From nobody Sat May 18 16:46:50 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1637243695567975.6219675022716; Thu, 18 Nov 2021 05:54:55 -0800 (PST) Received: from localhost ([::1]:58924 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mnhsM-0005Sj-5y for importer@patchew.org; Thu, 18 Nov 2021 08:54:54 -0500 Received: from eggs.gnu.org ([209.51.188.92]:56672) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnha7-0008Bw-UR for qemu-devel@nongnu.org; Thu, 18 Nov 2021 08:36:04 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:25125) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnha5-0002mE-IH for qemu-devel@nongnu.org; Thu, 18 Nov 2021 08:36:03 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-474-FbknGE8nP2Wazk_YUFwJSw-1; Thu, 18 Nov 2021 08:35:58 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 93808E76A; Thu, 18 Nov 2021 13:35:57 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.247]) by smtp.corp.redhat.com (Postfix) with ESMTP id CA59F62A41; Thu, 18 Nov 2021 13:35:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637242560; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sC2/GhPsa55zwleyfZCLuH4QLV2IrFnSorCZ7OtK/E8=; b=d521wthj1v/hspxOmM+NUS+EP++2lYxEuNcZqrgtLQJYlP+z5yQZhi/b01qndAc2QX6e0a G4XNQMXaYHOoWy2QY/SgJGQ9vfFkscfbY0QJRX8cCEVHzgLtGDq9vHXzghDYmVJyEr2ASN 8JAaWDJy7QNWgg42RqCQTAwYkiTZxYM= X-MC-Unique: FbknGE8nP2Wazk_YUFwJSw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 1/6] qapi/qom, target/i386: sev-guest: Introduce kernel-hashes=on|off option Date: Thu, 18 Nov 2021 13:35:27 +0000 Message-Id: <20211118133532.2029166-2-berrange@redhat.com> In-Reply-To: <20211118133532.2029166-1-berrange@redhat.com> References: <20211118133532.2029166-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , kvm@vger.kernel.org, Marcelo Tosatti , Markus Armbruster , Dov Murik , Brijesh Singh , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1637243696043100003 From: Dov Murik Introduce new boolean 'kernel-hashes' option on the sev-guest object. It will be used to to decide whether to add the hashes of kernel/initrd/cmdline to SEV guest memory when booting with -kernel. The default value is 'off'. Signed-off-by: Dov Murik Acked-by: Brijesh Singh Signed-off-by: Daniel P. Berrang=C3=A9 --- qapi/qom.json | 7 ++++++- qemu-options.hx | 6 +++++- target/i386/sev.c | 20 ++++++++++++++++++++ 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/qapi/qom.json b/qapi/qom.json index ccd1167808..eeb5395ff3 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -769,6 +769,10 @@ # @reduced-phys-bits: number of bits in physical addresses that become # unavailable when SEV is enabled # +# @kernel-hashes: if true, add hashes of kernel/initrd/cmdline to a +# designated guest firmware page for measured boot +# with -kernel (default: false) (since 6.2) +# # Since: 2.12 ## { 'struct': 'SevGuestProperties', @@ -778,7 +782,8 @@ '*policy': 'uint32', '*handle': 'uint32', '*cbitpos': 'uint32', - 'reduced-phys-bits': 'uint32' } } + 'reduced-phys-bits': 'uint32', + '*kernel-hashes': 'bool' } } =20 ## # @ObjectType: diff --git a/qemu-options.hx b/qemu-options.hx index 7749f59300..ae2c6dbbfc 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -5189,7 +5189,7 @@ SRST -object secret,id=3Dsec0,keyid=3Dsecmaster0,format=3Dbase= 64,\\ data=3D$SECRET,iv=3D$(sev_device =3D g_strdup(value); } =20 +static bool sev_guest_get_kernel_hashes(Object *obj, Error **errp) +{ + SevGuestState *sev =3D SEV_GUEST(obj); + + return sev->kernel_hashes; +} + +static void sev_guest_set_kernel_hashes(Object *obj, bool value, Error **e= rrp) +{ + SevGuestState *sev =3D SEV_GUEST(obj); + + sev->kernel_hashes =3D value; +} + static void sev_guest_class_init(ObjectClass *oc, void *data) { @@ -345,6 +360,11 @@ sev_guest_class_init(ObjectClass *oc, void *data) sev_guest_set_session_file); object_class_property_set_description(oc, "session-file", "guest owners session parameters (encoded with base64)"); + object_class_property_add_bool(oc, "kernel-hashes", + sev_guest_get_kernel_hashes, + sev_guest_set_kernel_hashes); + object_class_property_set_description(oc, "kernel-hashes", + "add kernel hashes to guest firmware for measured Linux boot"); } =20 static void --=20 2.31.1 From nobody Sat May 18 16:46:50 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 163724322631151.2109198705806; Thu, 18 Nov 2021 05:47:06 -0800 (PST) Received: from localhost ([::1]:42458 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mnhkn-00026r-5i for importer@patchew.org; Thu, 18 Nov 2021 08:47:05 -0500 Received: from eggs.gnu.org ([209.51.188.92]:56694) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnhaC-0008FH-BN for qemu-devel@nongnu.org; Thu, 18 Nov 2021 08:36:10 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:44296) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnha9-0002mv-TU for qemu-devel@nongnu.org; Thu, 18 Nov 2021 08:36:07 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-580-3KTXJAtrMM6N6AzudDP1nQ-1; Thu, 18 Nov 2021 08:36:01 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E21E487D545; Thu, 18 Nov 2021 13:35:59 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.247]) by smtp.corp.redhat.com (Postfix) with ESMTP id D5FE162A41; Thu, 18 Nov 2021 13:35:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637242564; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uIRPYc+XbbN/gDdZNFNpMojMoOex7CBq55PiFFzw3r8=; b=DNJAMmpzz3QyXEW2XCBB4qRsx64kbFozComG9iZ6Pxl4QBCojAMRmKNHYS48EZs7JxbGlm 4AUNb4iBazSGTs47u89o9kjmyQocmHbdsc04tgR3mR2/TyedoZeiKpxpvaWNoVE/1boRmH a60mei9azKqH0rvObY0PvYTOabeQ+yw= X-MC-Unique: 3KTXJAtrMM6N6AzudDP1nQ-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 2/6] target/i386/sev: Add kernel hashes only if sev-guest.kernel-hashes=on Date: Thu, 18 Nov 2021 13:35:28 +0000 Message-Id: <20211118133532.2029166-3-berrange@redhat.com> In-Reply-To: <20211118133532.2029166-1-berrange@redhat.com> References: <20211118133532.2029166-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Tom Lendacky , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , kvm@vger.kernel.org, Marcelo Tosatti , Markus Armbruster , Dov Murik , Brijesh Singh , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1637243228117100001 From: Dov Murik Commit cff03145ed3c ("sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot", 2021-09-30) introduced measured direct boot with -kernel, using an OVMF-designated hashes table which QEMU fills. However, if OVMF doesn't designate such an area, QEMU would completely abort the VM launch. This breaks launching with -kernel using older OVMF images which don't publish the SEV_HASH_TABLE_RV_GUID. Fix that so QEMU will only look for the hashes table if the sev-guest kernel-hashes option is set to on. Otherwise, QEMU won't look for the designated area in OVMF and won't fill that area. To enable addition of kernel hashes, launch the guest with: -object sev-guest,...,kernel-hashes=3Don Signed-off-by: Dov Murik Reported-by: Tom Lendacky Acked-by: Brijesh Singh Signed-off-by: Daniel P. Berrang=C3=A9 --- target/i386/sev.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index cad32812f5..e3abbeef68 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1223,6 +1223,14 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderCon= text *ctx, Error **errp) size_t hash_len =3D HASH_SIZE; int aligned_len; =20 + /* + * Only add the kernel hashes if the sev-guest configuration explicitly + * stated kernel-hashes=3Don. + */ + if (!sev_guest->kernel_hashes) { + return false; + } + if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) { error_setg(errp, "SEV: kernel specified but OVMF has no hash table= guid"); return false; --=20 2.31.1 From nobody Sat May 18 16:46:50 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1637243043264633.5517799729383; Thu, 18 Nov 2021 05:44:03 -0800 (PST) Received: from localhost ([::1]:36918 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mnhhq-0006rY-9s for importer@patchew.org; Thu, 18 Nov 2021 08:44:02 -0500 Received: from eggs.gnu.org ([209.51.188.92]:56712) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnhaE-0008Ff-8A for qemu-devel@nongnu.org; Thu, 18 Nov 2021 08:36:13 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:30423) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnhaC-0002n8-3l for qemu-devel@nongnu.org; Thu, 18 Nov 2021 08:36:09 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-324-Ce2K8_grNnSEbbpNPmktPA-1; Thu, 18 Nov 2021 08:36:03 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 11834100E32B; Thu, 18 Nov 2021 13:36:02 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.247]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3042462A44; Thu, 18 Nov 2021 13:36:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637242566; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lQ5oXvhqw9hdRHdCcKmp06nROVN+IC9bdmFBmULq+6M=; b=i9toZx6a4vWdVIoveLp1GJ+JRe41+g0sh9NyRhpb3WgwT20w2QRVPUxbU2LHsEkSsPtUj8 CBGXvuTlQkg0SL0CNpWGD1ElhRMJuix5s41J2bFiTMc9xdMxJ3xh0lkhl5FXR9dunFbc4L U4vIJP9Licjs7xNjhKE3ZJPSF6zkDtA= X-MC-Unique: Ce2K8_grNnSEbbpNPmktPA-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 3/6] target/i386/sev: Rephrase error message when no hashes table in guest firmware Date: Thu, 18 Nov 2021 13:35:29 +0000 Message-Id: <20211118133532.2029166-4-berrange@redhat.com> In-Reply-To: <20211118133532.2029166-1-berrange@redhat.com> References: <20211118133532.2029166-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , kvm@vger.kernel.org, Marcelo Tosatti , Markus Armbruster , Dov Murik , Brijesh Singh , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1637243043993100001 From: Dov Murik Signed-off-by: Dov Murik Acked-by: Brijesh Singh Signed-off-by: Daniel P. Berrang=C3=A9 --- target/i386/sev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index e3abbeef68..6ff196f7ad 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1232,7 +1232,8 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderCont= ext *ctx, Error **errp) } =20 if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) { - error_setg(errp, "SEV: kernel specified but OVMF has no hash table= guid"); + error_setg(errp, "SEV: kernel specified but guest firmware " + "has no hashes table GUID"); return false; } area =3D (SevHashTableDescriptor *)data; --=20 2.31.1 From nobody Sat May 18 16:46:50 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1637243266889551.3953393441387; Thu, 18 Nov 2021 05:47:46 -0800 (PST) Received: from localhost ([::1]:44242 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mnhlR-0003G5-Ul for importer@patchew.org; Thu, 18 Nov 2021 08:47:45 -0500 Received: from eggs.gnu.org ([209.51.188.92]:56714) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnhaE-0008Fg-8D for qemu-devel@nongnu.org; Thu, 18 Nov 2021 08:36:13 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:47339) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnhaC-0002n6-3R for qemu-devel@nongnu.org; Thu, 18 Nov 2021 08:36:09 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-601-hUyKkSDmOT6NqcLCvhAdkA-1; Thu, 18 Nov 2021 08:36:05 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 03DBE100E320; Thu, 18 Nov 2021 13:36:04 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.247]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3ECC756A90; Thu, 18 Nov 2021 13:36:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637242566; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=i0jWfCVy5hsGWWk378HfV5JQITTylC4Ln+G643a7bz0=; b=BfaWSy69O7wppG2FBjX1/K45KqUl4bsAJCGw5CoOr/bzAxr6lB5B8QHtka4pjSuEicO+9l AVL8Zf8RiMWIvVjEJ1Xx23g5UDx4NX8/9k857yw9sgvVxwnQFBuQ5L0TDea65jJP5LUuti 80+3kOkFD16tQs++4g+8hxFfcWcFB1U= X-MC-Unique: hUyKkSDmOT6NqcLCvhAdkA-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 4/6] target/i386/sev: Fail when invalid hashes table area detected Date: Thu, 18 Nov 2021 13:35:30 +0000 Message-Id: <20211118133532.2029166-5-berrange@redhat.com> In-Reply-To: <20211118133532.2029166-1-berrange@redhat.com> References: <20211118133532.2029166-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , kvm@vger.kernel.org, Marcelo Tosatti , Markus Armbruster , Dov Murik , Brijesh Singh , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1637243268954100001 From: Dov Murik Commit cff03145ed3c ("sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot", 2021-09-30) introduced measured direct boot with -kernel, using an OVMF-designated hashes table which QEMU fills. However, no checks are performed on the validity of the hashes area designated by OVMF. Specifically, if OVMF publishes the SEV_HASH_TABLE_RV_GUID entry but it is filled with zeroes, this will cause QEMU to write the hashes entries over the first page of the guest's memory (GPA 0). Add validity checks to the published area. If the hashes table area's base address is zero, or its size is too small to fit the aligned hashes table, display an error and stop the guest launch. In such case, the following error will be displayed: qemu-system-x86_64: SEV: guest firmware hashes table area is invalid (b= ase=3D0x0 size=3D0x0) Signed-off-by: Dov Murik Reported-by: Brijesh Singh Acked-by: Brijesh Singh Signed-off-by: Daniel P. Berrang=C3=A9 --- target/i386/sev.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 6ff196f7ad..d11b512361 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1221,7 +1221,7 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderCont= ext *ctx, Error **errp) uint8_t kernel_hash[HASH_SIZE]; uint8_t *hashp; size_t hash_len =3D HASH_SIZE; - int aligned_len; + int aligned_len =3D ROUND_UP(sizeof(SevHashTable), 16); =20 /* * Only add the kernel hashes if the sev-guest configuration explicitly @@ -1237,6 +1237,11 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderCon= text *ctx, Error **errp) return false; } area =3D (SevHashTableDescriptor *)data; + if (!area->base || area->size < aligned_len) { + error_setg(errp, "SEV: guest firmware hashes table area is invalid= " + "(base=3D0x%x size=3D0x%x)", area->base, area->si= ze); + return false; + } =20 /* * Calculate hash of kernel command-line with the terminating null byt= e. If @@ -1295,7 +1300,6 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderCont= ext *ctx, Error **errp) memcpy(ht->kernel.hash, kernel_hash, sizeof(ht->kernel.hash)); =20 /* When calling sev_encrypt_flash, the length has to be 16 byte aligne= d */ - aligned_len =3D ROUND_UP(ht->len, 16); if (aligned_len !=3D ht->len) { /* zero the excess data so the measurement can be reliably calcula= ted */ memset(ht->padding, 0, aligned_len - ht->len); --=20 2.31.1 From nobody Sat May 18 16:46:50 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1637243843296450.7487408188124; Thu, 18 Nov 2021 05:57:23 -0800 (PST) Received: from localhost ([::1]:37040 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mnhuj-0001O2-U0 for importer@patchew.org; Thu, 18 Nov 2021 08:57:21 -0500 Received: from eggs.gnu.org ([209.51.188.92]:56820) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnhaR-0008Ms-JR for qemu-devel@nongnu.org; Thu, 18 Nov 2021 08:36:23 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:57741) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnhaP-0002py-50 for qemu-devel@nongnu.org; Thu, 18 Nov 2021 08:36:23 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-71-BxsWHeKaMvKwOhrraaIk3Q-1; Thu, 18 Nov 2021 08:36:17 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0A80D100E325; Thu, 18 Nov 2021 13:36:16 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.247]) by smtp.corp.redhat.com (Postfix) with ESMTP id 476595F4ED; Thu, 18 Nov 2021 13:36:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637242580; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Uo8I2c5dBIybD98Va+nuEDj8eGhYueQwVlnbeu2P2bM=; b=K2CcSQ/7gnSBUnvpfXQ/u/YXXNVCVbEh63JOCHdkjcjdm4ZUsoLTlk9pv/A3kphJM8JZit qUU8qZTY8sG4NYK7noJt810TlaYBKlbonwQN8nNxGhJfPyQRp2uOsiEO5dj/yr/Hk3U9p2 Pl/PLEQYy7vW2ry5iyXWsuMrBUR/HyY= X-MC-Unique: BxsWHeKaMvKwOhrraaIk3Q-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 5/6] target/i386/sev: Perform padding calculations at compile-time Date: Thu, 18 Nov 2021 13:35:31 +0000 Message-Id: <20211118133532.2029166-6-berrange@redhat.com> In-Reply-To: <20211118133532.2029166-1-berrange@redhat.com> References: <20211118133532.2029166-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , kvm@vger.kernel.org, =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Marcelo Tosatti , Markus Armbruster , "Dr . David Alan Gilbert" , Dov Murik , Brijesh Singh , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1637243844746100001 From: Dov Murik In sev_add_kernel_loader_hashes, the sizes of structs are known at compile-time, so calculate needed padding at compile-time. No functional change intended. Signed-off-by: Dov Murik Reviewed-by: Dr. David Alan Gilbert Reviewed-by: Philippe Mathieu-Daud=C3=A9 Acked-by: Brijesh Singh Signed-off-by: Daniel P. Berrang=C3=A9 --- target/i386/sev.c | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index d11b512361..4fd258a570 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -110,9 +110,19 @@ typedef struct QEMU_PACKED SevHashTable { SevHashTableEntry cmdline; SevHashTableEntry initrd; SevHashTableEntry kernel; - uint8_t padding[]; } SevHashTable; =20 +/* + * Data encrypted by sev_encrypt_flash() must be padded to a multiple of + * 16 bytes. + */ +typedef struct QEMU_PACKED PaddedSevHashTable { + SevHashTable ht; + uint8_t padding[ROUND_UP(sizeof(SevHashTable), 16) - sizeof(SevHashTab= le)]; +} PaddedSevHashTable; + +QEMU_BUILD_BUG_ON(sizeof(PaddedSevHashTable) % 16 !=3D 0); + static SevGuestState *sev_guest; static Error *sev_mig_blocker; =20 @@ -1216,12 +1226,12 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderCo= ntext *ctx, Error **errp) uint8_t *data; SevHashTableDescriptor *area; SevHashTable *ht; + PaddedSevHashTable *padded_ht; uint8_t cmdline_hash[HASH_SIZE]; uint8_t initrd_hash[HASH_SIZE]; uint8_t kernel_hash[HASH_SIZE]; uint8_t *hashp; size_t hash_len =3D HASH_SIZE; - int aligned_len =3D ROUND_UP(sizeof(SevHashTable), 16); =20 /* * Only add the kernel hashes if the sev-guest configuration explicitly @@ -1237,7 +1247,7 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderCont= ext *ctx, Error **errp) return false; } area =3D (SevHashTableDescriptor *)data; - if (!area->base || area->size < aligned_len) { + if (!area->base || area->size < sizeof(PaddedSevHashTable)) { error_setg(errp, "SEV: guest firmware hashes table area is invalid= " "(base=3D0x%x size=3D0x%x)", area->base, area->si= ze); return false; @@ -1282,7 +1292,8 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderCont= ext *ctx, Error **errp) * Populate the hashes table in the guest's memory at the OVMF-designa= ted * area for the SEV hashes table */ - ht =3D qemu_map_ram_ptr(NULL, area->base); + padded_ht =3D qemu_map_ram_ptr(NULL, area->base); + ht =3D &padded_ht->ht; =20 ht->guid =3D sev_hash_table_header_guid; ht->len =3D sizeof(*ht); @@ -1299,13 +1310,10 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderCo= ntext *ctx, Error **errp) ht->kernel.len =3D sizeof(ht->kernel); memcpy(ht->kernel.hash, kernel_hash, sizeof(ht->kernel.hash)); =20 - /* When calling sev_encrypt_flash, the length has to be 16 byte aligne= d */ - if (aligned_len !=3D ht->len) { - /* zero the excess data so the measurement can be reliably calcula= ted */ - memset(ht->padding, 0, aligned_len - ht->len); - } + /* zero the excess data so the measurement can be reliably calculated = */ + memset(padded_ht->padding, 0, sizeof(padded_ht->padding)); =20 - if (sev_encrypt_flash((uint8_t *)ht, aligned_len, errp) < 0) { + if (sev_encrypt_flash((uint8_t *)padded_ht, sizeof(*padded_ht), errp) = < 0) { return false; } =20 --=20 2.31.1 From nobody Sat May 18 16:46:50 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1637244363177718.749133639057; Thu, 18 Nov 2021 06:06:03 -0800 (PST) Received: from localhost ([::1]:55410 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mni37-0005hN-Uq for importer@patchew.org; Thu, 18 Nov 2021 09:06:01 -0500 Received: from eggs.gnu.org ([209.51.188.92]:56830) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnhaT-0008QO-9A for qemu-devel@nongnu.org; Thu, 18 Nov 2021 08:36:25 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:43272) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnhaR-0002qQ-AT for qemu-devel@nongnu.org; Thu, 18 Nov 2021 08:36:24 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-413-fe5sf_YwNa6xoEFepYn9eA-1; Thu, 18 Nov 2021 08:36:19 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 141CD100E320; Thu, 18 Nov 2021 13:36:18 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.247]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4BB6A62A41; Thu, 18 Nov 2021 13:36:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637242582; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ytnUUif25oYMkqa8jMsmzRzFU3UWIYFhkH5hBybYE+I=; b=YGLCfqWEq5IA8nLRebbM/E4yNw0jamkElBXMh41ufBujzq9njrKwCJpij77umTj7PGkj8J tld4LacAnZRlS/zb0QxMLryWhzkDV5xu0ZDnPIJwhfcwNEg6YgzWTdz+Pb07LEWtu7iy0G aFp0J4O2A6xaHoSghl6uSw8myKZZSCI= X-MC-Unique: fe5sf_YwNa6xoEFepYn9eA-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PULL 6/6] target/i386/sev: Replace qemu_map_ram_ptr with address_space_map Date: Thu, 18 Nov 2021 13:35:32 +0000 Message-Id: <20211118133532.2029166-7-berrange@redhat.com> In-Reply-To: <20211118133532.2029166-1-berrange@redhat.com> References: <20211118133532.2029166-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eduardo Habkost , kvm@vger.kernel.org, Marcelo Tosatti , Markus Armbruster , Dov Murik , Brijesh Singh , Paolo Bonzini , Eric Blake Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1637244386555100001 From: Dov Murik Use address_space_map/unmap and check for errors. Signed-off-by: Dov Murik Acked-by: Brijesh Singh [Two lines wrapped for length - Daniel] Signed-off-by: Daniel P. Berrang=C3=A9 --- target/i386/sev.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 4fd258a570..025ff7a6f8 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -37,6 +37,7 @@ #include "qapi/qmp/qerror.h" #include "exec/confidential-guest-support.h" #include "hw/i386/pc.h" +#include "exec/address-spaces.h" =20 #define TYPE_SEV_GUEST "sev-guest" OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST) @@ -1232,6 +1233,9 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderCont= ext *ctx, Error **errp) uint8_t kernel_hash[HASH_SIZE]; uint8_t *hashp; size_t hash_len =3D HASH_SIZE; + hwaddr mapped_len =3D sizeof(*padded_ht); + MemTxAttrs attrs =3D { 0 }; + bool ret =3D true; =20 /* * Only add the kernel hashes if the sev-guest configuration explicitly @@ -1292,7 +1296,12 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderCon= text *ctx, Error **errp) * Populate the hashes table in the guest's memory at the OVMF-designa= ted * area for the SEV hashes table */ - padded_ht =3D qemu_map_ram_ptr(NULL, area->base); + padded_ht =3D address_space_map(&address_space_memory, area->base, + &mapped_len, true, attrs); + if (!padded_ht || mapped_len !=3D sizeof(*padded_ht)) { + error_setg(errp, "SEV: cannot map hashes table guest memory area"); + return false; + } ht =3D &padded_ht->ht; =20 ht->guid =3D sev_hash_table_header_guid; @@ -1314,10 +1323,13 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderCo= ntext *ctx, Error **errp) memset(padded_ht->padding, 0, sizeof(padded_ht->padding)); =20 if (sev_encrypt_flash((uint8_t *)padded_ht, sizeof(*padded_ht), errp) = < 0) { - return false; + ret =3D false; } =20 - return true; + address_space_unmap(&address_space_memory, padded_ht, + mapped_len, true, mapped_len); + + return ret; } =20 static void --=20 2.31.1