From nobody Wed Oct 23 01:38:47 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1727351142; cv=none; d=zohomail.com; s=zohoarc; b=f1I34hFuEefHs+sVJpOi/NusRxFwAJnJoHWcxXoUbO1C872rrZfJChvknqISN3RYt7UQX/6KOwpeAZHeRhl895lTDVllbTdotdH53CZeEYP8/Dl+1YWaJnaNEallpsIgiG+nK00+gIqJHzBn3a++zd6/5+j+s12/dl6j8C9GvgU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1727351142; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=zK1Fp9Xbm2j4wtWvFsH1mUj/V6mSwl3xKyjb89IsKyo=; b=NfQVuNJMdrAe+nqNiS7TV0lja+iRnFawdlQC7zAlz5nhR0RJsqnddpdl1NIrmz/w9POOc4q0mJQRz8ath6uBkWimTkPv10UQ1uHxZlQkrrIm17+6vymgZTrYS5IhYnNejj3KXsTvn1T4cl9nmMZVio4vw56PQr16oigYofkK1iM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1727351142034453.67530189851936; Thu, 26 Sep 2024 04:45:42 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1stmtd-0001bh-53; Thu, 26 Sep 2024 07:42:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1stmtG-0000wt-8V for qemu-devel@nongnu.org; Thu, 26 Sep 2024 07:42:36 -0400 Received: from smtp-out2.suse.de ([195.135.223.131]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1stmtE-0005nZ-54 for qemu-devel@nongnu.org; Thu, 26 Sep 2024 07:42:33 -0400 Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id D763F1F818; Thu, 26 Sep 2024 11:42:30 +0000 (UTC) Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 2038F13ABC; Thu, 26 Sep 2024 11:42:30 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id +DHGBaZI9WbcRAAAD6G6ig (envelope-from ); Thu, 26 Sep 2024 11:42:30 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1727350950; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zK1Fp9Xbm2j4wtWvFsH1mUj/V6mSwl3xKyjb89IsKyo=; b=OQhH6SHBQUYXqIOFNJTnGAsE20VNh6UOnp0bNkhVlE83XwLFxjVOdH6Cd8/FR2kjTkE9UN McwM6vYTdlpJWQVvfgJ9IrlGYTb8s7seE7IRDZUjSRqB8kFRqhyAcBT7VmdYRnTGG1AaLl XSVtAmtjKsPUVqhhVbpaYeIp/G1nuMU= Authentication-Results: smtp-out2.suse.de; dkim=pass header.d=suse.com header.s=susede1 header.b=OQhH6SHB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1727350950; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zK1Fp9Xbm2j4wtWvFsH1mUj/V6mSwl3xKyjb89IsKyo=; b=OQhH6SHBQUYXqIOFNJTnGAsE20VNh6UOnp0bNkhVlE83XwLFxjVOdH6Cd8/FR2kjTkE9UN McwM6vYTdlpJWQVvfgJ9IrlGYTb8s7seE7IRDZUjSRqB8kFRqhyAcBT7VmdYRnTGG1AaLl XSVtAmtjKsPUVqhhVbpaYeIp/G1nuMU= From: Roy Hopkins To: qemu-devel@nongnu.org Cc: Roy Hopkins , Paolo Bonzini , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Stefano Garzarella , Marcelo Tosatti , "Michael S . Tsirkin" , Cornelia Huck , Marcel Apfelbaum , Sergio Lopez , Eduardo Habkost , Alistair Francis , Peter Xu , David Hildenbrand , Igor Mammedov , Tom Lendacky , Michael Roth , Ani Sinha , =?UTF-8?q?J=C3=B6rg=20Roedel?= Subject: [PATCH v6 15/16] i386/sev: Add implementation of CGS set_guest_policy() Date: Thu, 26 Sep 2024 12:42:04 +0100 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: D763F1F818 X-Spam-Score: -3.51 X-Rspamd-Action: no action X-Spamd-Result: default: False [-3.51 / 50.00]; BAYES_HAM(-3.00)[100.00%]; DWL_DNSWL_MED(-2.00)[suse.com:dkim]; SUSPICIOUS_RECIPS(1.50)[]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_MISSING_CHARSET(0.50)[]; NEURAL_HAM_SHORT(-0.20)[-1.000]; R_DKIM_ALLOW(-0.20)[suse.com:s=susede1]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCPT_COUNT_TWELVE(0.00)[19]; ARC_NA(0.00)[]; DKIM_SIGNED(0.00)[suse.com:s=susede1]; RBL_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:104:10:150:64:97:from]; MIME_TRACE(0.00)[0:+]; FUZZY_BLOCKED(0.00)[rspamd.com]; FREEMAIL_CC(0.00)[suse.com,redhat.com,gmail.com,habkost.net,alistair23.me,amd.com]; RCVD_TLS_ALL(0.00)[]; SPAMHAUS_XBL(0.00)[2a07:de40:b281:104:10:150:64:97:from]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:rdns,imap1.dmz-prg2.suse.org:helo,suse.com:dkim,suse.com:mid,suse.com:email]; TAGGED_RCPT(0.00)[]; DKIM_TRACE(0.00)[suse.com:+]; RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:106:10:150:64:167:received]; R_RATELIMIT(0.00)[to_ip_from(RLgjcjk3igk5en59wt86eb8xw3),to(RL6m1qtcazx4qfbjs8mfzafb38)]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_ENVRCPT(0.00)[gmail.com] X-Rspamd-Server: rspamd1.dmz-prg2.suse.org Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=195.135.223.131; envelope-from=roy.hopkins@suse.com; helo=smtp-out2.suse.de X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1727351143615116600 Content-Type: text/plain; charset="utf-8" The new cgs_set_guest_policy() function is provided to receive the guest policy flags, SNP ID block and SNP ID authentication from guest configuration such as an IGVM file and apply it to the platform prior to launching the guest. The policy is used to populate values for the existing 'policy', 'id_block' and 'id_auth' parameters. When provided, the guest policy is applied and the ID block configuration is used to verify the launch measurement and signatures. The guest is only successfully started if the expected launch measurements match the actual measurements and the signatures are valid. Signed-off-by: Roy Hopkins Acked-by: Michael S. Tsirkin Acked-by: Stefano Garzarella --- target/i386/sev.c | 83 +++++++++++++++++++++++++++++++++++++++++++++++ target/i386/sev.h | 12 +++++++ 2 files changed, 95 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index b04e1e5e9c..853763f000 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -2526,6 +2526,88 @@ static int cgs_get_mem_map_entry(int index, return 0; } =20 +static int cgs_set_guest_policy(ConfidentialGuestPolicyType policy_type, + uint64_t policy, void *policy_data1, + uint32_t policy_data1_size, void *policy_d= ata2, + uint32_t policy_data2_size, Error **errp) +{ + if (policy_type !=3D GUEST_POLICY_SEV) { + error_setg(errp, "%s: Invalid guest policy type provided for SEV: = %d", + __func__, policy_type); + return -1; + } + /* + * SEV-SNP handles policy differently. The policy flags are defined in + * kvm_start_conf.policy and an ID block and ID auth can be provided. + */ + if (sev_snp_enabled()) { + SevSnpGuestState *sev_snp_guest =3D + SEV_SNP_GUEST(MACHINE(qdev_get_machine())->cgs); + struct kvm_sev_snp_launch_finish *finish =3D + &sev_snp_guest->kvm_finish_conf; + + /* + * The policy consists of flags in 'policy' and optionally an ID b= lock + * and ID auth in policy_data1 and policy_data2 respectively. The = ID + * block and auth are optional so clear any previous ID block and = auth + * and set them if provided, but always set the policy flags. + */ + g_free(sev_snp_guest->id_block); + g_free((guchar *)finish->id_block_uaddr); + g_free(sev_snp_guest->id_auth); + g_free((guchar *)finish->id_auth_uaddr); + sev_snp_guest->id_block =3D NULL; + finish->id_block_uaddr =3D 0; + sev_snp_guest->id_auth =3D NULL; + finish->id_auth_uaddr =3D 0; + + if (policy_data1_size > 0) { + struct sev_snp_id_authentication *id_auth =3D + (struct sev_snp_id_authentication *)policy_data2; + + if (policy_data1_size !=3D KVM_SEV_SNP_ID_BLOCK_SIZE) { + error_setg(errp, "%s: Invalid SEV-SNP ID block: incorrect = size", + __func__); + return -1; + } + if (policy_data2_size !=3D KVM_SEV_SNP_ID_AUTH_SIZE) { + error_setg(errp, + "%s: Invalid SEV-SNP ID auth block: incorrect s= ize", + __func__); + return -1; + } + assert(policy_data1 !=3D NULL); + assert(policy_data2 !=3D NULL); + + finish->id_block_uaddr =3D + (__u64)g_memdup2(policy_data1, KVM_SEV_SNP_ID_BLOCK_SIZE); + finish->id_auth_uaddr =3D + (__u64)g_memdup2(policy_data2, KVM_SEV_SNP_ID_AUTH_SIZE); + + /* + * Check if an author key has been provided and use that to fl= ag + * whether the author key is enabled. The first of the author = key + * must be non-zero to indicate the key type, which will curre= ntly + * always be 2. + */ + sev_snp_guest->kvm_finish_conf.auth_key_en =3D + id_auth->author_key[0] ? 1 : 0; + finish->id_block_en =3D 1; + } + sev_snp_guest->kvm_start_conf.policy =3D policy; + } else { + SevGuestState *sev_guest =3D SEV_GUEST(MACHINE(qdev_get_machine())= ->cgs); + /* Only the policy flags are supported for SEV and SEV-ES */ + if ((policy_data1_size > 0) || (policy_data2_size > 0) || !sev_gue= st) { + error_setg(errp, "%s: An ID block/ID auth block has been provi= ded " + "but SEV-SNP is not enabled", __func__); + return -1; + } + sev_guest->policy =3D policy; + } + return 0; +} + static void sev_common_class_init(ObjectClass *oc, void *data) { @@ -2564,6 +2646,7 @@ sev_common_instance_init(Object *obj) cgs->check_support =3D cgs_check_support; cgs->set_guest_state =3D cgs_set_guest_state; cgs->get_mem_map_entry =3D cgs_get_mem_map_entry; + cgs->set_guest_policy =3D cgs_set_guest_policy; =20 QTAILQ_INIT(&sev_common->launch_vmsa); } diff --git a/target/i386/sev.h b/target/i386/sev.h index 2ccd6fe1e8..7b92102bd0 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -157,6 +157,18 @@ struct QEMU_PACKED sev_es_save_area { uint8_t fpreg_ymm[256]; }; =20 +struct QEMU_PACKED sev_snp_id_authentication { + uint32_t id_key_alg; + uint32_t auth_key_algo; + uint8_t reserved[56]; + uint8_t id_block_sig[512]; + uint8_t id_key[1028]; + uint8_t reserved2[60]; + uint8_t id_key_sig[512]; + uint8_t author_key[1028]; + uint8_t reserved3[892]; +}; + #ifdef CONFIG_SEV bool sev_enabled(void); bool sev_es_enabled(void); --=20 2.43.0