2018-03-08 15:48:41 +03:00
|
|
|
/*
|
|
|
|
* QEMU SEV support
|
|
|
|
*
|
|
|
|
* Copyright Advanced Micro Devices 2016-2018
|
|
|
|
*
|
|
|
|
* Author:
|
|
|
|
* Brijesh Singh <brijesh.singh@amd.com>
|
|
|
|
*
|
|
|
|
* This work is licensed under the terms of the GNU GPL, version 2 or later.
|
|
|
|
* See the COPYING file in the top-level directory.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
2018-12-04 20:25:35 +03:00
|
|
|
#include "qemu/osdep.h"
|
|
|
|
|
2018-03-08 15:48:44 +03:00
|
|
|
#include <linux/kvm.h>
|
|
|
|
#include <linux/psp-sev.h>
|
|
|
|
|
|
|
|
#include <sys/ioctl.h>
|
|
|
|
|
2018-03-08 15:48:41 +03:00
|
|
|
#include "qapi/error.h"
|
|
|
|
#include "qom/object_interfaces.h"
|
|
|
|
#include "qemu/base64.h"
|
2019-05-23 17:35:07 +03:00
|
|
|
#include "qemu/module.h"
|
2021-02-08 17:04:52 +03:00
|
|
|
#include "qemu/uuid.h"
|
2018-03-08 15:48:41 +03:00
|
|
|
#include "sysemu/kvm.h"
|
|
|
|
#include "sev_i386.h"
|
|
|
|
#include "sysemu/sysemu.h"
|
2019-08-12 08:23:59 +03:00
|
|
|
#include "sysemu/runstate.h"
|
2018-03-08 15:48:44 +03:00
|
|
|
#include "trace.h"
|
2018-03-08 15:48:57 +03:00
|
|
|
#include "migration/blocker.h"
|
2020-09-03 23:43:22 +03:00
|
|
|
#include "qom/object.h"
|
2020-10-27 20:03:03 +03:00
|
|
|
#include "monitor/monitor.h"
|
2020-05-05 10:00:30 +03:00
|
|
|
#include "exec/confidential-guest-support.h"
|
2021-02-08 17:04:52 +03:00
|
|
|
#include "hw/i386/pc.h"
|
2018-03-08 15:48:41 +03:00
|
|
|
|
2020-06-04 09:42:13 +03:00
|
|
|
#define TYPE_SEV_GUEST "sev-guest"
|
2020-09-16 21:25:19 +03:00
|
|
|
OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST)
|
2020-06-04 09:42:12 +03:00
|
|
|
|
|
|
|
|
|
|
|
/**
|
2020-06-04 09:42:13 +03:00
|
|
|
* SevGuestState:
|
2020-06-04 09:42:12 +03:00
|
|
|
*
|
2020-06-04 09:42:13 +03:00
|
|
|
* The SevGuestState object is used for creating and managing a SEV
|
|
|
|
* guest.
|
2020-06-04 09:42:12 +03:00
|
|
|
*
|
|
|
|
* # $QEMU \
|
|
|
|
* -object sev-guest,id=sev0 \
|
|
|
|
* -machine ...,memory-encryption=sev0
|
|
|
|
*/
|
2020-06-04 09:42:13 +03:00
|
|
|
struct SevGuestState {
|
2020-05-05 10:00:30 +03:00
|
|
|
ConfidentialGuestSupport parent_obj;
|
2020-06-04 09:42:12 +03:00
|
|
|
|
2020-06-04 09:42:14 +03:00
|
|
|
/* configuration parameters */
|
2020-06-04 09:42:12 +03:00
|
|
|
char *sev_device;
|
|
|
|
uint32_t policy;
|
|
|
|
char *dh_cert_file;
|
|
|
|
char *session_file;
|
|
|
|
uint32_t cbitpos;
|
|
|
|
uint32_t reduced_phys_bits;
|
|
|
|
|
2020-06-04 09:42:14 +03:00
|
|
|
/* runtime state */
|
2020-06-04 09:42:18 +03:00
|
|
|
uint32_t handle;
|
2020-06-04 09:42:19 +03:00
|
|
|
uint8_t api_major;
|
|
|
|
uint8_t api_minor;
|
|
|
|
uint8_t build_id;
|
|
|
|
uint64_t me_mask;
|
|
|
|
int sev_fd;
|
|
|
|
SevState state;
|
|
|
|
gchar *measurement;
|
2021-02-08 17:04:52 +03:00
|
|
|
|
|
|
|
uint32_t reset_cs;
|
|
|
|
uint32_t reset_ip;
|
|
|
|
bool reset_data_valid;
|
2020-06-04 09:42:12 +03:00
|
|
|
};
|
|
|
|
|
2018-03-08 15:48:41 +03:00
|
|
|
#define DEFAULT_GUEST_POLICY 0x1 /* disable debug */
|
|
|
|
#define DEFAULT_SEV_DEVICE "/dev/sev"
|
|
|
|
|
2021-02-08 17:04:52 +03:00
|
|
|
#define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e"
|
|
|
|
typedef struct __attribute__((__packed__)) SevInfoBlock {
|
|
|
|
/* SEV-ES Reset Vector Address */
|
|
|
|
uint32_t reset_addr;
|
|
|
|
} SevInfoBlock;
|
|
|
|
|
2020-06-04 09:42:15 +03:00
|
|
|
static SevGuestState *sev_guest;
|
2018-03-08 15:48:57 +03:00
|
|
|
static Error *sev_mig_blocker;
|
2018-03-08 15:48:44 +03:00
|
|
|
|
|
|
|
static const char *const sev_fw_errlist[] = {
|
2021-04-30 16:48:29 +03:00
|
|
|
[SEV_RET_SUCCESS] = "",
|
|
|
|
[SEV_RET_INVALID_PLATFORM_STATE] = "Platform state is invalid",
|
|
|
|
[SEV_RET_INVALID_GUEST_STATE] = "Guest state is invalid",
|
|
|
|
[SEV_RET_INAVLID_CONFIG] = "Platform configuration is invalid",
|
|
|
|
[SEV_RET_INVALID_LEN] = "Buffer too small",
|
|
|
|
[SEV_RET_ALREADY_OWNED] = "Platform is already owned",
|
|
|
|
[SEV_RET_INVALID_CERTIFICATE] = "Certificate is invalid",
|
|
|
|
[SEV_RET_POLICY_FAILURE] = "Policy is not allowed",
|
|
|
|
[SEV_RET_INACTIVE] = "Guest is not active",
|
|
|
|
[SEV_RET_INVALID_ADDRESS] = "Invalid address",
|
|
|
|
[SEV_RET_BAD_SIGNATURE] = "Bad signature",
|
|
|
|
[SEV_RET_BAD_MEASUREMENT] = "Bad measurement",
|
|
|
|
[SEV_RET_ASID_OWNED] = "ASID is already owned",
|
|
|
|
[SEV_RET_INVALID_ASID] = "Invalid ASID",
|
|
|
|
[SEV_RET_WBINVD_REQUIRED] = "WBINVD is required",
|
|
|
|
[SEV_RET_DFFLUSH_REQUIRED] = "DF_FLUSH is required",
|
|
|
|
[SEV_RET_INVALID_GUEST] = "Guest handle is invalid",
|
|
|
|
[SEV_RET_INVALID_COMMAND] = "Invalid command",
|
|
|
|
[SEV_RET_ACTIVE] = "Guest is active",
|
|
|
|
[SEV_RET_HWSEV_RET_PLATFORM] = "Hardware error",
|
|
|
|
[SEV_RET_HWSEV_RET_UNSAFE] = "Hardware unsafe",
|
|
|
|
[SEV_RET_UNSUPPORTED] = "Feature not supported",
|
|
|
|
[SEV_RET_INVALID_PARAM] = "Invalid parameter",
|
2021-04-30 16:48:30 +03:00
|
|
|
[SEV_RET_RESOURCE_LIMIT] = "Required firmware resource depleted",
|
|
|
|
[SEV_RET_SECURE_DATA_INVALID] = "Part-specific integrity check failure",
|
2018-03-08 15:48:44 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
#define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist)
|
|
|
|
|
|
|
|
static int
|
|
|
|
sev_ioctl(int fd, int cmd, void *data, int *error)
|
|
|
|
{
|
|
|
|
int r;
|
|
|
|
struct kvm_sev_cmd input;
|
|
|
|
|
|
|
|
memset(&input, 0x0, sizeof(input));
|
|
|
|
|
|
|
|
input.id = cmd;
|
|
|
|
input.sev_fd = fd;
|
|
|
|
input.data = (__u64)(unsigned long)data;
|
|
|
|
|
|
|
|
r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &input);
|
|
|
|
|
|
|
|
if (error) {
|
|
|
|
*error = input.error;
|
|
|
|
}
|
|
|
|
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
sev_platform_ioctl(int fd, int cmd, void *data, int *error)
|
|
|
|
{
|
|
|
|
int r;
|
|
|
|
struct sev_issue_cmd arg;
|
|
|
|
|
|
|
|
arg.cmd = cmd;
|
|
|
|
arg.data = (unsigned long)data;
|
|
|
|
r = ioctl(fd, SEV_ISSUE_CMD, &arg);
|
|
|
|
if (error) {
|
|
|
|
*error = arg.error;
|
|
|
|
}
|
|
|
|
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
static const char *
|
|
|
|
fw_error_to_str(int code)
|
|
|
|
{
|
|
|
|
if (code < 0 || code >= SEV_FW_MAX_ERROR) {
|
|
|
|
return "unknown error";
|
|
|
|
}
|
|
|
|
|
|
|
|
return sev_fw_errlist[code];
|
|
|
|
}
|
|
|
|
|
2018-03-08 15:48:49 +03:00
|
|
|
static bool
|
2020-06-04 09:42:15 +03:00
|
|
|
sev_check_state(const SevGuestState *sev, SevState state)
|
2018-03-08 15:48:49 +03:00
|
|
|
{
|
2020-06-04 09:42:15 +03:00
|
|
|
assert(sev);
|
2020-06-04 09:42:19 +03:00
|
|
|
return sev->state == state ? true : false;
|
2018-03-08 15:48:49 +03:00
|
|
|
}
|
|
|
|
|
2018-03-08 15:48:48 +03:00
|
|
|
static void
|
2020-06-04 09:42:15 +03:00
|
|
|
sev_set_guest_state(SevGuestState *sev, SevState new_state)
|
2018-03-08 15:48:48 +03:00
|
|
|
{
|
|
|
|
assert(new_state < SEV_STATE__MAX);
|
2020-06-04 09:42:15 +03:00
|
|
|
assert(sev);
|
2018-03-08 15:48:48 +03:00
|
|
|
|
2020-06-04 09:42:19 +03:00
|
|
|
trace_kvm_sev_change_state(SevState_str(sev->state),
|
2018-03-08 15:48:48 +03:00
|
|
|
SevState_str(new_state));
|
2020-06-04 09:42:19 +03:00
|
|
|
sev->state = new_state;
|
2018-03-08 15:48:48 +03:00
|
|
|
}
|
|
|
|
|
2018-03-08 15:48:45 +03:00
|
|
|
static void
|
2021-04-29 14:27:00 +03:00
|
|
|
sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size,
|
|
|
|
size_t max_size)
|
2018-03-08 15:48:45 +03:00
|
|
|
{
|
|
|
|
int r;
|
|
|
|
struct kvm_enc_region range;
|
2019-02-05 01:23:40 +03:00
|
|
|
ram_addr_t offset;
|
|
|
|
MemoryRegion *mr;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The RAM device presents a memory region that should be treated
|
|
|
|
* as IO region and should not be pinned.
|
|
|
|
*/
|
|
|
|
mr = memory_region_from_host(host, &offset);
|
|
|
|
if (mr && memory_region_is_ram_device(mr)) {
|
|
|
|
return;
|
|
|
|
}
|
2018-03-08 15:48:45 +03:00
|
|
|
|
|
|
|
range.addr = (__u64)(unsigned long)host;
|
2021-04-29 14:27:00 +03:00
|
|
|
range.size = max_size;
|
2018-03-08 15:48:45 +03:00
|
|
|
|
2021-04-29 14:27:00 +03:00
|
|
|
trace_kvm_memcrypt_register_region(host, max_size);
|
2018-03-08 15:48:45 +03:00
|
|
|
r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_REG_REGION, &range);
|
|
|
|
if (r) {
|
|
|
|
error_report("%s: failed to register region (%p+%#zx) error '%s'",
|
2021-04-29 14:27:00 +03:00
|
|
|
__func__, host, max_size, strerror(errno));
|
2018-03-08 15:48:45 +03:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2021-04-29 14:27:00 +03:00
|
|
|
sev_ram_block_removed(RAMBlockNotifier *n, void *host, size_t size,
|
|
|
|
size_t max_size)
|
2018-03-08 15:48:45 +03:00
|
|
|
{
|
|
|
|
int r;
|
|
|
|
struct kvm_enc_region range;
|
2019-07-15 17:28:39 +03:00
|
|
|
ram_addr_t offset;
|
|
|
|
MemoryRegion *mr;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The RAM device presents a memory region that should be treated
|
|
|
|
* as IO region and should not have been pinned.
|
|
|
|
*/
|
|
|
|
mr = memory_region_from_host(host, &offset);
|
|
|
|
if (mr && memory_region_is_ram_device(mr)) {
|
|
|
|
return;
|
|
|
|
}
|
2018-03-08 15:48:45 +03:00
|
|
|
|
|
|
|
range.addr = (__u64)(unsigned long)host;
|
2021-04-29 14:27:00 +03:00
|
|
|
range.size = max_size;
|
2018-03-08 15:48:45 +03:00
|
|
|
|
2021-04-29 14:27:00 +03:00
|
|
|
trace_kvm_memcrypt_unregister_region(host, max_size);
|
2018-03-08 15:48:45 +03:00
|
|
|
r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_UNREG_REGION, &range);
|
|
|
|
if (r) {
|
|
|
|
error_report("%s: failed to unregister region (%p+%#zx)",
|
2021-04-29 14:27:00 +03:00
|
|
|
__func__, host, max_size);
|
2018-03-08 15:48:45 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct RAMBlockNotifier sev_ram_notifier = {
|
|
|
|
.ram_block_added = sev_ram_block_added,
|
|
|
|
.ram_block_removed = sev_ram_block_removed,
|
|
|
|
};
|
|
|
|
|
2018-03-08 15:48:41 +03:00
|
|
|
static void
|
2020-06-04 09:42:13 +03:00
|
|
|
sev_guest_finalize(Object *obj)
|
2018-03-08 15:48:41 +03:00
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
static char *
|
2020-06-04 09:42:13 +03:00
|
|
|
sev_guest_get_session_file(Object *obj, Error **errp)
|
2018-03-08 15:48:41 +03:00
|
|
|
{
|
2020-06-04 09:42:13 +03:00
|
|
|
SevGuestState *s = SEV_GUEST(obj);
|
2018-03-08 15:48:41 +03:00
|
|
|
|
|
|
|
return s->session_file ? g_strdup(s->session_file) : NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2020-06-04 09:42:13 +03:00
|
|
|
sev_guest_set_session_file(Object *obj, const char *value, Error **errp)
|
2018-03-08 15:48:41 +03:00
|
|
|
{
|
2020-06-04 09:42:13 +03:00
|
|
|
SevGuestState *s = SEV_GUEST(obj);
|
2018-03-08 15:48:41 +03:00
|
|
|
|
|
|
|
s->session_file = g_strdup(value);
|
|
|
|
}
|
|
|
|
|
|
|
|
static char *
|
2020-06-04 09:42:13 +03:00
|
|
|
sev_guest_get_dh_cert_file(Object *obj, Error **errp)
|
2018-03-08 15:48:41 +03:00
|
|
|
{
|
2020-06-04 09:42:13 +03:00
|
|
|
SevGuestState *s = SEV_GUEST(obj);
|
2018-03-08 15:48:41 +03:00
|
|
|
|
|
|
|
return g_strdup(s->dh_cert_file);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2020-06-04 09:42:13 +03:00
|
|
|
sev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp)
|
2018-03-08 15:48:41 +03:00
|
|
|
{
|
2020-06-04 09:42:13 +03:00
|
|
|
SevGuestState *s = SEV_GUEST(obj);
|
2018-03-08 15:48:41 +03:00
|
|
|
|
|
|
|
s->dh_cert_file = g_strdup(value);
|
|
|
|
}
|
|
|
|
|
|
|
|
static char *
|
2020-06-04 09:42:13 +03:00
|
|
|
sev_guest_get_sev_device(Object *obj, Error **errp)
|
2018-03-08 15:48:41 +03:00
|
|
|
{
|
2020-06-04 09:42:13 +03:00
|
|
|
SevGuestState *sev = SEV_GUEST(obj);
|
2018-03-08 15:48:41 +03:00
|
|
|
|
|
|
|
return g_strdup(sev->sev_device);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2020-06-04 09:42:13 +03:00
|
|
|
sev_guest_set_sev_device(Object *obj, const char *value, Error **errp)
|
2018-03-08 15:48:41 +03:00
|
|
|
{
|
2020-06-04 09:42:13 +03:00
|
|
|
SevGuestState *sev = SEV_GUEST(obj);
|
2018-03-08 15:48:41 +03:00
|
|
|
|
|
|
|
sev->sev_device = g_strdup(value);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2020-06-04 09:42:13 +03:00
|
|
|
sev_guest_class_init(ObjectClass *oc, void *data)
|
2018-03-08 15:48:41 +03:00
|
|
|
{
|
|
|
|
object_class_property_add_str(oc, "sev-device",
|
2020-06-04 09:42:13 +03:00
|
|
|
sev_guest_get_sev_device,
|
|
|
|
sev_guest_set_sev_device);
|
2018-03-08 15:48:41 +03:00
|
|
|
object_class_property_set_description(oc, "sev-device",
|
2020-05-05 18:29:15 +03:00
|
|
|
"SEV device to use");
|
2018-03-08 15:48:41 +03:00
|
|
|
object_class_property_add_str(oc, "dh-cert-file",
|
2020-06-04 09:42:13 +03:00
|
|
|
sev_guest_get_dh_cert_file,
|
|
|
|
sev_guest_set_dh_cert_file);
|
2018-03-08 15:48:41 +03:00
|
|
|
object_class_property_set_description(oc, "dh-cert-file",
|
2020-05-05 18:29:15 +03:00
|
|
|
"guest owners DH certificate (encoded with base64)");
|
2018-03-08 15:48:41 +03:00
|
|
|
object_class_property_add_str(oc, "session-file",
|
2020-06-04 09:42:13 +03:00
|
|
|
sev_guest_get_session_file,
|
|
|
|
sev_guest_set_session_file);
|
2018-03-08 15:48:41 +03:00
|
|
|
object_class_property_set_description(oc, "session-file",
|
2020-05-05 18:29:15 +03:00
|
|
|
"guest owners session parameters (encoded with base64)");
|
2018-03-08 15:48:41 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2020-06-04 09:42:13 +03:00
|
|
|
sev_guest_instance_init(Object *obj)
|
2018-03-08 15:48:41 +03:00
|
|
|
{
|
2020-06-04 09:42:13 +03:00
|
|
|
SevGuestState *sev = SEV_GUEST(obj);
|
2018-03-08 15:48:41 +03:00
|
|
|
|
|
|
|
sev->sev_device = g_strdup(DEFAULT_SEV_DEVICE);
|
|
|
|
sev->policy = DEFAULT_GUEST_POLICY;
|
2020-02-04 16:16:01 +03:00
|
|
|
object_property_add_uint32_ptr(obj, "policy", &sev->policy,
|
qom: Drop parameter @errp of object_property_add() & friends
The only way object_property_add() can fail is when a property with
the same name already exists. Since our property names are all
hardcoded, failure is a programming error, and the appropriate way to
handle it is passing &error_abort.
Same for its variants, except for object_property_add_child(), which
additionally fails when the child already has a parent. Parentage is
also under program control, so this is a programming error, too.
We have a bit over 500 callers. Almost half of them pass
&error_abort, slightly fewer ignore errors, one test case handles
errors, and the remaining few callers pass them to their own callers.
The previous few commits demonstrated once again that ignoring
programming errors is a bad idea.
Of the few ones that pass on errors, several violate the Error API.
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call. ich9_pm_add_properties(), sparc32_ledma_realize(),
sparc32_dma_realize(), xilinx_axidma_realize(), xilinx_enet_realize()
are wrong that way.
When the one appropriate choice of argument is &error_abort, letting
users pick the argument is a bad idea.
Drop parameter @errp and assert the preconditions instead.
There's one exception to "duplicate property name is a programming
error": the way object_property_add() implements the magic (and
undocumented) "automatic arrayification". Don't drop @errp there.
Instead, rename object_property_add() to object_property_try_add(),
and add the obvious wrapper object_property_add().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-15-armbru@redhat.com>
[Two semantic rebase conflicts resolved]
2020-05-05 18:29:22 +03:00
|
|
|
OBJ_PROP_FLAG_READWRITE);
|
2020-02-04 16:16:01 +03:00
|
|
|
object_property_add_uint32_ptr(obj, "handle", &sev->handle,
|
qom: Drop parameter @errp of object_property_add() & friends
The only way object_property_add() can fail is when a property with
the same name already exists. Since our property names are all
hardcoded, failure is a programming error, and the appropriate way to
handle it is passing &error_abort.
Same for its variants, except for object_property_add_child(), which
additionally fails when the child already has a parent. Parentage is
also under program control, so this is a programming error, too.
We have a bit over 500 callers. Almost half of them pass
&error_abort, slightly fewer ignore errors, one test case handles
errors, and the remaining few callers pass them to their own callers.
The previous few commits demonstrated once again that ignoring
programming errors is a bad idea.
Of the few ones that pass on errors, several violate the Error API.
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call. ich9_pm_add_properties(), sparc32_ledma_realize(),
sparc32_dma_realize(), xilinx_axidma_realize(), xilinx_enet_realize()
are wrong that way.
When the one appropriate choice of argument is &error_abort, letting
users pick the argument is a bad idea.
Drop parameter @errp and assert the preconditions instead.
There's one exception to "duplicate property name is a programming
error": the way object_property_add() implements the magic (and
undocumented) "automatic arrayification". Don't drop @errp there.
Instead, rename object_property_add() to object_property_try_add(),
and add the obvious wrapper object_property_add().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-15-armbru@redhat.com>
[Two semantic rebase conflicts resolved]
2020-05-05 18:29:22 +03:00
|
|
|
OBJ_PROP_FLAG_READWRITE);
|
2020-02-04 16:16:01 +03:00
|
|
|
object_property_add_uint32_ptr(obj, "cbitpos", &sev->cbitpos,
|
qom: Drop parameter @errp of object_property_add() & friends
The only way object_property_add() can fail is when a property with
the same name already exists. Since our property names are all
hardcoded, failure is a programming error, and the appropriate way to
handle it is passing &error_abort.
Same for its variants, except for object_property_add_child(), which
additionally fails when the child already has a parent. Parentage is
also under program control, so this is a programming error, too.
We have a bit over 500 callers. Almost half of them pass
&error_abort, slightly fewer ignore errors, one test case handles
errors, and the remaining few callers pass them to their own callers.
The previous few commits demonstrated once again that ignoring
programming errors is a bad idea.
Of the few ones that pass on errors, several violate the Error API.
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call. ich9_pm_add_properties(), sparc32_ledma_realize(),
sparc32_dma_realize(), xilinx_axidma_realize(), xilinx_enet_realize()
are wrong that way.
When the one appropriate choice of argument is &error_abort, letting
users pick the argument is a bad idea.
Drop parameter @errp and assert the preconditions instead.
There's one exception to "duplicate property name is a programming
error": the way object_property_add() implements the magic (and
undocumented) "automatic arrayification". Don't drop @errp there.
Instead, rename object_property_add() to object_property_try_add(),
and add the obvious wrapper object_property_add().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-15-armbru@redhat.com>
[Two semantic rebase conflicts resolved]
2020-05-05 18:29:22 +03:00
|
|
|
OBJ_PROP_FLAG_READWRITE);
|
2020-02-04 16:16:01 +03:00
|
|
|
object_property_add_uint32_ptr(obj, "reduced-phys-bits",
|
|
|
|
&sev->reduced_phys_bits,
|
qom: Drop parameter @errp of object_property_add() & friends
The only way object_property_add() can fail is when a property with
the same name already exists. Since our property names are all
hardcoded, failure is a programming error, and the appropriate way to
handle it is passing &error_abort.
Same for its variants, except for object_property_add_child(), which
additionally fails when the child already has a parent. Parentage is
also under program control, so this is a programming error, too.
We have a bit over 500 callers. Almost half of them pass
&error_abort, slightly fewer ignore errors, one test case handles
errors, and the remaining few callers pass them to their own callers.
The previous few commits demonstrated once again that ignoring
programming errors is a bad idea.
Of the few ones that pass on errors, several violate the Error API.
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call. ich9_pm_add_properties(), sparc32_ledma_realize(),
sparc32_dma_realize(), xilinx_axidma_realize(), xilinx_enet_realize()
are wrong that way.
When the one appropriate choice of argument is &error_abort, letting
users pick the argument is a bad idea.
Drop parameter @errp and assert the preconditions instead.
There's one exception to "duplicate property name is a programming
error": the way object_property_add() implements the magic (and
undocumented) "automatic arrayification". Don't drop @errp there.
Instead, rename object_property_add() to object_property_try_add(),
and add the obvious wrapper object_property_add().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-15-armbru@redhat.com>
[Two semantic rebase conflicts resolved]
2020-05-05 18:29:22 +03:00
|
|
|
OBJ_PROP_FLAG_READWRITE);
|
2018-03-08 15:48:41 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/* sev guest info */
|
2020-06-04 09:42:13 +03:00
|
|
|
static const TypeInfo sev_guest_info = {
|
2020-05-05 10:00:30 +03:00
|
|
|
.parent = TYPE_CONFIDENTIAL_GUEST_SUPPORT,
|
2020-06-04 09:42:13 +03:00
|
|
|
.name = TYPE_SEV_GUEST,
|
|
|
|
.instance_size = sizeof(SevGuestState),
|
|
|
|
.instance_finalize = sev_guest_finalize,
|
|
|
|
.class_init = sev_guest_class_init,
|
|
|
|
.instance_init = sev_guest_instance_init,
|
2018-03-08 15:48:41 +03:00
|
|
|
.interfaces = (InterfaceInfo[]) {
|
|
|
|
{ TYPE_USER_CREATABLE },
|
|
|
|
{ }
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2018-03-08 15:48:44 +03:00
|
|
|
bool
|
|
|
|
sev_enabled(void)
|
|
|
|
{
|
2020-06-04 09:42:15 +03:00
|
|
|
return !!sev_guest;
|
2018-03-08 15:48:44 +03:00
|
|
|
}
|
|
|
|
|
2021-01-26 20:36:44 +03:00
|
|
|
bool
|
|
|
|
sev_es_enabled(void)
|
|
|
|
{
|
2021-01-26 20:36:49 +03:00
|
|
|
return sev_enabled() && (sev_guest->policy & SEV_POLICY_ES);
|
2021-01-26 20:36:44 +03:00
|
|
|
}
|
|
|
|
|
2018-03-08 15:48:44 +03:00
|
|
|
uint64_t
|
|
|
|
sev_get_me_mask(void)
|
|
|
|
{
|
2020-06-04 09:42:19 +03:00
|
|
|
return sev_guest ? sev_guest->me_mask : ~0;
|
2018-03-08 15:48:44 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
uint32_t
|
|
|
|
sev_get_cbit_position(void)
|
|
|
|
{
|
2020-06-04 09:42:16 +03:00
|
|
|
return sev_guest ? sev_guest->cbitpos : 0;
|
2018-03-08 15:48:44 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
uint32_t
|
|
|
|
sev_get_reduced_phys_bits(void)
|
|
|
|
{
|
2020-06-04 09:42:16 +03:00
|
|
|
return sev_guest ? sev_guest->reduced_phys_bits : 0;
|
2018-03-08 15:48:44 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
SevInfo *
|
|
|
|
sev_get_info(void)
|
|
|
|
{
|
|
|
|
SevInfo *info;
|
|
|
|
|
|
|
|
info = g_new0(SevInfo, 1);
|
2020-06-04 09:42:15 +03:00
|
|
|
info->enabled = sev_enabled();
|
2018-03-08 15:48:44 +03:00
|
|
|
|
|
|
|
if (info->enabled) {
|
2020-06-04 09:42:19 +03:00
|
|
|
info->api_major = sev_guest->api_major;
|
|
|
|
info->api_minor = sev_guest->api_minor;
|
|
|
|
info->build_id = sev_guest->build_id;
|
2020-06-04 09:42:17 +03:00
|
|
|
info->policy = sev_guest->policy;
|
2020-06-04 09:42:19 +03:00
|
|
|
info->state = sev_guest->state;
|
2020-06-04 09:42:18 +03:00
|
|
|
info->handle = sev_guest->handle;
|
2018-03-08 15:48:44 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return info;
|
|
|
|
}
|
|
|
|
|
2018-03-08 15:49:00 +03:00
|
|
|
static int
|
|
|
|
sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len, guchar **cert_chain,
|
2020-06-30 18:35:46 +03:00
|
|
|
size_t *cert_chain_len, Error **errp)
|
2018-03-08 15:49:00 +03:00
|
|
|
{
|
2018-04-27 16:11:26 +03:00
|
|
|
guchar *pdh_data = NULL;
|
|
|
|
guchar *cert_chain_data = NULL;
|
2018-03-08 15:49:00 +03:00
|
|
|
struct sev_user_data_pdh_cert_export export = {};
|
|
|
|
int err, r;
|
|
|
|
|
|
|
|
/* query the certificate length */
|
|
|
|
r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err);
|
|
|
|
if (r < 0) {
|
|
|
|
if (err != SEV_RET_INVALID_LEN) {
|
2020-06-30 18:35:46 +03:00
|
|
|
error_setg(errp, "failed to export PDH cert ret=%d fw_err=%d (%s)",
|
|
|
|
r, err, fw_error_to_str(err));
|
2018-03-08 15:49:00 +03:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pdh_data = g_new(guchar, export.pdh_cert_len);
|
|
|
|
cert_chain_data = g_new(guchar, export.cert_chain_len);
|
|
|
|
export.pdh_cert_address = (unsigned long)pdh_data;
|
|
|
|
export.cert_chain_address = (unsigned long)cert_chain_data;
|
|
|
|
|
|
|
|
r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err);
|
|
|
|
if (r < 0) {
|
2020-06-30 18:35:46 +03:00
|
|
|
error_setg(errp, "failed to export PDH cert ret=%d fw_err=%d (%s)",
|
|
|
|
r, err, fw_error_to_str(err));
|
2018-03-08 15:49:00 +03:00
|
|
|
goto e_free;
|
|
|
|
}
|
|
|
|
|
|
|
|
*pdh = pdh_data;
|
|
|
|
*pdh_len = export.pdh_cert_len;
|
|
|
|
*cert_chain = cert_chain_data;
|
|
|
|
*cert_chain_len = export.cert_chain_len;
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
e_free:
|
|
|
|
g_free(pdh_data);
|
|
|
|
g_free(cert_chain_data);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
SevCapability *
|
2020-06-30 18:35:46 +03:00
|
|
|
sev_get_capabilities(Error **errp)
|
2018-03-08 15:49:00 +03:00
|
|
|
{
|
2018-04-27 16:11:26 +03:00
|
|
|
SevCapability *cap = NULL;
|
|
|
|
guchar *pdh_data = NULL;
|
|
|
|
guchar *cert_chain_data = NULL;
|
2018-03-08 15:49:00 +03:00
|
|
|
size_t pdh_len = 0, cert_chain_len = 0;
|
|
|
|
uint32_t ebx;
|
|
|
|
int fd;
|
|
|
|
|
2020-06-30 18:38:18 +03:00
|
|
|
if (!kvm_enabled()) {
|
|
|
|
error_setg(errp, "KVM not enabled");
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
if (kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, NULL) < 0) {
|
|
|
|
error_setg(errp, "SEV is not enabled in KVM");
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2018-03-08 15:49:00 +03:00
|
|
|
fd = open(DEFAULT_SEV_DEVICE, O_RDWR);
|
|
|
|
if (fd < 0) {
|
2020-06-30 18:35:46 +03:00
|
|
|
error_setg_errno(errp, errno, "Failed to open %s",
|
|
|
|
DEFAULT_SEV_DEVICE);
|
2018-03-08 15:49:00 +03:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sev_get_pdh_info(fd, &pdh_data, &pdh_len,
|
2020-06-30 18:35:46 +03:00
|
|
|
&cert_chain_data, &cert_chain_len, errp)) {
|
2018-04-27 16:11:26 +03:00
|
|
|
goto out;
|
2018-03-08 15:49:00 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
cap = g_new0(SevCapability, 1);
|
|
|
|
cap->pdh = g_base64_encode(pdh_data, pdh_len);
|
|
|
|
cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len);
|
|
|
|
|
|
|
|
host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
|
|
|
|
cap->cbitpos = ebx & 0x3f;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* When SEV feature is enabled, we loose one bit in guest physical
|
|
|
|
* addressing.
|
|
|
|
*/
|
|
|
|
cap->reduced_phys_bits = 1;
|
|
|
|
|
2018-04-27 16:11:26 +03:00
|
|
|
out:
|
2018-03-08 15:49:00 +03:00
|
|
|
g_free(pdh_data);
|
|
|
|
g_free(cert_chain_data);
|
|
|
|
close(fd);
|
|
|
|
return cap;
|
|
|
|
}
|
|
|
|
|
2021-04-29 20:07:28 +03:00
|
|
|
SevAttestationReport *
|
|
|
|
sev_get_attestation_report(const char *mnonce, Error **errp)
|
|
|
|
{
|
|
|
|
struct kvm_sev_attestation_report input = {};
|
|
|
|
SevAttestationReport *report = NULL;
|
|
|
|
SevGuestState *sev = sev_guest;
|
|
|
|
guchar *data;
|
|
|
|
guchar *buf;
|
|
|
|
gsize len;
|
|
|
|
int err = 0, ret;
|
|
|
|
|
|
|
|
if (!sev_enabled()) {
|
|
|
|
error_setg(errp, "SEV is not enabled");
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* lets decode the mnonce string */
|
|
|
|
buf = g_base64_decode(mnonce, &len);
|
|
|
|
if (!buf) {
|
|
|
|
error_setg(errp, "SEV: failed to decode mnonce input");
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* verify the input mnonce length */
|
|
|
|
if (len != sizeof(input.mnonce)) {
|
|
|
|
error_setg(errp, "SEV: mnonce must be %zu bytes (got %" G_GSIZE_FORMAT ")",
|
|
|
|
sizeof(input.mnonce), len);
|
|
|
|
g_free(buf);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Query the report length */
|
|
|
|
ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT,
|
|
|
|
&input, &err);
|
|
|
|
if (ret < 0) {
|
|
|
|
if (err != SEV_RET_INVALID_LEN) {
|
|
|
|
error_setg(errp, "failed to query the attestation report length "
|
|
|
|
"ret=%d fw_err=%d (%s)", ret, err, fw_error_to_str(err));
|
|
|
|
g_free(buf);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
data = g_malloc(input.len);
|
|
|
|
input.uaddr = (unsigned long)data;
|
|
|
|
memcpy(input.mnonce, buf, sizeof(input.mnonce));
|
|
|
|
|
|
|
|
/* Query the report */
|
|
|
|
ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT,
|
|
|
|
&input, &err);
|
|
|
|
if (ret) {
|
|
|
|
error_setg_errno(errp, errno, "Failed to get attestation report"
|
|
|
|
" ret=%d fw_err=%d (%s)", ret, err, fw_error_to_str(err));
|
|
|
|
goto e_free_data;
|
|
|
|
}
|
|
|
|
|
|
|
|
report = g_new0(SevAttestationReport, 1);
|
|
|
|
report->data = g_base64_encode(data, input.len);
|
|
|
|
|
|
|
|
trace_kvm_sev_attestation_report(mnonce, report->data);
|
|
|
|
|
|
|
|
e_free_data:
|
|
|
|
g_free(data);
|
|
|
|
g_free(buf);
|
|
|
|
return report;
|
|
|
|
}
|
|
|
|
|
2018-03-08 15:48:48 +03:00
|
|
|
static int
|
|
|
|
sev_read_file_base64(const char *filename, guchar **data, gsize *len)
|
|
|
|
{
|
|
|
|
gsize sz;
|
|
|
|
gchar *base64;
|
|
|
|
GError *error = NULL;
|
|
|
|
|
|
|
|
if (!g_file_get_contents(filename, &base64, &sz, &error)) {
|
|
|
|
error_report("failed to read '%s' (%s)", filename, error->message);
|
2020-08-31 16:43:09 +03:00
|
|
|
g_error_free(error);
|
2018-03-08 15:48:48 +03:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
*data = g_base64_decode(base64, len);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2020-06-04 09:42:14 +03:00
|
|
|
sev_launch_start(SevGuestState *sev)
|
2018-03-08 15:48:48 +03:00
|
|
|
{
|
|
|
|
gsize sz;
|
|
|
|
int ret = 1;
|
2018-04-27 16:11:26 +03:00
|
|
|
int fw_error, rc;
|
2018-03-08 15:48:48 +03:00
|
|
|
struct kvm_sev_launch_start *start;
|
|
|
|
guchar *session = NULL, *dh_cert = NULL;
|
|
|
|
|
|
|
|
start = g_new0(struct kvm_sev_launch_start, 1);
|
|
|
|
|
2020-06-04 09:42:18 +03:00
|
|
|
start->handle = sev->handle;
|
2020-06-04 09:42:17 +03:00
|
|
|
start->policy = sev->policy;
|
2018-03-08 15:48:48 +03:00
|
|
|
if (sev->session_file) {
|
|
|
|
if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) {
|
2018-04-27 16:11:26 +03:00
|
|
|
goto out;
|
2018-03-08 15:48:48 +03:00
|
|
|
}
|
|
|
|
start->session_uaddr = (unsigned long)session;
|
|
|
|
start->session_len = sz;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sev->dh_cert_file) {
|
|
|
|
if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) {
|
2018-04-27 16:11:26 +03:00
|
|
|
goto out;
|
2018-03-08 15:48:48 +03:00
|
|
|
}
|
|
|
|
start->dh_uaddr = (unsigned long)dh_cert;
|
|
|
|
start->dh_len = sz;
|
|
|
|
}
|
|
|
|
|
|
|
|
trace_kvm_sev_launch_start(start->policy, session, dh_cert);
|
2020-06-04 09:42:19 +03:00
|
|
|
rc = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_START, start, &fw_error);
|
2018-04-27 16:11:26 +03:00
|
|
|
if (rc < 0) {
|
2018-03-08 15:48:48 +03:00
|
|
|
error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'",
|
|
|
|
__func__, ret, fw_error, fw_error_to_str(fw_error));
|
2018-04-27 16:11:26 +03:00
|
|
|
goto out;
|
2018-03-08 15:48:48 +03:00
|
|
|
}
|
|
|
|
|
2020-06-04 09:42:15 +03:00
|
|
|
sev_set_guest_state(sev, SEV_STATE_LAUNCH_UPDATE);
|
2020-06-04 09:42:18 +03:00
|
|
|
sev->handle = start->handle;
|
2018-04-27 16:11:26 +03:00
|
|
|
ret = 0;
|
2018-03-08 15:48:48 +03:00
|
|
|
|
2018-04-27 16:11:26 +03:00
|
|
|
out:
|
2018-03-08 15:48:48 +03:00
|
|
|
g_free(start);
|
|
|
|
g_free(session);
|
|
|
|
g_free(dh_cert);
|
2018-04-27 16:11:26 +03:00
|
|
|
return ret;
|
2018-03-08 15:48:48 +03:00
|
|
|
}
|
|
|
|
|
2018-03-08 15:48:49 +03:00
|
|
|
static int
|
2020-06-04 09:42:15 +03:00
|
|
|
sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len)
|
2018-03-08 15:48:49 +03:00
|
|
|
{
|
|
|
|
int ret, fw_error;
|
|
|
|
struct kvm_sev_launch_update_data update;
|
|
|
|
|
|
|
|
if (!addr || !len) {
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
update.uaddr = (__u64)(unsigned long)addr;
|
|
|
|
update.len = len;
|
|
|
|
trace_kvm_sev_launch_update_data(addr, len);
|
2020-06-04 09:42:19 +03:00
|
|
|
ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA,
|
2018-03-08 15:48:49 +03:00
|
|
|
&update, &fw_error);
|
|
|
|
if (ret) {
|
|
|
|
error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'",
|
|
|
|
__func__, ret, fw_error, fw_error_to_str(fw_error));
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2021-01-26 20:36:44 +03:00
|
|
|
static int
|
|
|
|
sev_launch_update_vmsa(SevGuestState *sev)
|
|
|
|
{
|
|
|
|
int ret, fw_error;
|
|
|
|
|
|
|
|
ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL, &fw_error);
|
|
|
|
if (ret) {
|
|
|
|
error_report("%s: LAUNCH_UPDATE_VMSA ret=%d fw_error=%d '%s'",
|
|
|
|
__func__, ret, fw_error, fw_error_to_str(fw_error));
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2018-03-08 15:48:51 +03:00
|
|
|
static void
|
|
|
|
sev_launch_get_measure(Notifier *notifier, void *unused)
|
|
|
|
{
|
2020-06-04 09:42:15 +03:00
|
|
|
SevGuestState *sev = sev_guest;
|
2018-03-08 15:48:51 +03:00
|
|
|
int ret, error;
|
|
|
|
guchar *data;
|
|
|
|
struct kvm_sev_launch_measure *measurement;
|
|
|
|
|
2020-06-04 09:42:15 +03:00
|
|
|
if (!sev_check_state(sev, SEV_STATE_LAUNCH_UPDATE)) {
|
2018-03-08 15:48:51 +03:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2021-01-26 20:36:44 +03:00
|
|
|
if (sev_es_enabled()) {
|
|
|
|
/* measure all the VM save areas before getting launch_measure */
|
|
|
|
ret = sev_launch_update_vmsa(sev);
|
|
|
|
if (ret) {
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-03-08 15:48:51 +03:00
|
|
|
measurement = g_new0(struct kvm_sev_launch_measure, 1);
|
|
|
|
|
|
|
|
/* query the measurement blob length */
|
2020-06-04 09:42:19 +03:00
|
|
|
ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE,
|
2018-03-08 15:48:51 +03:00
|
|
|
measurement, &error);
|
|
|
|
if (!measurement->len) {
|
|
|
|
error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'",
|
|
|
|
__func__, ret, error, fw_error_to_str(errno));
|
|
|
|
goto free_measurement;
|
|
|
|
}
|
|
|
|
|
|
|
|
data = g_new0(guchar, measurement->len);
|
|
|
|
measurement->uaddr = (unsigned long)data;
|
|
|
|
|
|
|
|
/* get the measurement blob */
|
2020-06-04 09:42:19 +03:00
|
|
|
ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE,
|
2018-03-08 15:48:51 +03:00
|
|
|
measurement, &error);
|
|
|
|
if (ret) {
|
|
|
|
error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'",
|
|
|
|
__func__, ret, error, fw_error_to_str(errno));
|
|
|
|
goto free_data;
|
|
|
|
}
|
|
|
|
|
2020-06-04 09:42:15 +03:00
|
|
|
sev_set_guest_state(sev, SEV_STATE_LAUNCH_SECRET);
|
2018-03-08 15:48:51 +03:00
|
|
|
|
|
|
|
/* encode the measurement value and emit the event */
|
2020-06-04 09:42:19 +03:00
|
|
|
sev->measurement = g_base64_encode(data, measurement->len);
|
|
|
|
trace_kvm_sev_launch_measurement(sev->measurement);
|
2018-03-08 15:48:51 +03:00
|
|
|
|
|
|
|
free_data:
|
|
|
|
g_free(data);
|
|
|
|
free_measurement:
|
|
|
|
g_free(measurement);
|
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
|
|
|
sev_get_launch_measurement(void)
|
|
|
|
{
|
2020-06-04 09:42:15 +03:00
|
|
|
if (sev_guest &&
|
2020-06-04 09:42:19 +03:00
|
|
|
sev_guest->state >= SEV_STATE_LAUNCH_SECRET) {
|
|
|
|
return g_strdup(sev_guest->measurement);
|
2018-03-08 15:48:51 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
static Notifier sev_machine_done_notify = {
|
|
|
|
.notify = sev_launch_get_measure,
|
|
|
|
};
|
|
|
|
|
2018-03-08 15:48:52 +03:00
|
|
|
static void
|
2020-06-04 09:42:15 +03:00
|
|
|
sev_launch_finish(SevGuestState *sev)
|
2018-03-08 15:48:52 +03:00
|
|
|
{
|
|
|
|
int ret, error;
|
2018-03-08 15:48:57 +03:00
|
|
|
Error *local_err = NULL;
|
2018-03-08 15:48:52 +03:00
|
|
|
|
|
|
|
trace_kvm_sev_launch_finish();
|
2020-06-04 09:42:19 +03:00
|
|
|
ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, &error);
|
2018-03-08 15:48:52 +03:00
|
|
|
if (ret) {
|
|
|
|
error_report("%s: LAUNCH_FINISH ret=%d fw_error=%d '%s'",
|
|
|
|
__func__, ret, error, fw_error_to_str(error));
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
2020-06-04 09:42:15 +03:00
|
|
|
sev_set_guest_state(sev, SEV_STATE_RUNNING);
|
2018-03-08 15:48:57 +03:00
|
|
|
|
|
|
|
/* add migration blocker */
|
|
|
|
error_setg(&sev_mig_blocker,
|
|
|
|
"SEV: Migration is not implemented");
|
|
|
|
ret = migrate_add_blocker(sev_mig_blocker, &local_err);
|
|
|
|
if (local_err) {
|
|
|
|
error_report_err(local_err);
|
|
|
|
error_free(sev_mig_blocker);
|
|
|
|
exit(1);
|
|
|
|
}
|
2018-03-08 15:48:52 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2021-01-11 18:20:20 +03:00
|
|
|
sev_vm_state_change(void *opaque, bool running, RunState state)
|
2018-03-08 15:48:52 +03:00
|
|
|
{
|
2020-06-04 09:42:15 +03:00
|
|
|
SevGuestState *sev = opaque;
|
2018-03-08 15:48:52 +03:00
|
|
|
|
|
|
|
if (running) {
|
2020-06-04 09:42:15 +03:00
|
|
|
if (!sev_check_state(sev, SEV_STATE_RUNNING)) {
|
|
|
|
sev_launch_finish(sev);
|
2018-03-08 15:48:52 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-06-04 07:18:52 +03:00
|
|
|
int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
|
2018-03-08 15:48:44 +03:00
|
|
|
{
|
2020-10-16 06:52:30 +03:00
|
|
|
SevGuestState *sev
|
|
|
|
= (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUEST);
|
2018-03-08 15:48:44 +03:00
|
|
|
char *devname;
|
2021-01-26 20:36:44 +03:00
|
|
|
int ret, fw_error, cmd;
|
2018-03-08 15:48:44 +03:00
|
|
|
uint32_t ebx;
|
|
|
|
uint32_t host_cbitpos;
|
|
|
|
struct sev_user_data_status status = {};
|
|
|
|
|
2020-10-16 06:52:30 +03:00
|
|
|
if (!sev) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2020-06-26 10:22:34 +03:00
|
|
|
ret = ram_block_discard_disable(true);
|
|
|
|
if (ret) {
|
|
|
|
error_report("%s: cannot disable RAM discard", __func__);
|
sev: Remove false abstraction of flash encryption
When AMD's SEV memory encryption is in use, flash memory banks (which are
initialed by pc_system_flash_map()) need to be encrypted with the guest's
key, so that the guest can read them.
That's abstracted via the kvm_memcrypt_encrypt_data() callback in the KVM
state.. except, that it doesn't really abstract much at all.
For starters, the only call site is in code specific to the 'pc'
family of machine types, so it's obviously specific to those and to
x86 to begin with. But it makes a bunch of further assumptions that
need not be true about an arbitrary confidential guest system based on
memory encryption, let alone one based on other mechanisms:
* it assumes that the flash memory is defined to be encrypted with the
guest key, rather than being shared with hypervisor
* it assumes that that hypervisor has some mechanism to encrypt data into
the guest, even though it can't decrypt it out, since that's the whole
point
* the interface assumes that this encrypt can be done in place, which
implies that the hypervisor can write into a confidential guests's
memory, even if what it writes isn't meaningful
So really, this "abstraction" is actually pretty specific to the way SEV
works. So, this patch removes it and instead has the PC flash
initialization code call into a SEV specific callback.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
2021-01-12 03:58:04 +03:00
|
|
|
return -1;
|
2020-06-26 10:22:34 +03:00
|
|
|
}
|
|
|
|
|
2020-06-04 09:42:15 +03:00
|
|
|
sev_guest = sev;
|
2020-06-04 09:42:19 +03:00
|
|
|
sev->state = SEV_STATE_UNINIT;
|
2018-03-08 15:48:44 +03:00
|
|
|
|
|
|
|
host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
|
|
|
|
host_cbitpos = ebx & 0x3f;
|
|
|
|
|
2020-06-04 09:42:16 +03:00
|
|
|
if (host_cbitpos != sev->cbitpos) {
|
2020-06-04 07:18:52 +03:00
|
|
|
error_setg(errp, "%s: cbitpos check failed, host '%d' requested '%d'",
|
|
|
|
__func__, host_cbitpos, sev->cbitpos);
|
2018-03-08 15:48:44 +03:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2020-06-04 09:42:16 +03:00
|
|
|
if (sev->reduced_phys_bits < 1) {
|
2020-06-04 07:18:52 +03:00
|
|
|
error_setg(errp, "%s: reduced_phys_bits check failed, it should be >=1,"
|
|
|
|
" requested '%d'", __func__, sev->reduced_phys_bits);
|
2018-03-08 15:48:44 +03:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2020-06-04 09:42:19 +03:00
|
|
|
sev->me_mask = ~(1UL << sev->cbitpos);
|
2018-03-08 15:48:44 +03:00
|
|
|
|
2020-06-04 09:42:14 +03:00
|
|
|
devname = object_property_get_str(OBJECT(sev), "sev-device", NULL);
|
2020-06-04 09:42:19 +03:00
|
|
|
sev->sev_fd = open(devname, O_RDWR);
|
|
|
|
if (sev->sev_fd < 0) {
|
2020-06-04 07:18:52 +03:00
|
|
|
error_setg(errp, "%s: Failed to open %s '%s'", __func__,
|
|
|
|
devname, strerror(errno));
|
|
|
|
g_free(devname);
|
2018-03-29 12:10:21 +03:00
|
|
|
goto err;
|
|
|
|
}
|
2020-06-04 07:18:52 +03:00
|
|
|
g_free(devname);
|
2018-03-08 15:48:44 +03:00
|
|
|
|
2020-06-04 09:42:19 +03:00
|
|
|
ret = sev_platform_ioctl(sev->sev_fd, SEV_PLATFORM_STATUS, &status,
|
2018-03-08 15:48:44 +03:00
|
|
|
&fw_error);
|
|
|
|
if (ret) {
|
2020-06-04 07:18:52 +03:00
|
|
|
error_setg(errp, "%s: failed to get platform status ret=%d "
|
|
|
|
"fw_error='%d: %s'", __func__, ret, fw_error,
|
|
|
|
fw_error_to_str(fw_error));
|
2018-03-08 15:48:44 +03:00
|
|
|
goto err;
|
|
|
|
}
|
2020-06-04 09:42:19 +03:00
|
|
|
sev->build_id = status.build;
|
|
|
|
sev->api_major = status.api_major;
|
|
|
|
sev->api_minor = status.api_minor;
|
2018-03-08 15:48:44 +03:00
|
|
|
|
2021-01-26 20:36:44 +03:00
|
|
|
if (sev_es_enabled()) {
|
2021-01-26 20:36:45 +03:00
|
|
|
if (!kvm_kernel_irqchip_allowed()) {
|
|
|
|
error_report("%s: SEV-ES guests require in-kernel irqchip support",
|
|
|
|
__func__);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2021-01-26 20:36:44 +03:00
|
|
|
if (!(status.flags & SEV_STATUS_FLAGS_CONFIG_ES)) {
|
|
|
|
error_report("%s: guest policy requires SEV-ES, but "
|
|
|
|
"host SEV-ES support unavailable",
|
|
|
|
__func__);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
cmd = KVM_SEV_ES_INIT;
|
|
|
|
} else {
|
|
|
|
cmd = KVM_SEV_INIT;
|
|
|
|
}
|
|
|
|
|
2018-03-08 15:48:44 +03:00
|
|
|
trace_kvm_sev_init();
|
2021-01-26 20:36:44 +03:00
|
|
|
ret = sev_ioctl(sev->sev_fd, cmd, NULL, &fw_error);
|
2018-03-08 15:48:44 +03:00
|
|
|
if (ret) {
|
2020-06-04 07:18:52 +03:00
|
|
|
error_setg(errp, "%s: failed to initialize ret=%d fw_error=%d '%s'",
|
|
|
|
__func__, ret, fw_error, fw_error_to_str(fw_error));
|
2018-03-08 15:48:44 +03:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2020-06-04 09:42:14 +03:00
|
|
|
ret = sev_launch_start(sev);
|
2018-03-08 15:48:48 +03:00
|
|
|
if (ret) {
|
2020-06-04 07:18:52 +03:00
|
|
|
error_setg(errp, "%s: failed to create encryption context", __func__);
|
2018-03-08 15:48:48 +03:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2018-03-08 15:48:45 +03:00
|
|
|
ram_block_notifier_add(&sev_ram_notifier);
|
2018-03-08 15:48:51 +03:00
|
|
|
qemu_add_machine_init_done_notifier(&sev_machine_done_notify);
|
2020-06-04 09:42:15 +03:00
|
|
|
qemu_add_vm_change_state_handler(sev_vm_state_change, sev);
|
2018-03-08 15:48:45 +03:00
|
|
|
|
2020-10-20 09:01:19 +03:00
|
|
|
cgs->ready = true;
|
|
|
|
|
sev: Remove false abstraction of flash encryption
When AMD's SEV memory encryption is in use, flash memory banks (which are
initialed by pc_system_flash_map()) need to be encrypted with the guest's
key, so that the guest can read them.
That's abstracted via the kvm_memcrypt_encrypt_data() callback in the KVM
state.. except, that it doesn't really abstract much at all.
For starters, the only call site is in code specific to the 'pc'
family of machine types, so it's obviously specific to those and to
x86 to begin with. But it makes a bunch of further assumptions that
need not be true about an arbitrary confidential guest system based on
memory encryption, let alone one based on other mechanisms:
* it assumes that the flash memory is defined to be encrypted with the
guest key, rather than being shared with hypervisor
* it assumes that that hypervisor has some mechanism to encrypt data into
the guest, even though it can't decrypt it out, since that's the whole
point
* the interface assumes that this encrypt can be done in place, which
implies that the hypervisor can write into a confidential guests's
memory, even if what it writes isn't meaningful
So really, this "abstraction" is actually pretty specific to the way SEV
works. So, this patch removes it and instead has the PC flash
initialization code call into a SEV specific callback.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
2021-01-12 03:58:04 +03:00
|
|
|
return 0;
|
2018-03-08 15:48:44 +03:00
|
|
|
err:
|
2020-06-04 09:42:15 +03:00
|
|
|
sev_guest = NULL;
|
2020-06-26 10:22:34 +03:00
|
|
|
ram_block_discard_disable(false);
|
sev: Remove false abstraction of flash encryption
When AMD's SEV memory encryption is in use, flash memory banks (which are
initialed by pc_system_flash_map()) need to be encrypted with the guest's
key, so that the guest can read them.
That's abstracted via the kvm_memcrypt_encrypt_data() callback in the KVM
state.. except, that it doesn't really abstract much at all.
For starters, the only call site is in code specific to the 'pc'
family of machine types, so it's obviously specific to those and to
x86 to begin with. But it makes a bunch of further assumptions that
need not be true about an arbitrary confidential guest system based on
memory encryption, let alone one based on other mechanisms:
* it assumes that the flash memory is defined to be encrypted with the
guest key, rather than being shared with hypervisor
* it assumes that that hypervisor has some mechanism to encrypt data into
the guest, even though it can't decrypt it out, since that's the whole
point
* the interface assumes that this encrypt can be done in place, which
implies that the hypervisor can write into a confidential guests's
memory, even if what it writes isn't meaningful
So really, this "abstraction" is actually pretty specific to the way SEV
works. So, this patch removes it and instead has the PC flash
initialization code call into a SEV specific callback.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
2021-01-12 03:58:04 +03:00
|
|
|
return -1;
|
2018-03-08 15:48:44 +03:00
|
|
|
}
|
|
|
|
|
2018-03-08 15:48:49 +03:00
|
|
|
int
|
sev: Remove false abstraction of flash encryption
When AMD's SEV memory encryption is in use, flash memory banks (which are
initialed by pc_system_flash_map()) need to be encrypted with the guest's
key, so that the guest can read them.
That's abstracted via the kvm_memcrypt_encrypt_data() callback in the KVM
state.. except, that it doesn't really abstract much at all.
For starters, the only call site is in code specific to the 'pc'
family of machine types, so it's obviously specific to those and to
x86 to begin with. But it makes a bunch of further assumptions that
need not be true about an arbitrary confidential guest system based on
memory encryption, let alone one based on other mechanisms:
* it assumes that the flash memory is defined to be encrypted with the
guest key, rather than being shared with hypervisor
* it assumes that that hypervisor has some mechanism to encrypt data into
the guest, even though it can't decrypt it out, since that's the whole
point
* the interface assumes that this encrypt can be done in place, which
implies that the hypervisor can write into a confidential guests's
memory, even if what it writes isn't meaningful
So really, this "abstraction" is actually pretty specific to the way SEV
works. So, this patch removes it and instead has the PC flash
initialization code call into a SEV specific callback.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
2021-01-12 03:58:04 +03:00
|
|
|
sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp)
|
2018-03-08 15:48:49 +03:00
|
|
|
{
|
sev: Remove false abstraction of flash encryption
When AMD's SEV memory encryption is in use, flash memory banks (which are
initialed by pc_system_flash_map()) need to be encrypted with the guest's
key, so that the guest can read them.
That's abstracted via the kvm_memcrypt_encrypt_data() callback in the KVM
state.. except, that it doesn't really abstract much at all.
For starters, the only call site is in code specific to the 'pc'
family of machine types, so it's obviously specific to those and to
x86 to begin with. But it makes a bunch of further assumptions that
need not be true about an arbitrary confidential guest system based on
memory encryption, let alone one based on other mechanisms:
* it assumes that the flash memory is defined to be encrypted with the
guest key, rather than being shared with hypervisor
* it assumes that that hypervisor has some mechanism to encrypt data into
the guest, even though it can't decrypt it out, since that's the whole
point
* the interface assumes that this encrypt can be done in place, which
implies that the hypervisor can write into a confidential guests's
memory, even if what it writes isn't meaningful
So really, this "abstraction" is actually pretty specific to the way SEV
works. So, this patch removes it and instead has the PC flash
initialization code call into a SEV specific callback.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
2021-01-12 03:58:04 +03:00
|
|
|
if (!sev_guest) {
|
|
|
|
return 0;
|
|
|
|
}
|
2018-03-08 15:48:49 +03:00
|
|
|
|
|
|
|
/* if SEV is in update state then encrypt the data else do nothing */
|
sev: Remove false abstraction of flash encryption
When AMD's SEV memory encryption is in use, flash memory banks (which are
initialed by pc_system_flash_map()) need to be encrypted with the guest's
key, so that the guest can read them.
That's abstracted via the kvm_memcrypt_encrypt_data() callback in the KVM
state.. except, that it doesn't really abstract much at all.
For starters, the only call site is in code specific to the 'pc'
family of machine types, so it's obviously specific to those and to
x86 to begin with. But it makes a bunch of further assumptions that
need not be true about an arbitrary confidential guest system based on
memory encryption, let alone one based on other mechanisms:
* it assumes that the flash memory is defined to be encrypted with the
guest key, rather than being shared with hypervisor
* it assumes that that hypervisor has some mechanism to encrypt data into
the guest, even though it can't decrypt it out, since that's the whole
point
* the interface assumes that this encrypt can be done in place, which
implies that the hypervisor can write into a confidential guests's
memory, even if what it writes isn't meaningful
So really, this "abstraction" is actually pretty specific to the way SEV
works. So, this patch removes it and instead has the PC flash
initialization code call into a SEV specific callback.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
2021-01-12 03:58:04 +03:00
|
|
|
if (sev_check_state(sev_guest, SEV_STATE_LAUNCH_UPDATE)) {
|
|
|
|
int ret = sev_launch_update_data(sev_guest, ptr, len);
|
|
|
|
if (ret < 0) {
|
|
|
|
error_setg(errp, "failed to encrypt pflash rom");
|
|
|
|
return ret;
|
|
|
|
}
|
2018-03-08 15:48:49 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2020-10-27 20:03:03 +03:00
|
|
|
int sev_inject_launch_secret(const char *packet_hdr, const char *secret,
|
|
|
|
uint64_t gpa, Error **errp)
|
|
|
|
{
|
|
|
|
struct kvm_sev_launch_secret input;
|
|
|
|
g_autofree guchar *data = NULL, *hdr = NULL;
|
|
|
|
int error, ret = 1;
|
|
|
|
void *hva;
|
|
|
|
gsize hdr_sz = 0, data_sz = 0;
|
|
|
|
MemoryRegion *mr = NULL;
|
|
|
|
|
|
|
|
if (!sev_guest) {
|
|
|
|
error_setg(errp, "SEV: SEV not enabled.");
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* secret can be injected only in this state */
|
|
|
|
if (!sev_check_state(sev_guest, SEV_STATE_LAUNCH_SECRET)) {
|
|
|
|
error_setg(errp, "SEV: Not in correct state. (LSECRET) %x",
|
|
|
|
sev_guest->state);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
hdr = g_base64_decode(packet_hdr, &hdr_sz);
|
|
|
|
if (!hdr || !hdr_sz) {
|
|
|
|
error_setg(errp, "SEV: Failed to decode sequence header");
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
data = g_base64_decode(secret, &data_sz);
|
|
|
|
if (!data || !data_sz) {
|
|
|
|
error_setg(errp, "SEV: Failed to decode data");
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
hva = gpa2hva(&mr, gpa, data_sz, errp);
|
|
|
|
if (!hva) {
|
|
|
|
error_prepend(errp, "SEV: Failed to calculate guest address: ");
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
input.hdr_uaddr = (uint64_t)(unsigned long)hdr;
|
|
|
|
input.hdr_len = hdr_sz;
|
|
|
|
|
|
|
|
input.trans_uaddr = (uint64_t)(unsigned long)data;
|
|
|
|
input.trans_len = data_sz;
|
|
|
|
|
|
|
|
input.guest_uaddr = (uint64_t)(unsigned long)hva;
|
|
|
|
input.guest_len = data_sz;
|
|
|
|
|
|
|
|
trace_kvm_sev_launch_secret(gpa, input.guest_uaddr,
|
|
|
|
input.trans_uaddr, input.trans_len);
|
|
|
|
|
|
|
|
ret = sev_ioctl(sev_guest->sev_fd, KVM_SEV_LAUNCH_SECRET,
|
|
|
|
&input, &error);
|
|
|
|
if (ret) {
|
|
|
|
error_setg(errp, "SEV: failed to inject secret ret=%d fw_error=%d '%s'",
|
|
|
|
ret, error, fw_error_to_str(error));
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2021-02-08 17:04:52 +03:00
|
|
|
static int
|
|
|
|
sev_es_parse_reset_block(SevInfoBlock *info, uint32_t *addr)
|
|
|
|
{
|
|
|
|
if (!info->reset_addr) {
|
|
|
|
error_report("SEV-ES reset address is zero");
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
*addr = info->reset_addr;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
sev_es_find_reset_vector(void *flash_ptr, uint64_t flash_size,
|
|
|
|
uint32_t *addr)
|
|
|
|
{
|
|
|
|
QemuUUID info_guid, *guid;
|
|
|
|
SevInfoBlock *info;
|
|
|
|
uint8_t *data;
|
|
|
|
uint16_t *len;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Initialize the address to zero. An address of zero with a successful
|
|
|
|
* return code indicates that SEV-ES is not active.
|
|
|
|
*/
|
|
|
|
*addr = 0;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Extract the AP reset vector for SEV-ES guests by locating the SEV GUID.
|
|
|
|
* The SEV GUID is located on its own (original implementation) or within
|
|
|
|
* the Firmware GUID Table (new implementation), either of which are
|
|
|
|
* located 32 bytes from the end of the flash.
|
|
|
|
*
|
|
|
|
* Check the Firmware GUID Table first.
|
|
|
|
*/
|
|
|
|
if (pc_system_ovmf_table_find(SEV_INFO_BLOCK_GUID, &data, NULL)) {
|
|
|
|
return sev_es_parse_reset_block((SevInfoBlock *)data, addr);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* SEV info block not found in the Firmware GUID Table (or there isn't
|
|
|
|
* a Firmware GUID Table), fall back to the original implementation.
|
|
|
|
*/
|
|
|
|
data = flash_ptr + flash_size - 0x20;
|
|
|
|
|
|
|
|
qemu_uuid_parse(SEV_INFO_BLOCK_GUID, &info_guid);
|
|
|
|
info_guid = qemu_uuid_bswap(info_guid); /* GUIDs are LE */
|
|
|
|
|
|
|
|
guid = (QemuUUID *)(data - sizeof(info_guid));
|
|
|
|
if (!qemu_uuid_is_equal(guid, &info_guid)) {
|
|
|
|
error_report("SEV information block/Firmware GUID Table block not found in pflash rom");
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
len = (uint16_t *)((uint8_t *)guid - sizeof(*len));
|
|
|
|
info = (SevInfoBlock *)(data - le16_to_cpu(*len));
|
|
|
|
|
|
|
|
return sev_es_parse_reset_block(info, addr);
|
|
|
|
}
|
|
|
|
|
|
|
|
void sev_es_set_reset_vector(CPUState *cpu)
|
|
|
|
{
|
|
|
|
X86CPU *x86;
|
|
|
|
CPUX86State *env;
|
|
|
|
|
|
|
|
/* Only update if we have valid reset information */
|
|
|
|
if (!sev_guest || !sev_guest->reset_data_valid) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Do not update the BSP reset state */
|
|
|
|
if (cpu->cpu_index == 0) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
x86 = X86_CPU(cpu);
|
|
|
|
env = &x86->env;
|
|
|
|
|
|
|
|
cpu_x86_load_seg_cache(env, R_CS, 0xf000, sev_guest->reset_cs, 0xffff,
|
|
|
|
DESC_P_MASK | DESC_S_MASK | DESC_CS_MASK |
|
|
|
|
DESC_R_MASK | DESC_A_MASK);
|
|
|
|
|
|
|
|
env->eip = sev_guest->reset_ip;
|
|
|
|
}
|
|
|
|
|
|
|
|
int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size)
|
|
|
|
{
|
|
|
|
CPUState *cpu;
|
|
|
|
uint32_t addr;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (!sev_es_enabled()) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
addr = 0;
|
|
|
|
ret = sev_es_find_reset_vector(flash_ptr, flash_size,
|
|
|
|
&addr);
|
|
|
|
if (ret) {
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (addr) {
|
|
|
|
sev_guest->reset_cs = addr & 0xffff0000;
|
|
|
|
sev_guest->reset_ip = addr & 0x0000ffff;
|
|
|
|
sev_guest->reset_data_valid = true;
|
|
|
|
|
|
|
|
CPU_FOREACH(cpu) {
|
|
|
|
sev_es_set_reset_vector(cpu);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2018-03-08 15:48:41 +03:00
|
|
|
static void
|
|
|
|
sev_register_types(void)
|
|
|
|
{
|
2020-06-04 09:42:13 +03:00
|
|
|
type_register_static(&sev_guest_info);
|
2018-03-08 15:48:41 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
type_init(sev_register_types);
|