backends/confidential-guest-support.c | 69 +++ backends/igvm.c | 718 ++++++++++++++++++++++ backends/meson.build | 4 + docs/system/igvm.rst | 58 ++ docs/system/index.rst | 1 + hw/i386/pc.c | 12 +- hw/i386/pc_piix.c | 4 + hw/i386/pc_q35.c | 4 + include/exec/confidential-guest-support.h | 107 ++++ include/exec/igvm.h | 35 ++ meson.build | 8 + meson_options.txt | 2 + qapi/qom.json | 13 + qemu-options.hx | 8 +- scripts/meson-buildoptions.sh | 3 + target/i386/sev.c | 365 ++++++++++- target/i386/sev.h | 110 ++++ 17 files changed, 1489 insertions(+), 32 deletions(-) create mode 100644 backends/igvm.c create mode 100644 docs/system/igvm.rst create mode 100644 include/exec/igvm.h
Hi everyone, This initial patch series submission adds the capability to configure confidential guests using files that conform to the Independent Guest Virtual Machine (IGVM) file format. The series is based on the master branch commit 1b330da. Alternatively, the series is available here: https://github.com/roy-hopkins/qemu/tree/igvm_master_v1 I look forward to welcoming your comments! Why do we need Independent Guest Virtual Machine (IGVM) files? ============================================================== IGVM files describe, using a set of directives, the memory layout and initial configuration of a guest that supports isolation technologies such as AMD SEV-SNP and Intel TDX. By encapsulating all of this information in a single configuration file and applying the directives in the order they are specified when the guest is initialized, it becomes straightforward to pre-calculate the cryptographic measurement of the guest initial state, thus aiding in remote attestation processes. IGVM files can also be used to configure non-standard guest memory layouts, payloads or startup configurations. A good example of this is to use IGVM to deploy and configure an SVSM module in the guest which supports running at multiple VMPLs. The SVSM can be configured to start directly into 32-bit or 64-bit code. This patch series was developed with this purpose in mind to support the COCONUT-SVSM project: https://github.com/coconut-svsm/svsm More information and background on the IGVM file format can be found on the project page at: https://github.com/microsoft/igvm What this patch series introduces ================================= This series adds a build-time configuration option (--enable-igvm) to add support for launching a guest using an IGVM file. It extends the current ConfidentialGuestSupport object to allow an IGVM filename to be specified. The directives in the IGVM file are parsed and the confidential guest is configured through new virtual methods added to the ConfidentialGuestSupport object. These virtual functions have been implemented for AMD SEV and AMD SEV-ES. Many of the IGVM directives require capabilities that are not supported in SEV and SEV-ES, so support for IGVM directives will need to be considered when support for SEV-SNP, TDX or other technologies is introduced to QEMU. Any directive that is not currently supported results in an error report. Dependencies ============ In order to enable IGVM support, you will need the IGVM library installed. Instructions on building and installing it can be found here: https://github.com/microsoft/igvm/tree/main/igvm_c As mentioned above, this series was developed as part of the effort for COCONUT-SVSM. COCONUT-SVSM requires support for AMD SEV-SNP which is not available in current QEMU. Therefore this series has also been applied on top of the AMD SEV-SNP branch (https://github.com/AMDESE/qemu/tree/snp-v3-wip). You can find that version of the series here: https://github.com/roy-hopkins/qemu/commits/snp-v3-wip-igvm_v2/ Generating IGVM files ===================== To try this out you will need to generate an IGVM file that is compatible with the SEV platform you are testing on. I've created a tool that can create a simple IGVM file that packages an OVMF binary for AMD SEV or AMD SEV-ES. The tool is available here: https://github.com/roy-hopkins/buildigvm I have tested this on an AMD EPYC Genoa system configured to support SEV. Both SEV and SEV-ES have been tested using IGVM files generated using the buildigvm tool. The SEV-SNP alternative patch set has also been tested using COCONUT-SVSM. Roy Hopkins (9): meson: Add optional dependency on IGVM library backends/confidential-guest-support: Add IGVM file parameter backends/confidential-guest-support: Add functions to support IGVM backends/igvm: Implement parsing and processing of IGVM files i386/pc: Process IGVM file during PC initialization if present i386/pc: Skip initialization of system FW when using IGVM i386/sev: Refactor setting of reset vector and initial CPU state i386/sev: Implement ConfidentialGuestSupport functions for SEV docs/system: Add documentation on support for IGVM backends/confidential-guest-support.c | 69 +++ backends/igvm.c | 718 ++++++++++++++++++++++ backends/meson.build | 4 + docs/system/igvm.rst | 58 ++ docs/system/index.rst | 1 + hw/i386/pc.c | 12 +- hw/i386/pc_piix.c | 4 + hw/i386/pc_q35.c | 4 + include/exec/confidential-guest-support.h | 107 ++++ include/exec/igvm.h | 35 ++ meson.build | 8 + meson_options.txt | 2 + qapi/qom.json | 13 + qemu-options.hx | 8 +- scripts/meson-buildoptions.sh | 3 + target/i386/sev.c | 365 ++++++++++- target/i386/sev.h | 110 ++++ 17 files changed, 1489 insertions(+), 32 deletions(-) create mode 100644 backends/igvm.c create mode 100644 docs/system/igvm.rst create mode 100644 include/exec/igvm.h -- 2.43.0
> On 27 Feb 2024, at 20:20, Roy Hopkins <roy.hopkins@suse.com> wrote: > > Hi everyone, > > This initial patch series submission adds the capability to configure > confidential guests using files that conform to the Independent Guest Virtual > Machine (IGVM) file format. The series is based on the master branch commit > 1b330da. Alternatively, the series is available here: > https://github.com/roy-hopkins/qemu/tree/igvm_master_v1 > > I look forward to welcoming your comments! > > Why do we need Independent Guest Virtual Machine (IGVM) files? > ============================================================== > > IGVM files describe, using a set of directives, the memory layout and initial > configuration of a guest that supports isolation technologies such as AMD > SEV-SNP and Intel TDX. By encapsulating all of this information in a single > configuration file and applying the directives in the order they are specified > when the guest is initialized, it becomes straightforward to pre-calculate the > cryptographic measurement of the guest initial state, thus aiding in remote > attestation processes. > > IGVM files can also be used to configure non-standard guest memory layouts, > payloads or startup configurations. A good example of this is to use IGVM to > deploy and configure an SVSM module in the guest which supports running at > multiple VMPLs. The SVSM can be configured to start directly into 32-bit or > 64-bit code. This patch series was developed with this purpose in mind to > support the COCONUT-SVSM project: > https://github.com/coconut-svsm/svsm > > More information and background on the IGVM file format can be found on the > project page at: > https://github.com/microsoft/igvm > > What this patch series introduces > ================================= > > This series adds a build-time configuration option (--enable-igvm) to add > support for launching a guest using an IGVM file. It extends the current > ConfidentialGuestSupport object to allow an IGVM filename to be specified. > > The directives in the IGVM file are parsed and the confidential guest is > configured through new virtual methods added to the ConfidentialGuestSupport > object. These virtual functions have been implemented for AMD SEV and AMD > SEV-ES. > > Many of the IGVM directives require capabilities that are not supported in SEV > and SEV-ES, so support for IGVM directives will need to be considered when > support for SEV-SNP, TDX or other technologies is introduced to QEMU. Any > directive that is not currently supported results in an error report. > > Dependencies > ============ > > In order to enable IGVM support, you will need the IGVM library installed. > Instructions on building and installing it can be found here: > https://github.com/microsoft/igvm/tree/main/igvm_c > > As mentioned above, this series was developed as part of the effort for > COCONUT-SVSM. COCONUT-SVSM requires support for AMD SEV-SNP which is not > available in current QEMU. Therefore this series has also been applied on top of > the AMD SEV-SNP branch (https://github.com/AMDESE/qemu/tree/snp-v3-wip). You can > find that version of the series here: > https://github.com/roy-hopkins/qemu/commits/snp-v3-wip-igvm_v2/ > > Generating IGVM files > ===================== > > To try this out you will need to generate an IGVM file that is compatible with > the SEV platform you are testing on. I've created a tool that can create a > simple IGVM file that packages an OVMF binary for AMD SEV or AMD SEV-ES. The > tool is available here: > https://github.com/roy-hopkins/buildigvm > > I have tested this on an AMD EPYC Genoa system configured to support SEV. Both > SEV and SEV-ES have been tested using IGVM files generated using the buildigvm > tool. The SEV-SNP alternative patch set has also been tested using COCONUT-SVSM. Could you please also CC me in this patchset please? Thanks. > > Roy Hopkins (9): > meson: Add optional dependency on IGVM library > backends/confidential-guest-support: Add IGVM file parameter > backends/confidential-guest-support: Add functions to support IGVM > backends/igvm: Implement parsing and processing of IGVM files > i386/pc: Process IGVM file during PC initialization if present > i386/pc: Skip initialization of system FW when using IGVM > i386/sev: Refactor setting of reset vector and initial CPU state > i386/sev: Implement ConfidentialGuestSupport functions for SEV > docs/system: Add documentation on support for IGVM > > backends/confidential-guest-support.c | 69 +++ > backends/igvm.c | 718 ++++++++++++++++++++++ > backends/meson.build | 4 + > docs/system/igvm.rst | 58 ++ > docs/system/index.rst | 1 + > hw/i386/pc.c | 12 +- > hw/i386/pc_piix.c | 4 + > hw/i386/pc_q35.c | 4 + > include/exec/confidential-guest-support.h | 107 ++++ > include/exec/igvm.h | 35 ++ > meson.build | 8 + > meson_options.txt | 2 + > qapi/qom.json | 13 + > qemu-options.hx | 8 +- > scripts/meson-buildoptions.sh | 3 + > target/i386/sev.c | 365 ++++++++++- > target/i386/sev.h | 110 ++++ > 17 files changed, 1489 insertions(+), 32 deletions(-) > create mode 100644 backends/igvm.c > create mode 100644 docs/system/igvm.rst > create mode 100644 include/exec/igvm.h > > -- > 2.43.0 > > >
Hi Roy,
thanks for this series!
On Tue, Feb 27, 2024 at 02:50:06PM +0000, Roy Hopkins wrote:
>Hi everyone,
>
>This initial patch series submission adds the capability to configure
>confidential guests using files that conform to the Independent Guest Virtual
>Machine (IGVM) file format. The series is based on the master branch commit
>1b330da. Alternatively, the series is available here:
>https://github.com/roy-hopkins/qemu/tree/igvm_master_v1
>
>I look forward to welcoming your comments!
I saw that the series has been a posted for a while and maybe you're
going to send v2, so I'll bring back some little things that I saw, but
I didn't do yet a deep review:
- We use "Isolated Guest Virtual Machine" or "Independent Guest Virtual
Machine", are they interchangeable for IGVM?
- `./scripts/checkpatch.pl --codespell` reported some warnings:
5/9 Checking commit 81f60e5cdd01 (i386/pc: Process IGVM file during PC initialization if present)
WARNING: 'initalization' may be misspelled - perhaps 'initialization'?
#15:
initalization of the target.
^^^^^^^^^^^^^
9/9 Checking commit 66745c0bb940 (docs/system: Add documentation on support for IGVM)
WARNING: 'encaspulate' may be misspelled - perhaps 'encapsulate'?
#27: FILE: docs/system/igvm.rst:4:
+IGVM files are designed to encaspulate all the information required to launch a
^^^^^^^^^^^
Thanks,
Stefano
>
>Why do we need Independent Guest Virtual Machine (IGVM) files?
>==============================================================
>
>IGVM files describe, using a set of directives, the memory layout and initial
>configuration of a guest that supports isolation technologies such as AMD
>SEV-SNP and Intel TDX. By encapsulating all of this information in a single
>configuration file and applying the directives in the order they are specified
>when the guest is initialized, it becomes straightforward to pre-calculate the
>cryptographic measurement of the guest initial state, thus aiding in remote
>attestation processes.
>
>IGVM files can also be used to configure non-standard guest memory layouts,
>payloads or startup configurations. A good example of this is to use IGVM to
>deploy and configure an SVSM module in the guest which supports running at
>multiple VMPLs. The SVSM can be configured to start directly into 32-bit or
>64-bit code. This patch series was developed with this purpose in mind to
>support the COCONUT-SVSM project:
>https://github.com/coconut-svsm/svsm
>
>More information and background on the IGVM file format can be found on the
>project page at:
>https://github.com/microsoft/igvm
>
>What this patch series introduces
>=================================
>
>This series adds a build-time configuration option (--enable-igvm) to add
>support for launching a guest using an IGVM file. It extends the current
>ConfidentialGuestSupport object to allow an IGVM filename to be specified.
>
>The directives in the IGVM file are parsed and the confidential guest is
>configured through new virtual methods added to the ConfidentialGuestSupport
>object. These virtual functions have been implemented for AMD SEV and AMD
>SEV-ES.
>
>Many of the IGVM directives require capabilities that are not supported in SEV
>and SEV-ES, so support for IGVM directives will need to be considered when
>support for SEV-SNP, TDX or other technologies is introduced to QEMU. Any
>directive that is not currently supported results in an error report.
>
>Dependencies
>============
>
>In order to enable IGVM support, you will need the IGVM library installed.
>Instructions on building and installing it can be found here:
>https://github.com/microsoft/igvm/tree/main/igvm_c
>
>As mentioned above, this series was developed as part of the effort for
>COCONUT-SVSM. COCONUT-SVSM requires support for AMD SEV-SNP which is not
>available in current QEMU. Therefore this series has also been applied on top of
>the AMD SEV-SNP branch (https://github.com/AMDESE/qemu/tree/snp-v3-wip). You can
>find that version of the series here:
>https://github.com/roy-hopkins/qemu/commits/snp-v3-wip-igvm_v2/
>
>Generating IGVM files
>=====================
>
>To try this out you will need to generate an IGVM file that is compatible with
>the SEV platform you are testing on. I've created a tool that can create a
>simple IGVM file that packages an OVMF binary for AMD SEV or AMD SEV-ES. The
>tool is available here:
>https://github.com/roy-hopkins/buildigvm
>
>I have tested this on an AMD EPYC Genoa system configured to support SEV. Both
>SEV and SEV-ES have been tested using IGVM files generated using the buildigvm
>tool. The SEV-SNP alternative patch set has also been tested using COCONUT-SVSM.
>
>Roy Hopkins (9):
> meson: Add optional dependency on IGVM library
> backends/confidential-guest-support: Add IGVM file parameter
> backends/confidential-guest-support: Add functions to support IGVM
> backends/igvm: Implement parsing and processing of IGVM files
> i386/pc: Process IGVM file during PC initialization if present
> i386/pc: Skip initialization of system FW when using IGVM
> i386/sev: Refactor setting of reset vector and initial CPU state
> i386/sev: Implement ConfidentialGuestSupport functions for SEV
> docs/system: Add documentation on support for IGVM
>
> backends/confidential-guest-support.c | 69 +++
> backends/igvm.c | 718 ++++++++++++++++++++++
> backends/meson.build | 4 +
> docs/system/igvm.rst | 58 ++
> docs/system/index.rst | 1 +
> hw/i386/pc.c | 12 +-
> hw/i386/pc_piix.c | 4 +
> hw/i386/pc_q35.c | 4 +
> include/exec/confidential-guest-support.h | 107 ++++
> include/exec/igvm.h | 35 ++
> meson.build | 8 +
> meson_options.txt | 2 +
> qapi/qom.json | 13 +
> qemu-options.hx | 8 +-
> scripts/meson-buildoptions.sh | 3 +
> target/i386/sev.c | 365 ++++++++++-
> target/i386/sev.h | 110 ++++
> 17 files changed, 1489 insertions(+), 32 deletions(-)
> create mode 100644 backends/igvm.c
> create mode 100644 docs/system/igvm.rst
> create mode 100644 include/exec/igvm.h
>
>--
>2.43.0
>
>
On Tue, 2024-03-19 at 16:07 +0100, Stefano Garzarella wrote: > Hi Roy, > thanks for this series! > > On Tue, Feb 27, 2024 at 02:50:06PM +0000, Roy Hopkins wrote: > > Hi everyone, > > > > This initial patch series submission adds the capability to configure > > confidential guests using files that conform to the Independent Guest > > Virtual > > Machine (IGVM) file format. The series is based on the master branch commit > > 1b330da. Alternatively, the series is available here: > > https://github.com/roy-hopkins/qemu/tree/igvm_master_v1 > > > > I look forward to welcoming your comments! > > I saw that the series has been a posted for a while and maybe you're > going to send v2, so I'll bring back some little things that I saw, but > I didn't do yet a deep review: > > - We use "Isolated Guest Virtual Machine" or "Independent Guest Virtual > Machine", are they interchangeable for IGVM? > > - `./scripts/checkpatch.pl --codespell` reported some warnings: > > 5/9 Checking commit 81f60e5cdd01 (i386/pc: Process IGVM file during PC > initialization if present) > WARNING: 'initalization' may be misspelled - perhaps 'initialization'? > #15: > initalization of the target. > ^^^^^^^^^^^^^ > > 9/9 Checking commit 66745c0bb940 (docs/system: Add documentation on support > for IGVM) > > WARNING: 'encaspulate' may be misspelled - perhaps 'encapsulate'? > #27: FILE: docs/system/igvm.rst:4: > +IGVM files are designed to encaspulate all the information required to launch > a > ^^^^^^^^^^^ > > Thanks, > Stefano > Thanks for the initial review Stefano. I'll be posting a v2 shortly and will address your comments. Regards, Roy [snip] >
© 2016 - 2024 Red Hat, Inc.