From nobody Fri Dec 19 17:34:23 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1601039130; cv=none; d=zohomail.com; s=zohoarc; b=TPEt/UT1Kl9APi8RxNYMJlsJCpYRqwcQiw/vaU84qu54I4+WkxYYIPoxVwov2PsrHA7qjPr93x/gbnxIw+XeFpDQ9Wmwrci1rRl+NiMS4ZRbq+jERy9x9At/PmVSSJOJr7aCgmKb9nhpEK5Psk6+kdoo85kNNaqI4Cq/j6taPbw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1601039130; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=pVKBS48AbwRPMB8Nsn3vDh4qlhS4C2TzgyypcYvasXA=; b=jJBXTUFiza/gv/KZnk8y9tBUeOl/LEGT1OoSgiKob3EP/YoRhN35kSlJ5GFZ1FdT+F1fTV+TtXBEjoFU3/SJqgtCvJUGNX6hvm7wawKKg/Q0FtLpVSxzTZZGth3gUEmMup5bip0uyLul5I3BWuN26rdcSjdK7zOilDfZU2q4UO4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1601039130549426.45849711015387; Fri, 25 Sep 2020 06:05:30 -0700 (PDT) Received: from localhost ([::1]:46816 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kLnPl-0007hX-27 for importer@patchew.org; Fri, 25 Sep 2020 09:05:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50202) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kLnJj-0002aU-VH for qemu-devel@nongnu.org; Fri, 25 Sep 2020 08:59:16 -0400 Received: from mail-wr1-x431.google.com ([2a00:1450:4864:20::431]:42694) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kLnJg-0002H4-FG for qemu-devel@nongnu.org; Fri, 25 Sep 2020 08:59:15 -0400 Received: by mail-wr1-x431.google.com with SMTP id c18so3486009wrm.9 for ; Fri, 25 Sep 2020 05:59:11 -0700 (PDT) Received: from zen.linaroharston ([51.148.130.216]) by smtp.gmail.com with ESMTPSA id e1sm2891195wrp.49.2020.09.25.05.59.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Sep 2020 05:59:02 -0700 (PDT) Received: from zen.lan (localhost [127.0.0.1]) by zen.linaroharston (Postfix) with ESMTP id 064BC1FF7E; Fri, 25 Sep 2020 13:51:50 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=pVKBS48AbwRPMB8Nsn3vDh4qlhS4C2TzgyypcYvasXA=; b=ZBJZ7pcJqJAVmUAbL4bU66vcIwVRIBqHWOASZ/moE0vV9ZZ33zqzmEXlFz4PpHxyJj Uaz50G84KCnXXDED5db8v/So/HcoT41z/5o6kTlmVpJeGh9K1osiMIDL+9ePs+osyjtw ILIJ4EmKoiyejWgBu8wQq6abQvntQ8CYDjEe2HFSomOfk4gmh26KOujkWs9BaIO1BKUR Z1Uh1k1BlhWT/C+rmkcVZk7X5PcR9R/g/YTXKLN7lFCNJhPdxGR+HfwTM8xnlyqrvzDG a+1tkSxfjFM2zda9K6l23VMm3E+YHLGwoij5h5DI9k3dvIDSp0NyuCjHuEyXrR0ZUmiP c69g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pVKBS48AbwRPMB8Nsn3vDh4qlhS4C2TzgyypcYvasXA=; b=fR5KJ/Cu7kIcb6U5JabxCnHRARqZAXFNnWU2YvtsrIp8mHAWTjExXo3lg03vLcE0mn Im5CKDyJrfB6526d4I4ApURoBMcNoNwCVQ1W9yX8x3jWW3Zr5XfcU9JSMj5j8AmwwVxJ seZXqPH0Dxqc1ru4W3zr6pUvNsE8l7BCkZVfjxFjHCq1P6TPUDpvvdqyoY9Wk4Lz91qK 8zaAQoI7rKmVl5ozYYUziZyu+ybDbiwp+9xGl4wRutYKt7hJCpaQx3kSxwCLE1yCqtvV bCO1spty42A1HGDHgN77kXCQjs0+z92vg0nXPubpoicB298zqihoiPui+QUA8flOG/Su 8AIg== X-Gm-Message-State: AOAM531/SLnR/XthWJHigYxhLZFtlQD6Rl4nf826oJIb4Tl0tk2uNoPQ 18X20V5bN35QkFQE4hY5hARGWQ== X-Google-Smtp-Source: ABdhPJwCqES0abvcUL6qZHv6FfjWwPBI3DLs8hO10nQV8cxdXD+ajQvsKcdNDT3JetUMn+NKAOi/PQ== X-Received: by 2002:a5d:4cc1:: with SMTP id c1mr4416288wrt.122.1601038750650; Fri, 25 Sep 2020 05:59:10 -0700 (PDT) From: =?UTF-8?q?Alex=20Benn=C3=A9e?= To: qemu-devel@nongnu.org, maxim.uvarov@linaro.org, joakim.bech@linaro.org, ilias.apalodimas@linaro.org, tomas.winkler@intel.com, yang.huang@intel.com, bing.zhu@intel.com, Matti.Moell@opensynergy.com, hmo@opensynergy.com Subject: [RFC PATCH 19/19] docs: add a man page for vhost-user-rpmb Date: Fri, 25 Sep 2020 13:51:47 +0100 Message-Id: <20200925125147.26943-20-alex.bennee@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200925125147.26943-1-alex.bennee@linaro.org> References: <20200925125147.26943-1-alex.bennee@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::431; envelope-from=alex.bennee@linaro.org; helo=mail-wr1-x431.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: jean-philippe@linaro.org, takahiro.akashi@linaro.org, virtualization@lists.linuxfoundation.org, =?UTF-8?q?Alex=20Benn=C3=A9e?= , arnd@linaro.org, stratos-dev@op-lists.linaro.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Basic usage and example invocation. Signed-off-by: Alex Benn=C3=A9e --- docs/tools/index.rst | 1 + docs/tools/vhost-user-rpmb.rst | 102 +++++++++++++++++++++++++++++++++ 2 files changed, 103 insertions(+) create mode 100644 docs/tools/vhost-user-rpmb.rst diff --git a/docs/tools/index.rst b/docs/tools/index.rst index 232ce9f3e463..488784b3bf1f 100644 --- a/docs/tools/index.rst +++ b/docs/tools/index.rst @@ -15,3 +15,4 @@ Contents: qemu-trace-stap virtfs-proxy-helper virtiofsd + vhost-user-rpmb diff --git a/docs/tools/vhost-user-rpmb.rst b/docs/tools/vhost-user-rpmb.rst new file mode 100644 index 000000000000..40d5d3bceb7c --- /dev/null +++ b/docs/tools/vhost-user-rpmb.rst @@ -0,0 +1,102 @@ +QEMU vhost-user-rpmb - rpmb emulation backend +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Synopsis +-------- + +**vhost-user-rpmb** [*OPTIONS*] + +Description +----------- + +This program is a vhost-user backed that emulates a VirtIO Replay +Protected Memory Block device. These are usually special partitions +that are part of a flash device that offer protection against reply +attacks. They are used to store secure information in a way that is +hard to tamper with. + +This program is designed to work with QEMU's ``--device +vhost-user-rpmb-pci`` but should work with any virtual machine +monitor (VMM) that supports vhost-user. See the Examples section +below. + +This program requires a backing store to persist any data programmed +into the device. The spec supports devices up 32Mb in size. For the +daemon this is simply a raw file of the appropriate size. To program +the device it needs to have a key. This can either be programmed by +the guest at the start or come from a key file supplied to the daemon. + +Options +------- + +.. program:: vhost-user-rpmb + +.. option:: -h, --help + + Print help. + +.. option:: -V, --version + + Print version. + +.. option:: -v, --verbose + + Increase verbosity of output + =20 +.. option:: --debug + + Enable debug output. + +.. option:: --socket-path=3DPATH + + Listen on vhost-user UNIX domain socket at PATH. Incompatible with --fd. + +.. option:: --fd=3DFDNUM + + Accept connections from vhost-user UNIX domain socket file descriptor FD= NUM. + The file descriptor must already be listening for connections. + Incompatible with --socket-path. + +.. option:: --flash-path=3DPATH + + Path to the backing store for the flash image, can be up to 32Mb in size. + +.. option:: --key-path=3DPATH + + Path to the backing store for the key of 32 bytes. + =20 +.. option:: --key-set + + Treat the value of key-path as set meaning the key cannot be + reprogrammed by the guest. + +.. option:: --initial-counter=3DN + + Set the initial value of the devices write count. It is + incremented by each write operation.=20 + +Examples +-------- + +The daemon should be started first: + +:: + + host# vhost-user-rpmb --socket-path=3Dvrpmb.sock \ + --flash-path=3Dflash.img \ + --key-path=3Dkey --key-set \ + --initial-counter=3D1234 + +The QEMU invocation needs to create a chardev socket the device can +use to communicate as well as share the guests memory over a memfd. + +:: + + host# qemu-system \ + -chardev socket,path=3Dvrpmb.sock,id=3Dvrpmb \ + -device vhost-user-rpmb-pci,chardev=3Dvrpmb,id=3Drpmb \ + -m 4096 \ + -object memory-backend-file,id=3Dmem,size=3D4G,mem-path=3D/dev/shm,s= hare=3Don \ + -numa node,memdev=3Dmem \ + ... + --=20 2.20.1