qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC PATCH v4 11/20] sev: add LAUNCH_START command

From: Eduardo Habkost
Subject: Re: [Qemu-devel] [RFC PATCH v4 11/20] sev: add LAUNCH_START command
Date: Wed, 8 Mar 2017 18:13:02 -0300
User-agent: Mutt/1.7.1 (2016-10-04) 
On Wed, Mar 08, 2017 at 03:53:03PM -0500, Brijesh Singh wrote:
> The command is used to bootstrap SEV guest from unencrypted boot images.
> The command creates a new VM encryption key (VEK) using guest owner's public
> DH certificate, and security policy and session parameters. The encryption
> key created during launch start process will be used for encryption the boot
> images (such as BIOS).
> 
> Signed-off-by: Brijesh Singh <address@hidden>

These descriptions of what the commands do are very useful. I
suggest including something similar (but more generic and not
SEV-specific?) as the documentation of the kvm_memcrypt_*() API
functions, as it is not clear what each kvm_memcrypt_*() function
is supposed to do.


> ---
>  include/sysemu/sev.h |    1 +
>  kvm-all.c            |    1 +
>  sev.c                |   55 
> ++++++++++++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 57 insertions(+)
> 
> diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h
> index dbc3c6c..747fe87 100644
> --- a/include/sysemu/sev.h
> +++ b/include/sysemu/sev.h
> @@ -86,6 +86,7 @@ typedef struct SEVState SEVState;
>  bool sev_enabled(void);
>  void *sev_guest_init(const char *keyid);
>  void sev_set_debug_ops(void *handle, MemoryRegion *mr);
> +int sev_create_launch_context(void *handle);
>  
>  #endif
>  
> diff --git a/kvm-all.c b/kvm-all.c
> index 1fa6413..a13d62f 100644
> --- a/kvm-all.c
> +++ b/kvm-all.c
> @@ -1826,6 +1826,7 @@ static int kvm_init(MachineState *ms)
>                  goto err;
>              }
>              kvm_state->memcrypt_debug_ops = sev_set_debug_ops;
> +            kvm_state->create_launch_context = sev_create_launch_context;
>              g_free(id);
>          }
>      }
> diff --git a/sev.c b/sev.c
> index 3e02453..4b3f39a 100644
> --- a/sev.c
> +++ b/sev.c
> @@ -148,6 +148,55 @@ static const TypeInfo qsev_launch_info = {
>  };
>  
>  static int
> +sev_ioctl(int cmd, void *data, int *error)
> +{
> +    int r;
> +    struct kvm_sev_cmd input;
> +
> +    input.id = cmd;
> +    input.sev_fd = sev_fd;
> +    input.data = (__u64)data;
> +
> +    r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &input);
> +    *error = input.error;
> +    return r;
> +}
> +
> +static int
> +sev_launch_start(SEVState *s)
> +{
> +    int ret = 1;
> +    Object *obj;
> +    int fw_error;
> +    struct kvm_sev_launch_start *start;
> +
> +    if (!s) {
> +        return 1;
> +    }
> +
> +    start = g_malloc0(sizeof(*start));
> +    if (!start) {
> +        return 1;
> +    }
> +
> +    obj = object_property_get_link(OBJECT(s->sev_info), "launch", 
> &error_abort);
> +    if (!obj) {
> +        goto err;
> +    }
> +
> +    ret = sev_ioctl(KVM_SEV_LAUNCH_START, start, &fw_error);
> +    if (ret < 0) {
> +        fprintf(stderr, "failed LAUNCH_START %d (%#x)\n", ret, fw_error);
> +        goto err;
> +    }
> +
> +    DPRINTF("SEV: LAUNCH_START\n");
> +err:
> +    g_free(start);
> +    return ret;
> +}
> +
> +static int
>  sev_mem_write(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs 
> attrs)
>  {
>      return 0;
> @@ -200,6 +249,12 @@ err:
>      return NULL;
>  }
>  
> +int
> +sev_create_launch_context(void *handle)
> +{
> +    return sev_launch_start((SEVState *)handle);
> +}
> +
>  void
>  sev_set_debug_ops(void *handle, MemoryRegion *mr)
>  {
> 

-- 
Eduardo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]