From nobody Mon Feb 9 19:06:17 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1633179295; cv=none; d=zohomail.com; s=zohoarc; b=atw1a8a114DFx05ciOtFD55+C+BWtGEdcES8SO/zmEkfXwSz5S/v41CaArU3iAvvFntvpIEJIsdG/KPW3l+r/s8cdPiwuMSpaoYMweb5oZSgCs/2sOcWvp4GVYzqsncKwpdPwqxKBCXJMbIrtTJxnBTMUFac+aL+yKkfrPs60xQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1633179295; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=wGfA2j80SC2+4aGulWQ/r67RC6gVnbvOoez6cQaSfN0=; b=kJ4yHo7hH9j+YyFy/UJr6GKaS3brfNwAw8D+FRS7E4c9m+hlu2Xnu6aMdCvMe0+ZYv/bswMvy0FaNRgVg4l4ar9Iq7H5Kytz0Ya3qocQkQX5ayxkJn7vMlNTVlbBkBYs9UV8Q1ObXzeVjBcJWW5lTXt/6r992OpQCt2yc8CUmwg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1633179294896336.85672716425154; Sat, 2 Oct 2021 05:54:54 -0700 (PDT) Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-547-FxQk8tPlM_OmuyhQbOSioA-1; Sat, 02 Oct 2021 08:54:50 -0400 Received: by mail-wm1-f71.google.com with SMTP id x3-20020a05600c21c300b0030d2b0fb3b4so4597978wmj.5 for ; Sat, 02 Oct 2021 05:54:50 -0700 (PDT) Return-Path: Return-Path: Received: from x1w.. (118.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.118]) by smtp.gmail.com with ESMTPSA id z5sm13146962wmp.26.2021.10.02.05.54.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 02 Oct 2021 05:54:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1633179293; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wGfA2j80SC2+4aGulWQ/r67RC6gVnbvOoez6cQaSfN0=; b=F4lEicq4POgH5S4S+PuEq4PQfogtsD20a/y8/nRLit2FfSMAqnSjouvoBZ3dUgKDrrD+Wj QCUXBsNdrD8eG4HJya8j5VZeKhmDc/iJjvSwH2mIrhSEpXSrS+f+gfmd5xrvHqmBwkN+I0 EUNOpIG1K+mzXX2PPduPUb/cOuWaUVA= X-MC-Unique: FxQk8tPlM_OmuyhQbOSioA-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wGfA2j80SC2+4aGulWQ/r67RC6gVnbvOoez6cQaSfN0=; b=ljyU0DUz6fGwLU/FzMaqu7xytLy8O+PKkTMBbTfQwHQZD32n1Lgb8ifFFOQKm6M1vo 7NNprkTZli4MVz/ZRHY5vAD2Z+9BcN1z7ZJRKFUVSI/MlanM2g3PUWLiNaRqB8UvvZ9d i00taDD1R8i1pvr3uzDbZ4PiCcL6aNQja3kYA0RSYo3VTzZJFtbrAxT41iBeYpDabdqM eqZMX31nNv9snKymkDorNMBeXVaQdk8HH7+wUWOuOxh4GML/yr0djok/Jt7hLx2jm3fI TIAizIEOMpRN9s0KVYKStAAWkpmp5iQiYGnzGa9GeXcNcPJuZ5d/b6hRaPw+9oc+72MU yZ8A== X-Gm-Message-State: AOAM531WbSTeU+6ghCgTq9eumzdh1cLogJIZWrY2QT3SR8M394OnIpAn 1KYVEbqKWx0GJuSmGaZ0XtIUxhtz0rbitciJ7aNvZ7zax0MEtj1eY5pkx4/5ghtrgxJxVHZbL/9 aBOwTBNgTjrSoKw== X-Received: by 2002:adf:cf10:: with SMTP id o16mr3263912wrj.12.1633179289664; Sat, 02 Oct 2021 05:54:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwIlAGUzy37xRAc3wO3Jx5AvnPpGg0GVEAXuua31avnpgtYrsVxayrEFINAr8sZqcOzoicXYw== X-Received: by 2002:adf:cf10:: with SMTP id o16mr3263894wrj.12.1633179289485; Sat, 02 Oct 2021 05:54:49 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , "Dr . David Alan Gilbert" , Dov Murik , Sergio Lopez , kvm@vger.kernel.org, James Bottomley , Eduardo Habkost , Paolo Bonzini , Brijesh Singh , "Daniel P . Berrange" Subject: [PATCH v3 20/22] sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot Date: Sat, 2 Oct 2021 14:53:15 +0200 Message-Id: <20211002125317.3418648-21-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211002125317.3418648-1-philmd@redhat.com> References: <20211002125317.3418648-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1633179295417100001 From: Dov Murik Add the sev_add_kernel_loader_hashes function to calculate the hashes of the kernel/initrd/cmdline and fill a designated OVMF encrypted hash table area. For this to work, OVMF must support an encrypted area to place the data which is advertised via a special GUID in the OVMF reset table. The hashes of each of the files is calculated (or the string in the case of the cmdline with trailing '\0' included). Each entry in the hashes table is GUID identified and since they're passed through the sev_encrypt_flash interface, the hashes will be accumulated by the AMD PSP measurement (SEV_LAUNCH_MEASURE). Co-developed-by: James Bottomley Signed-off-by: James Bottomley Signed-off-by: Dov Murik Reviewed-by: Daniel P. Berrang=C3=A9 Message-Id: <20210930054915.13252-2-dovmurik@linux.ibm.com> [PMD: Rebased on top of 0021c4765a6] Signed-off-by: Philippe Mathieu-Daud=C3=A9 --- target/i386/sev_i386.h | 12 ++++ target/i386/sev.c | 138 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 150 insertions(+) diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h index 15a959d6174..17031cddd37 100644 --- a/target/i386/sev_i386.h +++ b/target/i386/sev_i386.h @@ -23,9 +23,21 @@ #define SEV_POLICY_DOMAIN 0x10 #define SEV_POLICY_SEV 0x20 =20 +typedef struct SevKernelLoaderContext { + char *setup_data; + size_t setup_size; + char *kernel_data; + size_t kernel_size; + char *initrd_data; + size_t initrd_size; + char *cmdline_data; + size_t cmdline_size; +} SevKernelLoaderContext; + int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp); int sev_inject_launch_secret(const char *hdr, const char *secret, uint64_t gpa, Error **errp); +bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **err= p); =20 int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size); void sev_es_set_reset_vector(CPUState *cpu); diff --git a/target/i386/sev.c b/target/i386/sev.c index c6d8fc52eb2..91fdf0d4503 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -23,6 +23,7 @@ #include "qemu/base64.h" #include "qemu/module.h" #include "qemu/uuid.h" +#include "crypto/hash.h" #include "sysemu/kvm.h" #include "sev_i386.h" #include "sysemu/sysemu.h" @@ -86,6 +87,32 @@ typedef struct __attribute__((__packed__)) SevInfoBlock { uint32_t reset_addr; } SevInfoBlock; =20 +#define SEV_HASH_TABLE_RV_GUID "7255371f-3a3b-4b04-927b-1da6efa8d454" +typedef struct QEMU_PACKED SevHashTableDescriptor { + /* SEV hash table area guest address */ + uint32_t base; + /* SEV hash table area size (in bytes) */ + uint32_t size; +} SevHashTableDescriptor; + +/* hard code sha256 digest size */ +#define HASH_SIZE 32 + +typedef struct QEMU_PACKED SevHashTableEntry { + QemuUUID guid; + uint16_t len; + uint8_t hash[HASH_SIZE]; +} SevHashTableEntry; + +typedef struct QEMU_PACKED SevHashTable { + QemuUUID guid; + uint16_t len; + SevHashTableEntry cmdline; + SevHashTableEntry initrd; + SevHashTableEntry kernel; + uint8_t padding[]; +} SevHashTable; + static SevGuestState *sev_guest; static Error *sev_mig_blocker; =20 @@ -1151,6 +1178,117 @@ int sev_es_save_reset_vector(void *flash_ptr, uint6= 4_t flash_size) return 0; } =20 +static const QemuUUID sev_hash_table_header_guid =3D { + .data =3D UUID_LE(0x9438d606, 0x4f22, 0x4cc9, 0xb4, 0x79, 0xa7, 0x93, + 0xd4, 0x11, 0xfd, 0x21) +}; + +static const QemuUUID sev_kernel_entry_guid =3D { + .data =3D UUID_LE(0x4de79437, 0xabd2, 0x427f, 0xb8, 0x35, 0xd5, 0xb1, + 0x72, 0xd2, 0x04, 0x5b) +}; +static const QemuUUID sev_initrd_entry_guid =3D { + .data =3D UUID_LE(0x44baf731, 0x3a2f, 0x4bd7, 0x9a, 0xf1, 0x41, 0xe2, + 0x91, 0x69, 0x78, 0x1d) +}; +static const QemuUUID sev_cmdline_entry_guid =3D { + .data =3D UUID_LE(0x97d02dd8, 0xbd20, 0x4c94, 0xaa, 0x78, 0xe7, 0x71, + 0x4d, 0x36, 0xab, 0x2a) +}; + +/* + * Add the hashes of the linux kernel/initrd/cmdline to an encrypted guest= page + * which is included in SEV's initial memory measurement. + */ +bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **err= p) +{ + uint8_t *data; + SevHashTableDescriptor *area; + SevHashTable *ht; + uint8_t cmdline_hash[HASH_SIZE]; + uint8_t initrd_hash[HASH_SIZE]; + uint8_t kernel_hash[HASH_SIZE]; + uint8_t *hashp; + size_t hash_len =3D HASH_SIZE; + int aligned_len; + + if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) { + error_setg(errp, + "SEV: kernel specified but OVMF has no hash table guid"= ); + return false; + } + area =3D (SevHashTableDescriptor *)data; + + /* + * Calculate hash of kernel command-line with the terminating null byt= e. If + * the user doesn't supply a command-line via -append, the 1-byte "\0"= will + * be used. + */ + hashp =3D cmdline_hash; + if (qcrypto_hash_bytes(QCRYPTO_HASH_ALG_SHA256, ctx->cmdline_data, + ctx->cmdline_size, &hashp, &hash_len, errp) < 0= ) { + return false; + } + assert(hash_len =3D=3D HASH_SIZE); + + /* + * Calculate hash of initrd. If the user doesn't supply an initrd via + * -initrd, an empty buffer will be used (ctx->initrd_size =3D=3D 0). + */ + hashp =3D initrd_hash; + if (qcrypto_hash_bytes(QCRYPTO_HASH_ALG_SHA256, ctx->initrd_data, + ctx->initrd_size, &hashp, &hash_len, errp) < 0)= { + return false; + } + assert(hash_len =3D=3D HASH_SIZE); + + /* Calculate hash of the kernel */ + hashp =3D kernel_hash; + struct iovec iov[2] =3D { + { .iov_base =3D ctx->setup_data, .iov_len =3D ctx->setup_size }, + { .iov_base =3D ctx->kernel_data, .iov_len =3D ctx->kernel_size } + }; + if (qcrypto_hash_bytesv(QCRYPTO_HASH_ALG_SHA256, iov, ARRAY_SIZE(iov), + &hashp, &hash_len, errp) < 0) { + return false; + } + assert(hash_len =3D=3D HASH_SIZE); + + /* + * Populate the hashes table in the guest's memory at the OVMF-designa= ted + * area for the SEV hashes table + */ + ht =3D qemu_map_ram_ptr(NULL, area->base); + + ht->guid =3D sev_hash_table_header_guid; + ht->len =3D sizeof(*ht); + + ht->cmdline.guid =3D sev_cmdline_entry_guid; + ht->cmdline.len =3D sizeof(ht->cmdline); + memcpy(ht->cmdline.hash, cmdline_hash, sizeof(ht->cmdline.hash)); + + ht->initrd.guid =3D sev_initrd_entry_guid; + ht->initrd.len =3D sizeof(ht->initrd); + memcpy(ht->initrd.hash, initrd_hash, sizeof(ht->initrd.hash)); + + ht->kernel.guid =3D sev_kernel_entry_guid; + ht->kernel.len =3D sizeof(ht->kernel); + memcpy(ht->kernel.hash, kernel_hash, sizeof(ht->kernel.hash)); + + /* When calling sev_encrypt_flash, the length has to be 16 byte aligne= d */ + aligned_len =3D ROUND_UP(ht->len, 16); + if (aligned_len !=3D ht->len) { + /* zero the excess data so the measurement can be reliably calcula= ted */ + memset(ht->padding, 0, aligned_len - ht->len); + } + + if (sev_encrypt_flash((uint8_t *)ht, aligned_len, errp) < 0) { + return false; + } + + return true; +} + static void sev_register_types(void) { --=20 2.31.1