From nobody Sun Feb 8 22:17:38 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1518451077553737.1925212301071; Mon, 12 Feb 2018 07:57:57 -0800 (PST) Received: from localhost ([::1]:45689 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1elGUK-0002YQ-JF for importer@patchew.org; Mon, 12 Feb 2018 10:57:52 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56045) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1elGBe-0003Yi-9C for qemu-devel@nongnu.org; Mon, 12 Feb 2018 10:38:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1elGBa-0004JS-Nn for qemu-devel@nongnu.org; Mon, 12 Feb 2018 10:38:34 -0500 Received: from mail-by2nam01on0075.outbound.protection.outlook.com ([104.47.34.75]:32863 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1elGBa-0004Hp-Ba for qemu-devel@nongnu.org; Mon, 12 Feb 2018 10:38:30 -0500 Received: from wsp141597wss.amd.com (165.204.78.1) by BY2PR12MB0146.namprd12.prod.outlook.com (10.162.82.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.485.10; Mon, 12 Feb 2018 15:38:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=62sJUE2M1W3Zs6gJZ5bJFXUZrNudkHjAlm0OvOBBUM4=; b=kRGoqSfR6R1LBd55gVsmjdZg4xcMHVp/50UxMdmCkioz23uAgWCLKikyaJp+PHkxHkoBJYxvYcfqera+/OEDJlngi8MsPTJ9d2i6z63BvVvXS/V3kmhPH/5/DRJrdmqXgChPmKnls+00lryy/PJbOVUbxgXEmt0FK5J5qG4pc7w= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: qemu-devel@nongnu.org Date: Mon, 12 Feb 2018 09:37:02 -0600 Message-Id: <20180212153715.87555-16-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180212153715.87555-1-brijesh.singh@amd.com> References: <20180212153715.87555-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0801CA0004.namprd08.prod.outlook.com (10.161.215.142) To BY2PR12MB0146.namprd12.prod.outlook.com (10.162.82.19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: b7348427-9456-4ee3-2779-08d5722ea8c8 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:BY2PR12MB0146; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 3:eIAJlUB02Bzp2cOcKYGaUjFuDZbd1HIefbs0vVYu1BBKDK02Gp02pkycoh9B88lw1RMCipF1lIgLc30R33uaWHOxdWrrQrX5CexndqzxHJ27eNYXYstNJrBRWuOfd85HoaLcqsRtP7shFU0kGQe4KLXaM2vaRvhMkichuSJEp1Dv8D7PQ4Na+mhpXy/ycuhZe04ZSzMh7ZUJSQ6abdtImxYJBxTmAZ7Oa32PbWlJ/QJ7FT9SAQmGSDzGcdq9Wl6t; 25:TVViZtPwqlezxqPLsuCkYGVvDLCGuje/2Z0BtEsrZSwxXgEE7FEwHfcF1v4hUJiAKQ/8SW3dWMjPZGuJjvcgwcr8jVumXEyIn+3rEs4vXrgx70msllziKg6bUcJlXVFOW+o93IH6TI+OuPxPa61XisvvdmzdQt+uV8Ymc7FXAzfOYAz/pFqRSwOYlGZRsHd/E1kzpq/A8+4zctaCHyXuhwpa6CjHGv8xzm4x7+WALAukjFlLpvVqjU1Ux9oJfF1ZvK4Cj6ZShe0I/E6EoCNn9AWGcWPOgeADYoQeTOBLJFkrZvbu3acZZecYu8Q5w9WnhBsM0hT/naFpDrluZRO3Iw==; 31:ne1ROFEebLp04SO3ykmHbhhojLXZnZcBh8750wckZnm1jo1Tm3iFLo+/B1nZ9uKxFDd/mp3yU/5/hIVROnSr3MKlCwCu08gIJ46zpUHrrpmjW1efNkJTv46D15kyscMsyBwJrj4slOQNY/F8ircHu9FtideZW6ir+gZXOXER/uq4E8VWYkrWB8kl1pvXPN4b5Y6k7JGpMY6Ti7wM7dw1tuSjoAPH07CvpTZGyW8zsHY= X-MS-TrafficTypeDiagnostic: BY2PR12MB0146: X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 20:r55JpfWRjcDKBmwoKV+vzP+OtKwc95M/3LiAwHVCImWEq56Gx9Gvls9de0gzwehR9d2QuRs33GFXk9FpFnrszwVTKTegMEuRnHMLySwV2TySJ0OWOdHZEen/hMdUXV8YR788BA9qY+6D6i+C1ApuwmgpibVNsoThgcOeg++LwbPdIjeLEn1aWNsWtfzncoCiQju2CcreAtBL+qpZ0EF6SuJ3m7FyHD6DFqx/fAOwrEutUk+3OMbjYDpo/mqo6B9fh/O+w4l3PCQn3pEInHAowBmhWdRn8dCPI9hbzNnEwZsYzPOrKq2ew0rjI2qK3GoMZqfB8aMlBtWkwCEQEpyVY2BN/+6khxVdbIntHZ8cQj+NTpspGDxd/Btr15293VdNL6SlQykHhB4YJBE/8cCCEpbqujgtqxECSeU7gMq3B5h6NhPZ3GOZbARP2vVbqNrgI4NKREx6FeEuZtJH5dBU+zg10mlimAaN/TDZd1zA+mf7LsBcV2/NgKfF3URzcBWa; 4:z85T1tlxQb07PBEy3CovNjy9BZV++EcGjofkuD1EjSsOupCIWL5fFoBDokV/M86th7YT+DaRvkj+Tvk09e4o14EqxJL/wRRbikJM5qfu7kQ1myhm+Vu58iqyLrLg8VFkVow+x54qtV6fRNwjKQBOiPy7njokH0aOLJjV6zM/z3vLsh/D0wxQwWaP7SLN6QJDuWEwXNOrzNldKGEQNwaqEsvOCAdU5rtJL7ZW7y3P97Ds0ZTEMoBb7ZMTZAcW1ef3yIkEvoW2X8qCrDlQopfsAjCCHVlnj4rDP1IBd1aMu9fP6peU5OnpS6eD9XW5pOCS X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231101)(2400082)(944501161)(6055026)(6041288)(20161123564045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(6072148)(201708071742011); SRVR:BY2PR12MB0146; BCL:0; PCL:0; RULEID:; SRVR:BY2PR12MB0146; X-Forefront-PRVS: 0581B5AB35 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(1496009)(39380400002)(39860400002)(346002)(396003)(366004)(376002)(199004)(189003)(25786009)(53416004)(66066001)(8676002)(7416002)(105586002)(59450400001)(81156014)(76176011)(81166006)(5660300001)(97736004)(186003)(16526019)(8936002)(106356001)(50226002)(2361001)(6116002)(3846002)(47776003)(305945005)(1076002)(86362001)(26005)(2351001)(7736002)(478600001)(51416003)(36756003)(4326008)(2906002)(53936002)(6666003)(2950100002)(8656006)(52116002)(6486002)(48376002)(39060400002)(68736007)(54906003)(16586007)(7696005)(386003)(316002)(6916009)(50466002)(8666007); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0146; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BY2PR12MB0146; 23:ytx+0+xMImxiUROBxFywjnxOhN3jGBus+/+Gtzqgb?= =?us-ascii?Q?SP/IVFsV3RWTXmTcG99+zNBHPWmK8IJi+NS/pZJrFlfRZWlsziLgvvtcL1g7?= =?us-ascii?Q?wmlTFyjRANq/uNaJO4bKAYJjzp6o1UoA3aRycGLCQtHPV+ZFnFyigusONJEm?= =?us-ascii?Q?wMQ3nOt1oi6kS/+nuv301gnGVP8jx91CLHt3S9/RFvj4A42yAPwks4M8pUyO?= =?us-ascii?Q?jnI7hucEWJXomgkaNn9tTmTMF90fGE7pnSY0oatfcQfNZjnX0mSrsr2SASJ8?= =?us-ascii?Q?SbRhTC6iEewH/CZBsN8Nc+Y9OJHGLr3LyhR9EP3waR+PORyL3rstMiPyySHR?= =?us-ascii?Q?jSBNgYYRAt2esatqGNAHpqm3TxDXFoFL+IdE/V1BoaRRK/vWaMZv6wXTKfCy?= =?us-ascii?Q?SUOprvcnyvObtG7JA6e2Q3jGUdneelKiZgGvUOuhWiWfZNp9WxjH46MZRNsO?= =?us-ascii?Q?bQKL2YG5KBnBlkWKY9f/aYb8lUdO5CbzuR/zIn/8fWOBSE7SeAbRkZzIod2o?= =?us-ascii?Q?XyWrv80z15Aoorq9PkdChW5V1FligOhvrhn48xz8V92f2hAk9HmT66IJGdYG?= =?us-ascii?Q?MaVSCtZSi1RgSj+mhXleZfFQWuZfSVlPCruIsBDVFf1+ok+zAICDSqh06S5G?= =?us-ascii?Q?63km27FTx7nWXP0U/lc/X0IIwbyFKQ3MeErancF25fV6pMcA2iNFNza+Bt0y?= =?us-ascii?Q?aKJeMd1x42YWPzzKipcG0wAIDoj6I6hk0PW13MDlNE36bZZjLcdP6vtlhxVy?= =?us-ascii?Q?YH9yOyH9HtueHx9DJVun0vpp+LTJBGPbU5CibsU6Yj5/nCqxiQrlpwUSzJJY?= =?us-ascii?Q?adz5DnPnasUmUzWak7u0ODHDUAix3d8/yJTFOuMc/CxTPQshX6YHUelKS0N4?= =?us-ascii?Q?tJpGwLuy9ObfIxwUC3KTxP4wSj5Oe2oVWOMhOZr3BZTJpuw07oBgCkw499BH?= =?us-ascii?Q?4GCVedLbqg9Yz97GVDH5ox2WN1sAaWsR98ja7HYuneH+qTr2iFCT1Bt0pJVz?= =?us-ascii?Q?nanK3MlEVT0mWwwrNo9W8cwkYzlZBoCdRsuJmI/rWF0QWMHyS/Ji2f+6x1DT?= =?us-ascii?Q?oVElhj+1I8C3R3JHastDeXPapfK9lJDqTue0s7gPf/UXz4AtmKKD80jEEzOl?= =?us-ascii?Q?E3jaCqAA+k/uYi7SFwZMP2x5ZSSE3/L7f0hN+2z0o6+Mklp/QXJw2SOi/kOX?= =?us-ascii?Q?0EaF8avCuKBjltl0t4qDPUycEoIbiS9PnyBiNaYHMiLwT0WhAhFpmzhm6ZaF?= =?us-ascii?Q?Hwh+YQyFDfe//Egng999cwKbQOHGAhToovoI39nB1E0fsz4q9CWj9wdyGiok?= =?us-ascii?Q?EbpTZ/4QYSGcrDmhESXsQU=3D?= X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 6:+Qwy9arRg9e7QZ87ZkCazuUvE2k4X1aKGG9bGmoE09z6lkiKYQyIMr3SMTxX+wuBZ8UTtGDYnLd4AMfpovMEl2glsE1WPTxerkTKMZmICNS6A5Z8Lk4FixyvTOWUX8QkMdmvgcb4j1UntbJbEy2mSR8uKR9AwAfKuzhtvhNoaHao4D6URDWw7oOB6WFvpm4p0mERKJhInS53EuDOHpu7DZNYjX4UDtvbmFOrHNUkOdU3NAdOBAbcAzxCnZXr5ZWMIMD1HbcxU9dmkZA/obl1lzlYRjdggO5/BMAgNEUQR77wNRf9tVAiokBsMJiatusMxHNWnrFKGfYhgDGmtVtohYGocDKA9i3DudZmLO7SaPQ=; 5:lSBdlefZ/8PwrrLs1kyfntE8wYyepVXD1ViTRFbbn5H19wUIlmZgDKDFL1zIL07NtEZmCbM87ipnfxKJ1u/X0p1GCzwQ2zOKF6BUWD9wLbcIEtLwULh9tgBmm5NkhXWUHhLMNROTD/Rl2DwP0czQ3nQGimnM3kb1SnP0Eb+H68Q=; 24:4J1bCsBvMACPoJ/InrT8/V4G5cDtLX/TZo6VFIIiCZZ4JV0DZBiALtXzleFQv4PGEWuqknzm04rtHfsM/cBpItruxYMzTVC8PGcTLenvNwE=; 7:zWem5ac5GzrEgZ1ZNbKZxnbpTffL3VHiPfq7/ROSd6zUJpTHCyp1hYEQmj3oyTvB9N8k40mdwYd5SGXyCtUfazfKne+8lyNw9mx1LtSalDpTvYTCqOi8ICR1tTXdxhILmXZd4WQk1c02IdXazLokTRiwpw1ho9+w3ofYKFs4PH5W05eg6xBM8LCvXX5S8oUd9/NTKP84g/nxGgulCURPa9MtEtNUxEC9U/ySSeQftadaG40Y6s14vJDAOx9F99QJ SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 20:7RlSC5P4Whosi9J9E5sKnOP3uUsandJuwXQKvkSROW0nlxkRYvpzvyHcjUGhYF0v0L2GVTkhjHy5UON/p7TIt/dKXqV8RnxBYVMPeVHBjhcuPnaeb6BKJgHEIsQCg8NMbSLqpP/uT9cRhO3wXrnaW3Dljhm2qNb7U/2XFi5VGmrzPC5t0gKlmXmv+nqScJqBuwJc9OgIwg7PQrg1047M0pM/SgUKtVJ+KKomPKJset7l2qvtlepfwXjersTu3qh3 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Feb 2018 15:38:25.3859 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b7348427-9456-4ee3-2779-08d5722ea8c8 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0146 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.34.75 Subject: [Qemu-devel] [PATCH v8 15/28] sev/i386: add command to create launch memory encryption context X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Richard Henderson , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The KVM_SEV_LAUNCH_START command creates a new VM encryption key (VEK). The encryption key created with the command will be used for encrypting the bootstrap images (such as guest bios). Cc: Paolo Bonzini Cc: Richard Henderson Cc: Eduardo Habkost Signed-off-by: Brijesh Singh --- include/sysemu/sev.h | 10 +++++ target/i386/sev.c | 99 ++++++++++++++++++++++++++++++++++++++++++++= ++++ target/i386/trace-events | 2 + 3 files changed, 111 insertions(+) diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 121e7e4aa44c..08014a9c94ff 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -58,6 +58,16 @@ struct QSevGuestInfoClass { ObjectClass parent_class; }; =20 +typedef enum { + SEV_STATE_UNINIT =3D 0, + SEV_STATE_LUPDATE, + SEV_STATE_SECRET, + SEV_STATE_RUNNING, + SEV_STATE_SUPDATE, + SEV_STATE_RUPDATE, + SEV_STATE_MAX +} SevGuestState; + struct SEVState { QSevGuestInfo *sev_info; }; diff --git a/target/i386/sev.c b/target/i386/sev.c index 2c4bbba3c367..2ecc6a1d1ad3 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -29,6 +29,17 @@ static int sev_fd; =20 #define SEV_FW_MAX_ERROR 0x17 =20 +static SevGuestState current_sev_guest_state =3D SEV_STATE_UNINIT; + +static const char *const sev_state_str[] =3D { + "uninit", + "lupdate", + "secret", + "running", + "supdate", + "rupdate", +}; + static const char *const sev_fw_errlist[] =3D { "", "Platform state is invalid", @@ -86,6 +97,16 @@ fw_error_to_str(int code) return sev_fw_errlist[code]; } =20 +static void +sev_set_guest_state(SevGuestState new_state) +{ + assert(new_state < SEV_STATE_MAX); + + trace_kvm_sev_change_state(sev_state_str[current_sev_guest_state], + sev_state_str[new_state]); + current_sev_guest_state =3D new_state; +} + static void sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size) { @@ -337,6 +358,7 @@ sev_get_me_mask(void) void sev_get_current_state(char **state) { + *state =3D g_strdup(sev_state_str[current_sev_guest_state]); } =20 bool @@ -355,6 +377,76 @@ sev_get_policy(uint32_t *policy) { } =20 +static int +sev_read_file_base64(const char *filename, guchar **data, gsize *len) +{ + gsize sz; + gchar *base64; + GError *error =3D NULL; + + if (!g_file_get_contents(filename, &base64, &sz, &error)) { + error_report("failed to read '%s' (%s)", filename, error->message); + return -1; + } + + *data =3D g_base64_decode(base64, len); + return 0; +} + +static int +sev_launch_start(SEVState *s) +{ + gsize sz; + int ret =3D 1; + int fw_error; + QSevGuestInfo *sev =3D s->sev_info; + struct kvm_sev_launch_start *start; + guchar *session =3D NULL, *dh_cert =3D NULL; + + start =3D g_malloc0(sizeof(*start)); + if (!start) { + return 1; + } + + start->handle =3D object_property_get_int(OBJECT(sev), "handle", + &error_abort); + start->policy =3D object_property_get_int(OBJECT(sev), "policy", + &error_abort); + if (sev->session_file) { + if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) { + return 1; + } + start->session_uaddr =3D (unsigned long)session; + start->session_len =3D sz; + } + + if (sev->dh_cert_file) { + if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) { + return 1; + } + start->dh_uaddr =3D (unsigned long)dh_cert; + start->dh_len =3D sz; + } + + trace_kvm_sev_launch_start(start->policy, session, dh_cert); + ret =3D sev_ioctl(KVM_SEV_LAUNCH_START, start, &fw_error); + if (ret < 0) { + error_report("%s: LAUNCH_START ret=3D%d fw_error=3D%d '%s'", + __func__, ret, fw_error, fw_error_to_str(fw_error)); + return 1; + } + + object_property_set_int(OBJECT(sev), start->handle, "handle", + &error_abort); + sev_set_guest_state(SEV_STATE_LUPDATE); + + g_free(start); + g_free(session); + g_free(dh_cert); + + return 0; +} + void * sev_guest_init(const char *id) { @@ -398,6 +490,13 @@ sev_guest_init(const char *id) goto err; } =20 + ret =3D sev_launch_start(s); + if (ret) { + error_report("%s: failed to create encryption context", __func__); + goto err; + } + + sev_active =3D true; ram_block_notifier_add(&sev_ram_notifier); =20 diff --git a/target/i386/trace-events b/target/i386/trace-events index ffa3d2250425..9402251e9991 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -10,3 +10,5 @@ kvm_x86_update_msi_routes(int num) "Updated %d MSI routes" kvm_sev_init(void) "" kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu" kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu" +kvm_sev_change_state(const char *old, const char *new) "%s -> %s" +kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x se= ssion %p pdh %p" --=20 2.14.3