrSmuOFDQ= X-MC-Unique: ktEpcaB0PWCnvUjBK7Cqcw-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696451697; x=1697056497; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/zlOj7GbVpzulZHNd3lOjzg5ksKZ21Mzc3rDM65AgJc=; b=M8qOboB0Ehf0FOau3s0Ys1eRgF2B1zwlpkUKYzbXe7WqFoMbeZ3QMmWsdS/whUq9AX kn5NLEsIzWqgQDljZ6X6ckwkUZafPxQXZ8Zw629+qmAGFkXmlaqVcR26t7uTXhJAP9UM hI4pRRV0FKtlCcwyLbYvFgIrTNOT9JdX1UHICG++ZpHPjbXpV3bqTPXwyMcqgbvZIE4P yfNjAa9CGoNFKpF5jO5KbQP65fdxsGSOlIEvISuTAt5drKHtUXaZ8cNlhQHBvcg5LbW7 GfPhylkPVT2j9xCocxHcwkbRvM4R8A0cQgaqeIKVn1ZRIZc6jl7DflHoNM3FFAwYGkAj OXYQ== X-Gm-Message-State: AOJu0YwsnhiY6m5Vot1JnllAZn72wb1l4tV5erGn45vi+vFCdGy4kVI6 ls5JganMAWZUNklFzwWBpEscdlyqjz2ZTTNwFAD81Av0UbSUsPqtSkWSd+0A0ZPEIp2LokGhAwv bTlyWkl3of/Rrdp2xC5T60VW/ugdkQAIEfhJnYk5kXlY/8vMFAfP5bHDlodmVAqoI2gjl0HAS5w Npow== X-Received: by 2002:a0c:e308:0:b0:635:e0dd:db4b with SMTP id s8-20020a0ce308000000b00635e0dddb4bmr3338599qvl.37.1696451697335; Wed, 04 Oct 2023 13:34:57 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGx/i+PF9Z4MUTbX3tksH0c46gSPTz/V8m82O3wQ17fXZknm2N7kQ0xf1VELtioQC67UOG7cA== X-Received: by 2002:a0c:e308:0:b0:635:e0dd:db4b with SMTP id s8-20020a0ce308000000b00635e0dddb4bmr3338583qvl.37.1696451697037; Wed, 04 Oct 2023 13:34:57 -0700 (PDT) From: Tyler Fanelli To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, mtosatti@redhat.com, stefanha@redhat.com, philmd@linaro.org, berrange@redhat.com, marcandre.lureau@gmail.com, Tyler Fanelli Subject: [RFC PATCH v2 9/9] i386/sev: Replace SEV_ATTESTATION_REPORT with sev library equivalent Date: Wed, 4 Oct 2023 16:34:18 -0400 Message-Id: <20231004203418.56508-10-tfanelli@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231004203418.56508-1-tfanelli@redhat.com> References: <20231004203418.56508-1-tfanelli@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=tfanelli@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1696451776951100001 Content-Type: text/plain; charset="utf-8" The LAUNCH_ATTESTATION ioctl fetches the guest VM's attestation report from the PSP. If the API ioctl call fails, fw_error will be set accordingly. Signed-off-by: Tyler Fanelli --- target/i386/sev.c | 81 ++++++++++------------------------------------- target/i386/sev.h | 2 ++ 2 files changed, 18 insertions(+), 65 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 764a89d3a4..bedb8f379e 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -160,27 +160,6 @@ static const char *const sev_fw_errlist[] =3D { =20 #define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) =20 -static int -sev_ioctl(int fd, int cmd, void *data, int *error) -{ - int r; - struct kvm_sev_cmd input; - - memset(&input, 0x0, sizeof(input)); - - input.id =3D cmd; - input.sev_fd =3D fd; - input.data =3D (__u64)(unsigned long)data; - - r =3D kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &input); - - if (error) { - *error =3D input.error; - } - - return r; -} - static int sev_platform_ioctl(int fd, int cmd, void *data, int *error) { @@ -629,75 +608,47 @@ SevCapability *qmp_query_sev_capabilities(Error **err= p) return sev_get_capabilities(errp); } =20 -static SevAttestationReport *sev_get_attestation_report(const char *mnonce, - Error **errp) +SevAttestationReport *qmp_query_sev_attestation_report(const char *mnonce_= b64, + Error **errp) { - struct kvm_sev_attestation_report input =3D {}; SevAttestationReport *report =3D NULL; - SevGuestState *sev =3D sev_guest; - g_autofree guchar *data =3D NULL; - g_autofree guchar *buf =3D NULL; - gsize len; - int err =3D 0, ret; + g_autofree guchar *data =3D NULL, *mnonce =3D NULL; + gsize len, data_len; + int ret, fw_error; + KVMState *s =3D kvm_state; =20 if (!sev_enabled()) { error_setg(errp, "SEV is not enabled"); return NULL; } =20 - /* lets decode the mnonce string */ - buf =3D g_base64_decode(mnonce, &len); - if (!buf) { + mnonce =3D g_base64_decode(mnonce_b64, &len); + if (!mnonce) { error_setg(errp, "SEV: failed to decode mnonce input"); return NULL; } =20 - /* verify the input mnonce length */ - if (len !=3D sizeof(input.mnonce)) { - error_setg(errp, "SEV: mnonce must be %zu bytes (got %" G_GSIZE_FO= RMAT ")", - sizeof(input.mnonce), len); + if (len !=3D SEV_ATTESTATION_REPORT_MNONCE_SIZE) { + error_setg(errp, "SEV: mnonce must be %d bytes (found %" G_GSIZE_F= ORMAT ")", + SEV_ATTESTATION_REPORT_MNONCE_SIZE, len); return NULL; } =20 - /* Query the report length */ - ret =3D sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, - &input, &err); - if (ret < 0) { - if (err !=3D SEV_RET_INVALID_LEN) { - error_setg(errp, "SEV: Failed to query the attestation report" - " length ret=3D%d fw_err=3D%d (%s)", - ret, err, fw_error_to_str(err)); - return NULL; - } - } - - data =3D g_malloc(input.len); - input.uaddr =3D (unsigned long)data; - memcpy(input.mnonce, buf, sizeof(input.mnonce)); - - /* Query the report */ - ret =3D sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, - &input, &err); + ret =3D sev_attestation_report(s->vmfd, mnonce, len, (void *) data, + (unsigned int *) &data_len, &fw_error); if (ret) { error_setg_errno(errp, errno, "SEV: Failed to get attestation repo= rt" - " ret=3D%d fw_err=3D%d (%s)", ret, err, fw_error_to_str(er= r)); - return NULL; + " ret =3D %d fw_err=3D%d (%s)", ret, fw_error, fw_error_to_str(f= w_error)); } =20 report =3D g_new0(SevAttestationReport, 1); - report->data =3D g_base64_encode(data, input.len); + report->data =3D g_base64_encode(data, data_len); =20 - trace_kvm_sev_attestation_report(mnonce, report->data); + trace_kvm_sev_attestation_report((char *) mnonce, report->data); =20 return report; } =20 -SevAttestationReport *qmp_query_sev_attestation_report(const char *mnonce, - Error **errp) -{ - return sev_get_attestation_report(mnonce, errp); -} - static int sev_read_file_base64(const char *filename, guchar **data, gsize *len) { diff --git a/target/i386/sev.h b/target/i386/sev.h index f1af28eca0..a90909450c 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -48,6 +48,8 @@ bool sev_es_enabled(void); #define sev_es_enabled() 0 #endif =20 +#define SEV_ATTESTATION_REPORT_MNONCE_SIZE 16 + uint32_t sev_get_cbit_position(void); uint32_t sev_get_reduced_phys_bits(void); bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **err= p); --=20 2.40.1