Several architectures have mechanisms which are designed to protect guest
memory from interference or eavesdropping by a compromised hypervisor. AMD
SEV does this with in-chip memory encryption and Intel has a similar
mechanism. POWER's Protected Execution Framework (PEF) accomplishes a
similar goal using an ultravisor and new memory protection features,
instead of encryption.
To (partially) unify handling for these, this introduces a new
HostTrustLimitation QOM interface.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
backends/Makefile.objs | 2 ++
backends/host-trust-limitation.c | 29 ++++++++++++++++++++++++
include/exec/host-trust-limitation.h | 33 ++++++++++++++++++++++++++++
include/qemu/typedefs.h | 1 +
4 files changed, 65 insertions(+)
create mode 100644 backends/host-trust-limitation.c
create mode 100644 include/exec/host-trust-limitation.h
diff --git a/backends/Makefile.objs b/backends/Makefile.objs
index 28a847cd57..af761c9ab1 100644
--- a/backends/Makefile.objs
+++ b/backends/Makefile.objs
@@ -21,3 +21,5 @@ common-obj-$(CONFIG_LINUX) += hostmem-memfd.o
common-obj-$(CONFIG_GIO) += dbus-vmstate.o
dbus-vmstate.o-cflags = $(GIO_CFLAGS)
dbus-vmstate.o-libs = $(GIO_LIBS)
+
+common-obj-y += host-trust-limitation.o
diff --git a/backends/host-trust-limitation.c b/backends/host-trust-limitation.c
new file mode 100644
index 0000000000..96a381cd8a
--- /dev/null
+++ b/backends/host-trust-limitation.c
@@ -0,0 +1,29 @@
+/*
+ * QEMU Host Trust Limitation interface
+ *
+ * Copyright: David Gibson, Red Hat Inc. 2020
+ *
+ * Authors:
+ * David Gibson <david@gibson.dropbear.id.au>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later. See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+
+#include "exec/host-trust-limitation.h"
+
+static const TypeInfo host_trust_limitation_info = {
+ .name = TYPE_HOST_TRUST_LIMITATION,
+ .parent = TYPE_INTERFACE,
+ .class_size = sizeof(HostTrustLimitationClass),
+};
+
+static void host_trust_limitation_register_types(void)
+{
+ type_register_static(&host_trust_limitation_info);
+}
+
+type_init(host_trust_limitation_register_types)
diff --git a/include/exec/host-trust-limitation.h b/include/exec/host-trust-limitation.h
new file mode 100644
index 0000000000..03887b1be1
--- /dev/null
+++ b/include/exec/host-trust-limitation.h
@@ -0,0 +1,33 @@
+/*
+ * QEMU Host Trust Limitation interface
+ *
+ * Copyright: David Gibson, Red Hat Inc. 2020
+ *
+ * Authors:
+ * David Gibson <david@gibson.dropbear.id.au>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later. See the COPYING file in the top-level directory.
+ *
+ */
+#ifndef QEMU_HOST_TRUST_LIMITATION_H
+#define QEMU_HOST_TRUST_LIMITATION_H
+
+#include "qom/object.h"
+
+#define TYPE_HOST_TRUST_LIMITATION "host-trust-limitation"
+#define HOST_TRUST_LIMITATION(obj) \
+ INTERFACE_CHECK(HostTrustLimitation, (obj), \
+ TYPE_HOST_TRUST_LIMITATION)
+#define HOST_TRUST_LIMITATION_CLASS(klass) \
+ OBJECT_CLASS_CHECK(HostTrustLimitationClass, (klass), \
+ TYPE_HOST_TRUST_LIMITATION)
+#define HOST_TRUST_LIMITATION_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(HostTrustLimitationClass, (obj), \
+ TYPE_HOST_TRUST_LIMITATION)
+
+typedef struct HostTrustLimitationClass {
+ InterfaceClass parent;
+} HostTrustLimitationClass;
+
+#endif /* QEMU_HOST_TRUST_LIMITATION_H */
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index ce4a78b687..f75c7eb2f2 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -51,6 +51,7 @@ typedef struct FWCfgIoState FWCfgIoState;
typedef struct FWCfgMemState FWCfgMemState;
typedef struct FWCfgState FWCfgState;
typedef struct HostMemoryBackend HostMemoryBackend;
+typedef struct HostTrustLimitation HostTrustLimitation;
typedef struct I2CBus I2CBus;
typedef struct I2SCodec I2SCodec;
typedef struct IOMMUMemoryRegion IOMMUMemoryRegion;
--
2.26.2
* David Gibson (david@gibson.dropbear.id.au) wrote:
> Several architectures have mechanisms which are designed to protect guest
> memory from interference or eavesdropping by a compromised hypervisor. AMD
> SEV does this with in-chip memory encryption and Intel has a similar
> mechanism. POWER's Protected Execution Framework (PEF) accomplishes a
> similar goal using an ultravisor and new memory protection features,
> instead of encryption.
>
> To (partially) unify handling for these, this introduces a new
> HostTrustLimitation QOM interface.
This does make some sense to me from a SEV point of view, so
Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> ---
> backends/Makefile.objs | 2 ++
> backends/host-trust-limitation.c | 29 ++++++++++++++++++++++++
> include/exec/host-trust-limitation.h | 33 ++++++++++++++++++++++++++++
> include/qemu/typedefs.h | 1 +
> 4 files changed, 65 insertions(+)
> create mode 100644 backends/host-trust-limitation.c
> create mode 100644 include/exec/host-trust-limitation.h
>
> diff --git a/backends/Makefile.objs b/backends/Makefile.objs
> index 28a847cd57..af761c9ab1 100644
> --- a/backends/Makefile.objs
> +++ b/backends/Makefile.objs
> @@ -21,3 +21,5 @@ common-obj-$(CONFIG_LINUX) += hostmem-memfd.o
> common-obj-$(CONFIG_GIO) += dbus-vmstate.o
> dbus-vmstate.o-cflags = $(GIO_CFLAGS)
> dbus-vmstate.o-libs = $(GIO_LIBS)
> +
> +common-obj-y += host-trust-limitation.o
> diff --git a/backends/host-trust-limitation.c b/backends/host-trust-limitation.c
> new file mode 100644
> index 0000000000..96a381cd8a
> --- /dev/null
> +++ b/backends/host-trust-limitation.c
> @@ -0,0 +1,29 @@
> +/*
> + * QEMU Host Trust Limitation interface
> + *
> + * Copyright: David Gibson, Red Hat Inc. 2020
> + *
> + * Authors:
> + * David Gibson <david@gibson.dropbear.id.au>
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or
> + * later. See the COPYING file in the top-level directory.
> + *
> + */
> +
> +#include "qemu/osdep.h"
> +
> +#include "exec/host-trust-limitation.h"
> +
> +static const TypeInfo host_trust_limitation_info = {
> + .name = TYPE_HOST_TRUST_LIMITATION,
> + .parent = TYPE_INTERFACE,
> + .class_size = sizeof(HostTrustLimitationClass),
> +};
> +
> +static void host_trust_limitation_register_types(void)
> +{
> + type_register_static(&host_trust_limitation_info);
> +}
> +
> +type_init(host_trust_limitation_register_types)
> diff --git a/include/exec/host-trust-limitation.h b/include/exec/host-trust-limitation.h
> new file mode 100644
> index 0000000000..03887b1be1
> --- /dev/null
> +++ b/include/exec/host-trust-limitation.h
> @@ -0,0 +1,33 @@
> +/*
> + * QEMU Host Trust Limitation interface
> + *
> + * Copyright: David Gibson, Red Hat Inc. 2020
> + *
> + * Authors:
> + * David Gibson <david@gibson.dropbear.id.au>
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or
> + * later. See the COPYING file in the top-level directory.
> + *
> + */
> +#ifndef QEMU_HOST_TRUST_LIMITATION_H
> +#define QEMU_HOST_TRUST_LIMITATION_H
> +
> +#include "qom/object.h"
> +
> +#define TYPE_HOST_TRUST_LIMITATION "host-trust-limitation"
> +#define HOST_TRUST_LIMITATION(obj) \
> + INTERFACE_CHECK(HostTrustLimitation, (obj), \
> + TYPE_HOST_TRUST_LIMITATION)
> +#define HOST_TRUST_LIMITATION_CLASS(klass) \
> + OBJECT_CLASS_CHECK(HostTrustLimitationClass, (klass), \
> + TYPE_HOST_TRUST_LIMITATION)
> +#define HOST_TRUST_LIMITATION_GET_CLASS(obj) \
> + OBJECT_GET_CLASS(HostTrustLimitationClass, (obj), \
> + TYPE_HOST_TRUST_LIMITATION)
> +
> +typedef struct HostTrustLimitationClass {
> + InterfaceClass parent;
> +} HostTrustLimitationClass;
> +
> +#endif /* QEMU_HOST_TRUST_LIMITATION_H */
> diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
> index ce4a78b687..f75c7eb2f2 100644
> --- a/include/qemu/typedefs.h
> +++ b/include/qemu/typedefs.h
> @@ -51,6 +51,7 @@ typedef struct FWCfgIoState FWCfgIoState;
> typedef struct FWCfgMemState FWCfgMemState;
> typedef struct FWCfgState FWCfgState;
> typedef struct HostMemoryBackend HostMemoryBackend;
> +typedef struct HostTrustLimitation HostTrustLimitation;
> typedef struct I2CBus I2CBus;
> typedef struct I2SCodec I2SCodec;
> typedef struct IOMMUMemoryRegion IOMMUMemoryRegion;
> --
> 2.26.2
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
On 6/18/20 7:05 PM, David Gibson wrote: > Several architectures have mechanisms which are designed to protect guest > memory from interference or eavesdropping by a compromised hypervisor. AMD > SEV does this with in-chip memory encryption and Intel has a similar > mechanism. POWER's Protected Execution Framework (PEF) accomplishes a > similar goal using an ultravisor and new memory protection features, > instead of encryption. > > To (partially) unify handling for these, this introduces a new > HostTrustLimitation QOM interface. > > Signed-off-by: David Gibson <david@gibson.dropbear.id.au> > --- > backends/Makefile.objs | 2 ++ > backends/host-trust-limitation.c | 29 ++++++++++++++++++++++++ > include/exec/host-trust-limitation.h | 33 ++++++++++++++++++++++++++++ > include/qemu/typedefs.h | 1 + > 4 files changed, 65 insertions(+) > create mode 100644 backends/host-trust-limitation.c > create mode 100644 include/exec/host-trust-limitation.h Reviewed-by: Richard Henderson <richard.henderson@linaro.org> r~
© 2016 - 2026 Red Hat, Inc.