[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v10 15/28] sev/i386: add command to create launch me
From: |
Brijesh Singh |
Subject: |
[Qemu-devel] [PATCH v10 15/28] sev/i386: add command to create launch memory encryption context |
Date: |
Wed, 28 Feb 2018 15:10:15 -0600 |
The KVM_SEV_LAUNCH_START command creates a new VM encryption key (VEK).
The encryption key created with the command will be used for encrypting
the bootstrap images (such as guest bios).
Cc: Paolo Bonzini <address@hidden>
Cc: Richard Henderson <address@hidden>
Cc: Eduardo Habkost <address@hidden>
Signed-off-by: Brijesh Singh <address@hidden>
---
target/i386/sev.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++
target/i386/trace-events | 2 ++
2 files changed, 88 insertions(+)
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 8ee6159b2bfc..b867ffbc0eae 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -100,6 +100,17 @@ fw_error_to_str(int code)
return sev_fw_errlist[code];
}
+static void
+sev_set_guest_state(SevState new_state)
+{
+ assert(new_state < SEV_STATE__MAX);
+ assert(sev_state);
+
+ trace_kvm_sev_change_state(SevState_str(sev_state->state),
+ SevState_str(new_state));
+ sev_state->state = new_state;
+}
+
static void
sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size)
{
@@ -400,6 +411,75 @@ sev_get_info(void)
return info;
}
+static int
+sev_read_file_base64(const char *filename, guchar **data, gsize *len)
+{
+ gsize sz;
+ gchar *base64;
+ GError *error = NULL;
+
+ if (!g_file_get_contents(filename, &base64, &sz, &error)) {
+ error_report("failed to read '%s' (%s)", filename, error->message);
+ return -1;
+ }
+
+ *data = g_base64_decode(base64, len);
+ return 0;
+}
+
+static int
+sev_launch_start(SEVState *s)
+{
+ gsize sz;
+ int ret = 1;
+ int fw_error;
+ QSevGuestInfo *sev = s->sev_info;
+ struct kvm_sev_launch_start *start;
+ guchar *session = NULL, *dh_cert = NULL;
+
+ start = g_new0(struct kvm_sev_launch_start, 1);
+
+ start->handle = object_property_get_int(OBJECT(sev), "handle",
+ &error_abort);
+ start->policy = object_property_get_int(OBJECT(sev), "policy",
+ &error_abort);
+ if (sev->session_file) {
+ if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) {
+ return 1;
+ }
+ start->session_uaddr = (unsigned long)session;
+ start->session_len = sz;
+ }
+
+ if (sev->dh_cert_file) {
+ if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) {
+ return 1;
+ }
+ start->dh_uaddr = (unsigned long)dh_cert;
+ start->dh_len = sz;
+ }
+
+ trace_kvm_sev_launch_start(start->policy, session, dh_cert);
+ ret = sev_ioctl(s->sev_fd, KVM_SEV_LAUNCH_START, start, &fw_error);
+ if (ret < 0) {
+ error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'",
+ __func__, ret, fw_error, fw_error_to_str(fw_error));
+ return 1;
+ }
+
+ object_property_set_int(OBJECT(sev), start->handle, "handle",
+ &error_abort);
+ sev_set_guest_state(SEV_STATE_LUPDATE);
+ s->handle = start->handle;
+ s->policy = start->policy;
+
+ g_free(start);
+ g_free(session);
+ g_free(dh_cert);
+
+ return 0;
+}
+
void *
sev_guest_init(const char *id)
{
@@ -473,6 +553,12 @@ sev_guest_init(const char *id)
goto err;
}
+ ret = sev_launch_start(s);
+ if (ret) {
+ error_report("%s: failed to create encryption context", __func__);
+ goto err;
+ }
+
ram_block_notifier_add(&sev_ram_notifier);
return s;
diff --git a/target/i386/trace-events b/target/i386/trace-events
index ffa3d2250425..9402251e9991 100644
--- a/target/i386/trace-events
+++ b/target/i386/trace-events
@@ -10,3 +10,5 @@ kvm_x86_update_msi_routes(int num) "Updated %d MSI routes"
kvm_sev_init(void) ""
kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu"
kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu"
+kvm_sev_change_state(const char *old, const char *new) "%s -> %s"
+kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x
session %p pdh %p"
--
2.14.3
- [Qemu-devel] [PATCH v10 07/28] docs: add AMD Secure Encrypted Virtualization (SEV), (continued)
- [Qemu-devel] [PATCH v10 07/28] docs: add AMD Secure Encrypted Virtualization (SEV), Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 13/28] kvm: introduce memory encryption APIs, Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 17/28] target/i386: encrypt bios rom, Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 19/28] sev/i386: finalize the SEV guest launch flow, Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 12/28] sev/i386: register the guest memory range which may contain encrypted data, Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 11/28] sev/i386: add command to initialize the memory encryption context, Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 14/28] hmp: add 'info sev' command, Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 16/28] sev/i386: add command to encrypt guest memory region, Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 24/28] sev/i386: add migration blocker, Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 21/28] sev/i386: add debug encrypt and decrypt commands, Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 15/28] sev/i386: add command to create launch memory encryption context,
Brijesh Singh <=
- [Qemu-devel] [PATCH v10 22/28] target/i386: clear C-bit when walking SEV guest page table, Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 18/28] sev/i386: add support to LAUNCH_MEASURE command, Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 20/28] hw/i386: set ram_debug_ops when memory encryption is enabled, Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 23/28] qmp: add query-sev-launch-measure command, Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 25/28] cpu/i386: populate CPUID 0x8000_001F when SEV is active, Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 26/28] qmp: add query-sev-capabilities command, Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 28/28] tests/qmp-test: blacklist sev specific qmp commands, Brijesh Singh, 2018/02/28
- [Qemu-devel] [PATCH v10 27/28] sev/i386: add sev_get_capabilities(), Brijesh Singh, 2018/02/28
- Re: [Qemu-devel] [PATCH v10 00/29] x86: Secure Encrypted Virtualization (AMD), Brijesh Singh, 2018/02/28