From nobody Wed May 15 03:30:33 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1590701837; cv=none; d=zohomail.com; s=zohoarc; b=PNYNZOPBMj1WmNJCSiwNSldvVHcQoW6Ph5VeE5FM4/YuF0mpbwRR6osBrwt1SWvBH03EOP66NQ6O/X9pVOzDnLJjEsflfGgDlPpfPMngqiCt5SuAG8nZgJOYfxzmoUroz7h0K8Ym1deLP74HUsOEqem+eNqInWAsRLWiYayxces= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1590701837; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=6JDhkhk7Nrg1V6VKV4C84N1F+eWiRSwP7iOexVD6fyE=; b=fwjJuS+mK3s+rMKw/yottPPpSBlX8FoW5bsgChY+NZWB99PFEK/OyhFjyaTgPD5jfSfz2Q05dIAh+Af6V+Tqq7z5QRygTec9UityZp5vCMHhjW+3+wJbC5lxowi5fTzbNVaYE/W7M3OT0Pa7ARfWIeycfXU4I0dJ0lVeqin/TbA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1590701837369913.2293986559132; Thu, 28 May 2020 14:37:17 -0700 (PDT) Received: from localhost ([::1]:60514 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jeQDD-0004xh-JB for importer@patchew.org; Thu, 28 May 2020 17:37:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59690) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jePUr-0006qc-30 for qemu-devel@nongnu.org; Thu, 28 May 2020 16:51:25 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:39134) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jePUo-0000wt-FN for qemu-devel@nongnu.org; Thu, 28 May 2020 16:51:24 -0400 Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 04SKXClV089588 for ; Thu, 28 May 2020 16:51:19 -0400 Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com with ESMTP id 319sqg7qam-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 28 May 2020 16:51:19 -0400 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 04SKdjfP011953 for ; Thu, 28 May 2020 20:51:18 GMT Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma03dal.us.ibm.com with ESMTP id 316ufb953r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 28 May 2020 20:51:18 +0000 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 04SKpE9u10813796 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 28 May 2020 20:51:15 GMT Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 09B0078063; Thu, 28 May 2020 20:51:16 +0000 (GMT) Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A33D37805E; Thu, 28 May 2020 20:51:15 +0000 (GMT) Received: from Tobins-MBP-2.fios-router.home (unknown [9.80.221.203]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP; Thu, 28 May 2020 20:51:15 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=6JDhkhk7Nrg1V6VKV4C84N1F+eWiRSwP7iOexVD6fyE=; b=gk4Y12jCsASNUwKs/uhxRoV9NIItkfsgXlzWYGzVWi/JT096HZLA7wJzMmJ1ygpedV8/ FB9NbhRuxQqM3lzGdByswV6jbgC/KAVrI7gq13u3IRJxNRngTe7WUctSZ0c1deE02Nm6 PN2IYE4X8DduMXuDHJzJufiTeXl7IRF8fFzNvGu68RjJ2DttyTvk+6kpoZc5GxXG36du CXtI988U8b29SCCTGoF0DiVw3kjEGNGWxR3OOTW6Gn7DA0m3suur7LwLG9S7j1Apvb/w CueUtEZchOoVlQ+Obd+sHUjn9lGbfhuB+IyAzkPgOpNax5q5wJNnHY3AqNNFUA3D8zrw JQ== From: Tobin Feldman-Fitzthum To: jejb@linux.ibm.com, qemu-devel@nongnu.org Subject: [PATCH 1/2] sev: add sev-inject-launch-secret Date: Thu, 28 May 2020 16:51:13 -0400 Message-Id: <20200528205114.42078-2-tobin@linux.vnet.ibm.com> X-Mailer: git-send-email 2.20.1 (Apple Git-117) In-Reply-To: <20200528205114.42078-1-tobin@linux.vnet.ibm.com> References: <20200528205114.42078-1-tobin@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-05-28_07:2020-05-28, 2020-05-28 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 suspectscore=2 bulkscore=0 phishscore=0 cotscore=-2147483648 priorityscore=1501 lowpriorityscore=0 spamscore=0 clxscore=1011 malwarescore=0 adultscore=0 impostorscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005280132 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: none client-ip=148.163.156.1; envelope-from=tobin@linux.vnet.ibm.com; helo=mx0a-001b2d01.pphosted.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/28 16:51:19 X-ACL-Warn: Detected OS = Linux 3.x [generic] [fuzzy] X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, KHOP_DYNAMIC=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Mailman-Approved-At: Thu, 28 May 2020 17:35:50 -0400 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Tobin Feldman-Fitzthum , tobin@ibm.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" From: Tobin Feldman-Fitzthum AMD SEV allows a guest owner to inject a secret blob into the memory of a virtual machine. The secret is encrypted with the SEV Transport Encryption Key and integrity is guaranteed with the Transport Integrity Key. Although QEMU faciliates the injection of the launch secret, it cannot access the secret. Signed-off-by: Tobin Feldman-Fitzthum --- include/sysemu/sev.h | 2 + qapi/misc-target.json | 20 +++++++++ target/i386/monitor.c | 8 ++++ target/i386/sev-stub.c | 5 +++ target/i386/sev.c | 83 ++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 1 + tests/qtest/qmp-cmd-test.c | 6 +-- 7 files changed, 122 insertions(+), 3 deletions(-) diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 98c1ec8d38..313ee30fc8 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -18,4 +18,6 @@ =20 void *sev_guest_init(const char *id); int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len); +int sev_inject_launch_secret(const char *hdr, const char *secret, + uint64_t gpa); #endif diff --git a/qapi/misc-target.json b/qapi/misc-target.json index dee3b45930..27458b765b 100644 --- a/qapi/misc-target.json +++ b/qapi/misc-target.json @@ -200,6 +200,26 @@ { 'command': 'query-sev-capabilities', 'returns': 'SevCapability', 'if': 'defined(TARGET_I386)' } =20 +## +# @sev-inject-launch-secret: +# +# This command injects a secret blob into memory of SEV guest. +# +# @packet-header: the launch secret packet header encoded in base64 +# +# @secret: the launch secret data to be injected encoded in base64 +# +# @gpa: the guest physical address where secret will be injected. + GPA provided here will be ignored if guest ROM specifies=20 + the a launch secret GPA. +# +# Since: 5.0.0 +# +## +{ 'command': 'sev-inject-launch-secret', + 'data': { 'packet_hdr': 'str', 'secret': 'str', 'gpa': 'uint64' }, + 'if': 'defined(TARGET_I386)' } + ## # @dump-skeys: # diff --git a/target/i386/monitor.c b/target/i386/monitor.c index 27ebfa3ad2..5c2b7d2c17 100644 --- a/target/i386/monitor.c +++ b/target/i386/monitor.c @@ -736,3 +736,11 @@ SevCapability *qmp_query_sev_capabilities(Error **errp) =20 return data; } + +void qmp_sev_inject_launch_secret(const char *packet_hdr, + const char *secret, uint64_t gpa, + Error **errp) +{ + if (sev_inject_launch_secret(packet_hdr,secret,gpa) !=3D 0) + error_setg(errp, "SEV inject secret failed"); +} diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c index e5ee13309c..2b8c5f1f53 100644 --- a/target/i386/sev-stub.c +++ b/target/i386/sev-stub.c @@ -48,3 +48,8 @@ SevCapability *sev_get_capabilities(void) { return NULL; } +int sev_inject_launch_secret(const char *hdr, const char *secret, + uint64_t gpa) +{ + return 1; +} diff --git a/target/i386/sev.c b/target/i386/sev.c index 846018a12d..774e47d9d1 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -28,6 +28,7 @@ #include "sysemu/runstate.h" #include "trace.h" #include "migration/blocker.h" +#include "exec/address-spaces.h" =20 #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" @@ -743,6 +744,88 @@ sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t = len) return 0; } =20 + +static void * +gpa2hva(hwaddr addr, uint64_t size) +{ + MemoryRegionSection mrs =3D memory_region_find(get_system_memory(), + addr, size); + + if (!mrs.mr) { + error_report("No memory is mapped at address 0x%" HWADDR_PRIx, add= r); + return NULL; + } + + if (!memory_region_is_ram(mrs.mr) && !memory_region_is_romd(mrs.mr)) { + error_report("Memory at address 0x%" HWADDR_PRIx "is not RAM", add= r); + memory_region_unref(mrs.mr); + return NULL; + } + + return qemu_map_ram_ptr(mrs.mr->ram_block, mrs.offset_within_region); +} + +int sev_inject_launch_secret(const char *packet_hdr, + const char *secret, uint64_t gpa) +{ + struct kvm_sev_launch_secret *input =3D NULL; + guchar *data =3D NULL, *hdr =3D NULL; + int error, ret =3D 1; + void *hva; + gsize hdr_sz =3D 0, data_sz =3D 0; + + /* secret can be inject only in this state */ + if (!sev_check_state(SEV_STATE_LAUNCH_SECRET)) { + error_report("Not in correct state. %x",sev_state->state); + return 1; + } + + hdr =3D g_base64_decode(packet_hdr, &hdr_sz); + if (!hdr || !hdr_sz) { + error_report("SEV: Failed to decode sequence header"); + return 1; + } + + data =3D g_base64_decode(secret, &data_sz); + if (!data || !data_sz) { + error_report("SEV: Failed to decode data"); + goto err; + } + + hva =3D gpa2hva(gpa, data_sz); + if (!hva) { + goto err; + } + input =3D g_new0(struct kvm_sev_launch_secret, 1); + + input->hdr_uaddr =3D (unsigned long)hdr; + input->hdr_len =3D hdr_sz; + + input->trans_uaddr =3D (unsigned long)data; + input->trans_len =3D data_sz; + + input->guest_uaddr =3D (unsigned long)hva; + input->guest_len =3D data_sz; + + trace_kvm_sev_launch_secret(gpa, input->guest_uaddr, + input->trans_uaddr, input->trans_len); + + ret =3D sev_ioctl(sev_state->sev_fd,KVM_SEV_LAUNCH_SECRET, input, &err= or); + if (ret) { + error_report("SEV: failed to inject secret ret=3D%d fw_error=3D%d = '%s'", + ret, error, fw_error_to_str(error)); + goto err; + } + + ret =3D 0; + +err: + g_free(data); + g_free(hdr); + g_free(input); + return ret; +} + static void sev_register_types(void) { diff --git a/target/i386/trace-events b/target/i386/trace-events index 789c700d4a..9f299e94a2 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -15,3 +15,4 @@ kvm_sev_launch_start(int policy, void *session, void *pdh= ) "policy 0x%x session kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRI= u64 kvm_sev_launch_measurement(const char *value) "data %s" kvm_sev_launch_finish(void) "" +kvm_sev_launch_secret(uint64_t hpa, uint64_t hva, uint64_t secret, int len= ) "hpa 0x%" PRIx64 " hva 0x%" PRIx64 " data 0x%" PRIx64 " len %d" diff --git a/tests/qtest/qmp-cmd-test.c b/tests/qtest/qmp-cmd-test.c index 9f5228cd99..50b2b42830 100644 --- a/tests/qtest/qmp-cmd-test.c +++ b/tests/qtest/qmp-cmd-test.c @@ -93,10 +93,10 @@ static bool query_is_blacklisted(const char *cmd) /* Success depends on target-specific build configuration: */ "query-pci", /* CONFIG_PCI */ /* Success depends on launching SEV guest */ - "query-sev-launch-measure", + // "query-sev-launch-measure", /* Success depends on Host or Hypervisor SEV support */ - "query-sev", - "query-sev-capabilities", + // "query-sev", + // "query-sev-capabilities", NULL }; int i; --=20 2.20.1 (Apple Git-117) From nobody Wed May 15 03:30:33 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1590701837; cv=none; d=zohomail.com; s=zohoarc; b=WLlMs+JdsQIs/l8QYX4xRdO2LGZJPqzId62zsdjXSg55BmY2gx40jpMvGjUmbRHhsAGGi+buxirgOajiEM5pfEFied7d6VYCu8a40EAi2pYFCs5wWpl+EbdmLYkA0k5MT8Zfc00XTQ8xJD5aof4qFRqMse3IQYb8sM75hIESIzg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1590701837; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=6cvev0gSoPqxKyyckq7pr/bP+yh/jJMaYEpgscBkYj0=; b=NwV95yvkJd5qBlhYRK7WmjUl15hc9vOT5HKflqgy9ml89nWgAak0oeG/uGhew86oQPdq00mJVkxQ/LzGN1GLj0TugP71jdbPK5Yn7m0lj1gNKJgSNJL/DWGyXhw4urSuYJ9IU5CeWwGzDLYe2eJi2Ejj+F7TTwMHcjACmXT7SbY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1590701837231310.07681159378694; Thu, 28 May 2020 14:37:17 -0700 (PDT) Received: from localhost ([::1]:60530 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jeQDD-0004y7-Pv for importer@patchew.org; Thu, 28 May 2020 17:37:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59688) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jePUq-0006qV-BZ for qemu-devel@nongnu.org; Thu, 28 May 2020 16:51:24 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:7937 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jePUo-0000xC-GM for qemu-devel@nongnu.org; Thu, 28 May 2020 16:51:23 -0400 Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 04SKbvgj019268 for ; Thu, 28 May 2020 16:51:19 -0400 Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0b-001b2d01.pphosted.com with ESMTP id 319wt1p13d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 28 May 2020 16:51:19 -0400 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 04SKfGlo029157 for ; Thu, 28 May 2020 20:51:18 GMT Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma01dal.us.ibm.com with ESMTP id 316ufb19at-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 28 May 2020 20:51:18 +0000 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 04SKpF6410093076 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 28 May 2020 20:51:15 GMT Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 81D9578066; Thu, 28 May 2020 20:51:16 +0000 (GMT) Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2327078064; Thu, 28 May 2020 20:51:16 +0000 (GMT) Received: from Tobins-MBP-2.fios-router.home (unknown [9.80.221.203]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP; Thu, 28 May 2020 20:51:16 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=6cvev0gSoPqxKyyckq7pr/bP+yh/jJMaYEpgscBkYj0=; b=OLzGfxoL+wS336bWSYqM2mFbQg+BDaI+uyoxrOeAy+G2NYRNvSKzFVeLHjfpLwNKbd82 QU1P/GUICuyRcbl+u6RbX9ziIrWeHAtzw9ihx8YEExwRiRzcgF6XsEFTj2+0Li7qTnAH cz7NvpDtkg7rWZYNtxRHAC4RgcQIhSaM/LLLPaEhEJctFC1lZd0vcA9B7Ocx7M59zTmf 33o+dGD1sm82i35kTHBdXoowjcV+mnXm3ld7VDJwz/yeP6WDOWYkGJvZ75ZWM2lOZ8le n/zz8bdafYGx9aez/lGcC3fMpAkNfTFbVlTZizATEj/2a/plU4m84knl+6ai8cK2Y+pO QA== From: Tobin Feldman-Fitzthum To: jejb@linux.ibm.com, qemu-devel@nongnu.org Subject: [PATCH 2/2] sev: scan guest ROM for launch secret address Date: Thu, 28 May 2020 16:51:14 -0400 Message-Id: <20200528205114.42078-3-tobin@linux.vnet.ibm.com> X-Mailer: git-send-email 2.20.1 (Apple Git-117) In-Reply-To: <20200528205114.42078-1-tobin@linux.vnet.ibm.com> References: <20200528205114.42078-1-tobin@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-05-28_07:2020-05-28, 2020-05-28 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 phishscore=0 spamscore=0 clxscore=1015 mlxscore=0 priorityscore=1501 impostorscore=0 lowpriorityscore=0 malwarescore=0 bulkscore=0 adultscore=0 mlxlogscore=999 cotscore=-2147483648 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005280131 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: none client-ip=148.163.158.5; envelope-from=tobin@linux.vnet.ibm.com; helo=mx0a-001b2d01.pphosted.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/28 16:51:19 X-ACL-Warn: Detected OS = Linux 3.x [generic] X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, KHOP_DYNAMIC=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Mailman-Approved-At: Thu, 28 May 2020 17:35:50 -0400 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Tobin Feldman-Fitzthum , tobin@ibm.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" From: Tobin Feldman-Fitzthum In addition to using QMP to provide the guest memory address that the launch secret blob will be injected into, the secret address can also be specified in the guest ROM. This patch adds sev_find_secret_gpa, which scans the ROM page by page to find a launch secret table identified by a GUID. If the table is found, the address it contains will be used in place of any address specified via QMP. Signed-off-by: Tobin Feldman-Fitzthum --- target/i386/sev.c | 34 ++++++++++++++++++++++++++++++++-- target/i386/sev_i386.h | 16 ++++++++++++++++ 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 774e47d9d1..4adc56d7e3 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -706,6 +706,8 @@ sev_guest_init(const char *id) s->api_major =3D status.api_major; s->api_minor =3D status.api_minor; =20 + s->secret_gpa =3D 0; + trace_kvm_sev_init(); ret =3D sev_ioctl(s->sev_fd, KVM_SEV_INIT, NULL, &fw_error); if (ret) { @@ -731,6 +733,28 @@ err: return NULL; } =20 +static void +sev_find_secret_gpa(uint8_t *ptr, uint64_t len) +{ + uint64_t offset; + + SevROMSecretTable *secret_table; + QemuUUID secret_table_guid; + + qemu_uuid_parse(SEV_ROM_SECRET_GUID,&secret_table_guid); + secret_table_guid =3D qemu_uuid_bswap(secret_table_guid); + + offset =3D len - 0x1000; + while(offset > 0) { + secret_table =3D (SevROMSecretTable *)(ptr + offset); + if(qemu_uuid_is_equal(&secret_table_guid, (QemuUUID *) secret_tabl= e)){ + sev_state->secret_gpa =3D (long unsigned int) secret_table->ba= se; + break; + } + offset -=3D 0x1000; + } +} + int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len) { @@ -738,6 +762,9 @@ sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t l= en) =20 /* if SEV is in update state then encrypt the data else do nothing */ if (sev_check_state(SEV_STATE_LAUNCH_UPDATE)) { + if(!sev_state->secret_gpa) { + sev_find_secret_gpa(ptr, len); + } return sev_launch_update_data(ptr, len); } =20 @@ -776,8 +803,8 @@ int sev_inject_launch_secret(const char *packet_hdr, =20 /* secret can be inject only in this state */ if (!sev_check_state(SEV_STATE_LAUNCH_SECRET)) { - error_report("Not in correct state. %x",sev_state->state); - return 1; + error_report("Not in correct state. %x",sev_state->state); + return 1; } =20 hdr =3D g_base64_decode(packet_hdr, &hdr_sz); @@ -792,6 +819,9 @@ int sev_inject_launch_secret(const char *packet_hdr, goto err; } =20 + if(sev_state->secret_gpa) + gpa =3D sev_state->secret_gpa; + hva =3D gpa2hva(gpa, data_sz); if (!hva) { goto err; diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h index 8ada9d385d..b1f9ab93bb 100644 --- a/target/i386/sev_i386.h +++ b/target/i386/sev_i386.h @@ -19,6 +19,7 @@ #include "sysemu/kvm.h" #include "sysemu/sev.h" #include "qemu/error-report.h" +#include "qemu/uuid.h" #include "qapi/qapi-types-misc-target.h" =20 #define SEV_POLICY_NODBG 0x1 @@ -28,6 +29,8 @@ #define SEV_POLICY_DOMAIN 0x10 #define SEV_POLICY_SEV 0x20 =20 +#define SEV_ROM_SECRET_GUID "adf956ad-e98c-484c-ae11-b51c7d336447" + #define TYPE_QSEV_GUEST_INFO "sev-guest" #define QSEV_GUEST_INFO(obj) \ OBJECT_CHECK(QSevGuestInfo, (obj), TYPE_QSEV_GUEST_INFO) @@ -42,6 +45,18 @@ extern SevCapability *sev_get_capabilities(void); =20 typedef struct QSevGuestInfo QSevGuestInfo; typedef struct QSevGuestInfoClass QSevGuestInfoClass; +typedef struct SevROMSecretTable SevROMSecretTable; + +/** + * If guest physical address for the launch secret is + * provided in the ROM, it should be in the following + * page-aligned structure. + */ +struct SevROMSecretTable { + QemuUUID guid; + unsigned int base; + unsigned int size; +}; =20 /** * QSevGuestInfo: @@ -78,6 +93,7 @@ struct SEVState { uint32_t cbitpos; uint32_t reduced_phys_bits; uint32_t handle; + uint64_t secret_gpa; int sev_fd; SevState state; gchar *measurement; --=20 2.20.1 (Apple Git-117)