From nobody Tue May 6 22:50:33 2025
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
dkim=pass header.i=@intel.com;
spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
permitted sender)
smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
dmarc=pass(p=none dis=none) header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1743515436; cv=none;
d=zohomail.com; s=zohoarc;
b=CRxA7jmZ/MZaVj0llRqmqSRPah3BtOOOfNK5ZCMlIqmin66wEVQ3t55YXI6D1TJ6UClvu/3gp6YttVBE0BXJyQ0C1ioeZtxJ2Gxca9LVNQu/tAk2oSRN+n568Dqi2GPrrRemOYqnPeb2S8CU7NL4YtbzNzWtTDwXEsLHw6hCJvI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
s=zohoarc;
t=1743515436;
h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
bh=FLXLa1o6CPtl+wOYCA9a0KeLQUT4sSU8DcAvKSOPA20=;
b=m2dbxGnZRQmANETKjgPmbSd5Rgr8ixQManFYYfLHIOMd8veb9VC4+bTASq4A/BONJK/UCabvfHv0aaw0n/1c5KJzROgi2RFpGud1+bIHMmnM+/R4DNV4uqqbBsDMN2eJPtxU6j6WCrGvgrmSGFf9PZvaycN/27/QkcVk4D3CbNg=
ARC-Authentication-Results: i=1; mx.zohomail.com;
dkim=pass header.i=@intel.com;
spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
permitted sender)
smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
dmarc=pass header.from=<xiaoyao.li@intel.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
mx.zohomail.com
with SMTPS id 1743515436772672.5961930309422;
Tue, 1 Apr 2025 06:50:36 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <qemu-devel-bounces@nongnu.org>)
id 1tzbsa-0005V5-FA; Tue, 01 Apr 2025 09:42:14 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <xiaoyao.li@intel.com>)
id 1tzbsU-0005LY-GL
for qemu-devel@nongnu.org; Tue, 01 Apr 2025 09:42:09 -0400
Received: from mgamail.intel.com ([192.198.163.16])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <xiaoyao.li@intel.com>)
id 1tzbsQ-0006ZP-4o
for qemu-devel@nongnu.org; Tue, 01 Apr 2025 09:42:06 -0400
Received: from fmviesa008.fm.intel.com ([10.60.135.148])
by fmvoesa110.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
01 Apr 2025 06:41:44 -0700
Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52])
by fmviesa008.fm.intel.com with ESMTP; 01 Apr 2025 06:41:42 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
t=1743514922; x=1775050922;
h=from:to:cc:subject:date:message-id:in-reply-to:
references:mime-version:content-transfer-encoding;
bh=mdbz9OkSTyNbzZFyMfnp3iGYyHMQ3poqcVGKHQ1jteI=;
b=CFO9APRq3bHK+PNjXw/gE+E2hwGAtD+O5V4ZMZFx7UualgbbB7M1az8c
zti9D0/BVsTnJtH0BIySlDQiHSTCgL5hJPAH3deMBBH4YkCAiSkyhAgSo
zelSVaCLQOdxciV8CyUWL2olBU4SNccJUIMEnXz3ufl+5U0aW5SKhF/PZ
gxdx9PuqStK8TRtxkxbVIhHxpZsECLkcgfyTLKiEDfcdVVvIurpMx49/K
DY0tqKyVl1FiQQLn37r9fHkI1mfame9dhPHZQf3vDEIYwJ/eFiaxf3KUY
PaAFq8DKV3Wr+hiGDUCrfhgM1XvOQZPL4KlnK3ZB0Y2i0K/uio6POLSEr g==;
X-CSE-ConnectionGUID: TcTuJG47TWGQqTuRQiY2XA==
X-CSE-MsgGUID: yFpCtJoJThulL/x4bwicLQ==
X-IronPort-AV: E=McAfee;i="6700,10204,11391"; a="32433242"
X-IronPort-AV: E=Sophos;i="6.14,293,1736841600"; d="scan'208";a="32433242"
X-CSE-ConnectionGUID: A0AQrzaqS0WPhyaEHfnD4w==
X-CSE-MsgGUID: 0SxOCk8DT4yBrDvAENgsPA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.14,293,1736841600"; d="scan'208";a="126639969"
From: Xiaoyao Li <xiaoyao.li@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
=?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
Markus Armbruster <armbru@redhat.com>,
Francesco Lavra <francescolavra.fl@gmail.com>,
Marcelo Tosatti <mtosatti@redhat.com>, qemu-devel@nongnu.org,
=?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Xiaoyao Li <xiaoyao.li@intel.com>
Subject: [PATCH v8 13/55] i386/tdx: Support user configurable
mrconfigid/mrowner/mrownerconfig
Date: Tue, 1 Apr 2025 09:01:23 -0400
Message-Id: <20250401130205.2198253-14-xiaoyao.li@intel.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401130205.2198253-1-xiaoyao.li@intel.com>
References: <20250401130205.2198253-1-xiaoyao.li@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
as permitted sender) client-ip=209.51.188.17;
envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
helo=lists.gnu.org;
Received-SPF: pass client-ip=192.198.163.16;
envelope-from=xiaoyao.li@intel.com;
helo=mgamail.intel.com
X-Spam_score_int: -43
X-Spam_score: -4.4
X-Spam_bar: ----
X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.997,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_MED=-2.3,
RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001,
RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @intel.com)
X-ZM-MESSAGEID: 1743515439074019000
From: Isaku Yamahata <isaku.yamahata@intel.com>
Three sha384 hash values, mrconfigid, mrowner and mrownerconfig, of a TD
can be provided for TDX attestation. Detailed meaning of them can be
found: https://lore.kernel.org/qemu-devel/31d6dbc1-f453-4cef-ab08-4813f4e0f=
f92@intel.com/
Allow user to specify those values via property mrconfigid, mrowner and
mrownerconfig. They are all in base64 format.
example
-object tdx-guest, \
mrconfigid=3DASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJ=
q83v,\
mrowner=3DASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83=
v,\
mrownerconfig=3DASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjR=
WeJq83v
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Co-developed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
---
Changes in v8:
- it gets squashed into previous patch in v7. So split it out in v8;
Changes in v6:
- refine the doc comment of QAPI properties;
Changes in v5:
- refine the description of QAPI properties and add description of
default value when not specified;
Changes in v4:
- describe more of there fields in qom.json
- free the old value before set new value to avoid memory leak in
_setter(); (Daniel)
Changes in v3:
- use base64 encoding instread of hex-string;
---
qapi/qom.json | 16 +++++++-
target/i386/kvm/tdx.c | 86 +++++++++++++++++++++++++++++++++++++++++++
target/i386/kvm/tdx.h | 3 ++
3 files changed, 104 insertions(+), 1 deletion(-)
diff --git a/qapi/qom.json b/qapi/qom.json
index f229bb07aaec..a8379bac1719 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
@@ -1060,11 +1060,25 @@
# pages. Some guest OS (e.g., Linux TD guest) may require this to
# be set, otherwise they refuse to boot.
#
+# @mrconfigid: ID for non-owner-defined configuration of the guest TD,
+# e.g., run-time or OS configuration (base64 encoded SHA384 digest).
+# Defaults to all zeros.
+#
+# @mrowner: ID for the guest TD=E2=80=99s owner (base64 encoded SHA384 dig=
est).
+# Defaults to all zeros.
+#
+# @mrownerconfig: ID for owner-defined configuration of the guest TD,
+# e.g., specific to the workload rather than the run-time or OS
+# (base64 encoded SHA384 digest). Defaults to all zeros.
+#
# Since: 10.1
##
{ 'struct': 'TdxGuestProperties',
'data': { '*attributes': 'uint64',
- '*sept-ve-disable': 'bool' } }
+ '*sept-ve-disable': 'bool',
+ '*mrconfigid': 'str',
+ '*mrowner': 'str',
+ '*mrownerconfig': 'str' } }
=20
##
# @ThreadContextProperties:
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index aa043acb1a88..77ddb2655c53 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -11,8 +11,10 @@
=20
#include "qemu/osdep.h"
#include "qemu/error-report.h"
+#include "qemu/base64.h"
#include "qapi/error.h"
#include "qom/object_interfaces.h"
+#include "crypto/hash.h"
=20
#include "hw/i386/x86.h"
#include "kvm_i386.h"
@@ -239,6 +241,7 @@ int tdx_pre_create_vcpu(CPUState *cpu, Error **errp)
CPUX86State *env =3D &x86cpu->env;
g_autofree struct kvm_tdx_init_vm *init_vm =3D NULL;
Error *local_err =3D NULL;
+ size_t data_len;
int retry =3D 10000;
int r =3D 0;
=20
@@ -250,6 +253,36 @@ int tdx_pre_create_vcpu(CPUState *cpu, Error **errp)
init_vm =3D g_malloc0(sizeof(struct kvm_tdx_init_vm) +
sizeof(struct kvm_cpuid_entry2) * KVM_MAX_CPUID_EN=
TRIES);
=20
+ if (tdx_guest->mrconfigid) {
+ g_autofree uint8_t *data =3D qbase64_decode(tdx_guest->mrconfigid,
+ strlen(tdx_guest->mrconfigid), &data_len, er=
rp);
+ if (!data || data_len !=3D QCRYPTO_HASH_DIGEST_LEN_SHA384) {
+ error_setg(errp, "TDX: failed to decode mrconfigid");
+ return -1;
+ }
+ memcpy(init_vm->mrconfigid, data, data_len);
+ }
+
+ if (tdx_guest->mrowner) {
+ g_autofree uint8_t *data =3D qbase64_decode(tdx_guest->mrowner,
+ strlen(tdx_guest->mrowner), &data_len, errp);
+ if (!data || data_len !=3D QCRYPTO_HASH_DIGEST_LEN_SHA384) {
+ error_setg(errp, "TDX: failed to decode mrowner");
+ return -1;
+ }
+ memcpy(init_vm->mrowner, data, data_len);
+ }
+
+ if (tdx_guest->mrownerconfig) {
+ g_autofree uint8_t *data =3D qbase64_decode(tdx_guest->mrownerconf=
ig,
+ strlen(tdx_guest->mrownerconfig), &data_len, e=
rrp);
+ if (!data || data_len !=3D QCRYPTO_HASH_DIGEST_LEN_SHA384) {
+ error_setg(errp, "TDX: failed to decode mrownerconfig");
+ return -1;
+ }
+ memcpy(init_vm->mrownerconfig, data, data_len);
+ }
+
r =3D setup_td_guest_attributes(x86cpu, errp);
if (r) {
return r;
@@ -313,6 +346,51 @@ static void tdx_guest_set_sept_ve_disable(Object *obj,=
bool value, Error **errp)
}
}
=20
+static char *tdx_guest_get_mrconfigid(Object *obj, Error **errp)
+{
+ TdxGuest *tdx =3D TDX_GUEST(obj);
+
+ return g_strdup(tdx->mrconfigid);
+}
+
+static void tdx_guest_set_mrconfigid(Object *obj, const char *value, Error=
**errp)
+{
+ TdxGuest *tdx =3D TDX_GUEST(obj);
+
+ g_free(tdx->mrconfigid);
+ tdx->mrconfigid =3D g_strdup(value);
+}
+
+static char *tdx_guest_get_mrowner(Object *obj, Error **errp)
+{
+ TdxGuest *tdx =3D TDX_GUEST(obj);
+
+ return g_strdup(tdx->mrowner);
+}
+
+static void tdx_guest_set_mrowner(Object *obj, const char *value, Error **=
errp)
+{
+ TdxGuest *tdx =3D TDX_GUEST(obj);
+
+ g_free(tdx->mrowner);
+ tdx->mrowner =3D g_strdup(value);
+}
+
+static char *tdx_guest_get_mrownerconfig(Object *obj, Error **errp)
+{
+ TdxGuest *tdx =3D TDX_GUEST(obj);
+
+ return g_strdup(tdx->mrownerconfig);
+}
+
+static void tdx_guest_set_mrownerconfig(Object *obj, const char *value, Er=
ror **errp)
+{
+ TdxGuest *tdx =3D TDX_GUEST(obj);
+
+ g_free(tdx->mrownerconfig);
+ tdx->mrownerconfig =3D g_strdup(value);
+}
+
/* tdx guest */
OBJECT_DEFINE_TYPE_WITH_INTERFACES(TdxGuest,
tdx_guest,
@@ -336,6 +414,14 @@ static void tdx_guest_init(Object *obj)
object_property_add_bool(obj, "sept-ve-disable",
tdx_guest_get_sept_ve_disable,
tdx_guest_set_sept_ve_disable);
+ object_property_add_str(obj, "mrconfigid",
+ tdx_guest_get_mrconfigid,
+ tdx_guest_set_mrconfigid);
+ object_property_add_str(obj, "mrowner",
+ tdx_guest_get_mrowner, tdx_guest_set_mrowner);
+ object_property_add_str(obj, "mrownerconfig",
+ tdx_guest_get_mrownerconfig,
+ tdx_guest_set_mrownerconfig);
}
=20
static void tdx_guest_finalize(Object *obj)
diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h
index 4e2b5c61ff5b..e472b11fb0dd 100644
--- a/target/i386/kvm/tdx.h
+++ b/target/i386/kvm/tdx.h
@@ -24,6 +24,9 @@ typedef struct TdxGuest {
bool initialized;
uint64_t attributes; /* TD attributes */
uint64_t xfam;
+ char *mrconfigid; /* base64 encoded sha348 digest */
+ char *mrowner; /* base64 encoded sha348 digest */
+ char *mrownerconfig; /* base64 encoded sha348 digest */
} TdxGuest;
=20
#ifdef CONFIG_TDX
--=20
2.34.1