qapi/misc-target.json | 4 ++++ target/i386/sev.c | 27 +++++++++++++++++++++++++++ 2 files changed, 31 insertions(+)
Add a new field 'cpu0-id' to the response of query-sev-capabilities QMP
command. The value of the field is the base64-encoded 64-byte unique ID
of the CPU0 (socket 0), which can be used to retrieve the signed CEK of
the CPU from AMD's Key Distribution Service (KDS).
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
---
v2:
- change encoding to Base64 (thanks Daniel)
- rename constant to SEV_CPU_UNIQUE_ID_LEN
---
qapi/misc-target.json | 4 ++++
target/i386/sev.c | 27 +++++++++++++++++++++++++++
2 files changed, 31 insertions(+)
diff --git a/qapi/misc-target.json b/qapi/misc-target.json
index 4bc45d2474..c6d9ad69e1 100644
--- a/qapi/misc-target.json
+++ b/qapi/misc-target.json
@@ -177,6 +177,8 @@
#
# @cert-chain: PDH certificate chain (base64 encoded)
#
+# @cpu0-id: 64-byte unique ID of CPU0 (base64 encoded) (since 7.0)
+#
# @cbitpos: C-bit location in page table entry
#
# @reduced-phys-bits: Number of physical Address bit reduction when SEV is
@@ -187,6 +189,7 @@
{ 'struct': 'SevCapability',
'data': { 'pdh': 'str',
'cert-chain': 'str',
+ 'cpu0-id': 'str',
'cbitpos': 'int',
'reduced-phys-bits': 'int'},
'if': 'TARGET_I386' }
@@ -205,6 +208,7 @@
#
# -> { "execute": "query-sev-capabilities" }
# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
+# "cpu0-id": "2lvmGwo+...61iEinw==",
# "cbitpos": 47, "reduced-phys-bits": 5}}
#
##
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 025ff7a6f8..d3d2680e16 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -82,6 +82,8 @@ struct SevGuestState {
#define DEFAULT_GUEST_POLICY 0x1 /* disable debug */
#define DEFAULT_SEV_DEVICE "/dev/sev"
+#define SEV_CPU_UNIQUE_ID_LEN 64
+
#define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e"
typedef struct __attribute__((__packed__)) SevInfoBlock {
/* SEV-ES Reset Vector Address */
@@ -531,11 +533,31 @@ e_free:
return 1;
}
+static int
+sev_get_id(int fd, guchar *id_buf, size_t id_buf_len, Error **errp)
+{
+ struct sev_user_data_get_id2 id = {
+ .address = (unsigned long)id_buf,
+ .length = id_buf_len
+ };
+ int err, r;
+
+ r = sev_platform_ioctl(fd, SEV_GET_ID2, &id, &err);
+ if (r < 0) {
+ error_setg(errp, "SEV: Failed to get ID ret=%d fw_err=%d (%s)",
+ r, err, fw_error_to_str(err));
+ return 1;
+ }
+
+ return 0;
+}
+
static SevCapability *sev_get_capabilities(Error **errp)
{
SevCapability *cap = NULL;
guchar *pdh_data = NULL;
guchar *cert_chain_data = NULL;
+ guchar cpu0_id[SEV_CPU_UNIQUE_ID_LEN];
size_t pdh_len = 0, cert_chain_len = 0;
uint32_t ebx;
int fd;
@@ -561,9 +583,14 @@ static SevCapability *sev_get_capabilities(Error **errp)
goto out;
}
+ if (sev_get_id(fd, cpu0_id, sizeof(cpu0_id), errp)) {
+ goto out;
+ }
+
cap = g_new0(SevCapability, 1);
cap->pdh = g_base64_encode(pdh_data, pdh_len);
cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len);
+ cap->cpu0_id = g_base64_encode(cpu0_id, sizeof(cpu0_id));
host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
cap->cbitpos = ebx & 0x3f;
--
2.25.1
On Thu, Feb 24, 2022 at 06:14:05AM +0000, Dov Murik wrote:
> Add a new field 'cpu0-id' to the response of query-sev-capabilities QMP
> command. The value of the field is the base64-encoded 64-byte unique ID
> of the CPU0 (socket 0), which can be used to retrieve the signed CEK of
> the CPU from AMD's Key Distribution Service (KDS).
>
> Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
>
> ---
>
> v2:
> - change encoding to Base64 (thanks Daniel)
> - rename constant to SEV_CPU_UNIQUE_ID_LEN
> ---
> qapi/misc-target.json | 4 ++++
> target/i386/sev.c | 27 +++++++++++++++++++++++++++
> 2 files changed, 31 insertions(+)
>
> diff --git a/qapi/misc-target.json b/qapi/misc-target.json
> index 4bc45d2474..c6d9ad69e1 100644
> --- a/qapi/misc-target.json
> +++ b/qapi/misc-target.json
> @@ -177,6 +177,8 @@
> #
> # @cert-chain: PDH certificate chain (base64 encoded)
> #
> +# @cpu0-id: 64-byte unique ID of CPU0 (base64 encoded) (since 7.0)
> +#
> # @cbitpos: C-bit location in page table entry
> #
> # @reduced-phys-bits: Number of physical Address bit reduction when SEV is
> @@ -187,6 +189,7 @@
> { 'struct': 'SevCapability',
> 'data': { 'pdh': 'str',
> 'cert-chain': 'str',
> + 'cpu0-id': 'str',
> 'cbitpos': 'int',
> 'reduced-phys-bits': 'int'},
> 'if': 'TARGET_I386' }
> @@ -205,6 +208,7 @@
> #
> # -> { "execute": "query-sev-capabilities" }
> # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
> +# "cpu0-id": "2lvmGwo+...61iEinw==",
> # "cbitpos": 47, "reduced-phys-bits": 5}}
> #
> ##
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index 025ff7a6f8..d3d2680e16 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -82,6 +82,8 @@ struct SevGuestState {
> #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */
> #define DEFAULT_SEV_DEVICE "/dev/sev"
>
> +#define SEV_CPU_UNIQUE_ID_LEN 64
Is this fixed size actually guaranteed by AMD ? In reading the spec
for "GET_ID" it feels like they're intentionally not specifying a
fixed length, pushing towards querying once and then re-trying with
the reported buffer size:
"If the value of the ID_LEN field is too small, an
INVALID_LENGTH error is returned and the minimum
required length is written to the field"
I didn't find where it says 64 bytes exactly.
> +
> #define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e"
> typedef struct __attribute__((__packed__)) SevInfoBlock {
> /* SEV-ES Reset Vector Address */
> @@ -531,11 +533,31 @@ e_free:
> return 1;
> }
>
> +static int
> +sev_get_id(int fd, guchar *id_buf, size_t id_buf_len, Error **errp)
> +{
> + struct sev_user_data_get_id2 id = {
> + .address = (unsigned long)id_buf,
> + .length = id_buf_len
> + };
> + int err, r;
> +
> + r = sev_platform_ioctl(fd, SEV_GET_ID2, &id, &err);
> + if (r < 0) {
> + error_setg(errp, "SEV: Failed to get ID ret=%d fw_err=%d (%s)",
> + r, err, fw_error_to_str(err));
> + return 1;
> + }
> +
> + return 0;
> +}
> +
> static SevCapability *sev_get_capabilities(Error **errp)
> {
> SevCapability *cap = NULL;
> guchar *pdh_data = NULL;
> guchar *cert_chain_data = NULL;
> + guchar cpu0_id[SEV_CPU_UNIQUE_ID_LEN];
> size_t pdh_len = 0, cert_chain_len = 0;
> uint32_t ebx;
> int fd;
> @@ -561,9 +583,14 @@ static SevCapability *sev_get_capabilities(Error **errp)
> goto out;
> }
>
> + if (sev_get_id(fd, cpu0_id, sizeof(cpu0_id), errp)) {
> + goto out;
> + }
> +
> cap = g_new0(SevCapability, 1);
> cap->pdh = g_base64_encode(pdh_data, pdh_len);
> cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len);
> + cap->cpu0_id = g_base64_encode(cpu0_id, sizeof(cpu0_id));
>
> host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
> cap->cbitpos = ebx & 0x3f;
> --
> 2.25.1
>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 24/02/2022 10:59, Daniel P. Berrangé wrote:
> On Thu, Feb 24, 2022 at 06:14:05AM +0000, Dov Murik wrote:
>> Add a new field 'cpu0-id' to the response of query-sev-capabilities QMP
>> command. The value of the field is the base64-encoded 64-byte unique ID
>> of the CPU0 (socket 0), which can be used to retrieve the signed CEK of
>> the CPU from AMD's Key Distribution Service (KDS).
>>
>> Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
>>
>> ---
>>
>> v2:
>> - change encoding to Base64 (thanks Daniel)
>> - rename constant to SEV_CPU_UNIQUE_ID_LEN
>> ---
>> qapi/misc-target.json | 4 ++++
>> target/i386/sev.c | 27 +++++++++++++++++++++++++++
>> 2 files changed, 31 insertions(+)
>>
>> diff --git a/qapi/misc-target.json b/qapi/misc-target.json
>> index 4bc45d2474..c6d9ad69e1 100644
>> --- a/qapi/misc-target.json
>> +++ b/qapi/misc-target.json
>> @@ -177,6 +177,8 @@
>> #
>> # @cert-chain: PDH certificate chain (base64 encoded)
>> #
>> +# @cpu0-id: 64-byte unique ID of CPU0 (base64 encoded) (since 7.0)
>> +#
>> # @cbitpos: C-bit location in page table entry
>> #
>> # @reduced-phys-bits: Number of physical Address bit reduction when SEV is
>> @@ -187,6 +189,7 @@
>> { 'struct': 'SevCapability',
>> 'data': { 'pdh': 'str',
>> 'cert-chain': 'str',
>> + 'cpu0-id': 'str',
>> 'cbitpos': 'int',
>> 'reduced-phys-bits': 'int'},
>> 'if': 'TARGET_I386' }
>> @@ -205,6 +208,7 @@
>> #
>> # -> { "execute": "query-sev-capabilities" }
>> # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
>> +# "cpu0-id": "2lvmGwo+...61iEinw==",
>> # "cbitpos": 47, "reduced-phys-bits": 5}}
>> #
>> ##
>> diff --git a/target/i386/sev.c b/target/i386/sev.c
>> index 025ff7a6f8..d3d2680e16 100644
>> --- a/target/i386/sev.c
>> +++ b/target/i386/sev.c
>> @@ -82,6 +82,8 @@ struct SevGuestState {
>> #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */
>> #define DEFAULT_SEV_DEVICE "/dev/sev"
>>
>> +#define SEV_CPU_UNIQUE_ID_LEN 64
>
> Is this fixed size actually guaranteed by AMD ? In reading the spec
> for "GET_ID" it feels like they're intentionally not specifying a
> fixed length, pushing towards querying once and then re-trying with
> the reported buffer size:
>
> "If the value of the ID_LEN field is too small, an
> INVALID_LENGTH error is returned and the minimum
> required length is written to the field"
>
> I didn't find where it says 64 bytes exactly.
>
OK.
I'll change it to dynamically allocate the ID buffer based on the length
returned by the first query, similar to sev_get_pdh_info().
I'll remove the explicit lengths from the qapi description and the
commit message.
-Dov
>> +
>> #define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e"
>> typedef struct __attribute__((__packed__)) SevInfoBlock {
>> /* SEV-ES Reset Vector Address */
>> @@ -531,11 +533,31 @@ e_free:
>> return 1;
>> }
>>
>> +static int
>> +sev_get_id(int fd, guchar *id_buf, size_t id_buf_len, Error **errp)
>> +{
>> + struct sev_user_data_get_id2 id = {
>> + .address = (unsigned long)id_buf,
>> + .length = id_buf_len
>> + };
>> + int err, r;
>> +
>> + r = sev_platform_ioctl(fd, SEV_GET_ID2, &id, &err);
>> + if (r < 0) {
>> + error_setg(errp, "SEV: Failed to get ID ret=%d fw_err=%d (%s)",
>> + r, err, fw_error_to_str(err));
>> + return 1;
>> + }
>> +
>> + return 0;
>> +}
>> +
>> static SevCapability *sev_get_capabilities(Error **errp)
>> {
>> SevCapability *cap = NULL;
>> guchar *pdh_data = NULL;
>> guchar *cert_chain_data = NULL;
>> + guchar cpu0_id[SEV_CPU_UNIQUE_ID_LEN];
>> size_t pdh_len = 0, cert_chain_len = 0;
>> uint32_t ebx;
>> int fd;
>> @@ -561,9 +583,14 @@ static SevCapability *sev_get_capabilities(Error **errp)
>> goto out;
>> }
>>
>> + if (sev_get_id(fd, cpu0_id, sizeof(cpu0_id), errp)) {
>> + goto out;
>> + }
>> +
>> cap = g_new0(SevCapability, 1);
>> cap->pdh = g_base64_encode(pdh_data, pdh_len);
>> cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len);
>> + cap->cpu0_id = g_base64_encode(cpu0_id, sizeof(cpu0_id));
>>
>> host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
>> cap->cbitpos = ebx & 0x3f;
>> --
>> 2.25.1
>>
>
> Regards,
> Daniel
© 2016 - 2024 Red Hat, Inc.