[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v7 03/13] sev: Remove false abstraction of flash encryption
From: |
David Gibson |
Subject: |
Re: [PATCH v7 03/13] sev: Remove false abstraction of flash encryption |
Date: |
Mon, 18 Jan 2021 13:59:15 +1100 |
On Fri, Jan 15, 2021 at 01:54:25PM +0100, Cornelia Huck wrote:
> On Thu, 14 Jan 2021 10:58:01 +1100
> David Gibson <david@gibson.dropbear.id.au> wrote:
>
> > When AMD's SEV memory encryption is in use, flash memory banks (which are
> > initialed by pc_system_flash_map()) need to be encrypted with the guest's
> > key, so that the guest can read them.
> >
> > That's abstracted via the kvm_memcrypt_encrypt_data() callback in the KVM
> > state.. except, that it doesn't really abstract much at all.
> >
> > For starters, the only called is in code specific to the 'pc' family of
>
> s/called/call site/
Fixed, thanks.
>
> > machine types, so it's obviously specific to those and to x86 to begin
> > with. But it makes a bunch of further assumptions that need not be true
> > about an arbitrary confidential guest system based on memory encryption,
> > let alone one based on other mechanisms:
> >
> > * it assumes that the flash memory is defined to be encrypted with the
> > guest key, rather than being shared with hypervisor
> > * it assumes that that hypervisor has some mechanism to encrypt data into
> > the guest, even though it can't decrypt it out, since that's the whole
> > point
> > * the interface assumes that this encrypt can be done in place, which
> > implies that the hypervisor can write into a confidential guests's
> > memory, even if what it writes isn't meaningful
> >
> > So really, this "abstraction" is actually pretty specific to the way SEV
> > works. So, this patch removes it and instead has the PC flash
> > initialization code call into a SEV specific callback.
> >
> > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> > ---
> > accel/kvm/kvm-all.c | 31 ++-----------------------------
> > accel/kvm/sev-stub.c | 9 ++-------
> > accel/stubs/kvm-stub.c | 10 ----------
> > hw/i386/pc_sysfw.c | 17 ++++++-----------
> > include/sysemu/kvm.h | 16 ----------------
> > include/sysemu/sev.h | 4 ++--
> > target/i386/sev-stub.c | 5 +++++
> > target/i386/sev.c | 24 ++++++++++++++----------
> > 8 files changed, 31 insertions(+), 85 deletions(-)
>
> Reviewed-by: Cornelia Huck <cohuck@redhat.com>
>
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
- [PATCH v7 02/13] confidential guest support: Introduce new confidential guest support class, (continued)
[PATCH v7 01/13] qom: Allow optional sugar props, David Gibson, 2021/01/13
[PATCH v7 03/13] sev: Remove false abstraction of flash encryption, David Gibson, 2021/01/13
[PATCH v7 07/13] confidential guest support: Introduce cgs "ready" flag, David Gibson, 2021/01/13
[PATCH v7 05/13] confidential guest support: Rework the "memory-encryption" property, David Gibson, 2021/01/13
[PATCH v7 06/13] sev: Add Error ** to sev_kvm_init(), David Gibson, 2021/01/13
[PATCH v7 04/13] confidential guest support: Move side effect out of machine_set_memory_encryption(), David Gibson, 2021/01/13