From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:60361)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1bnA1t-0001Dr-Gf
	for qemu-devel@nongnu.org; Thu, 22 Sep 2016 15:51:34 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1bnA1p-0005Rq-EZ
	for qemu-devel@nongnu.org; Thu, 22 Sep 2016 15:51:33 -0400
Received: from mx1.redhat.com ([209.132.183.28]:50794)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1bnA1p-0005RO-8Z
	for qemu-devel@nongnu.org; Thu, 22 Sep 2016 15:51:29 -0400
Date: Thu, 22 Sep 2016 22:51:26 +0300
From: "Michael S. Tsirkin" <mst@redhat.com>
Message-ID: <20160922223921-mutt-send-email-mst@kernel.org>
References: <147455590865.8519.11191009507297313736.stgit@brijesh-build-machine>
	<147455596937.8519.6403549430047219068.stgit@brijesh-build-machine>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <147455596937.8519.6403549430047219068.stgit@brijesh-build-machine>
Subject: Re: [Qemu-devel] [RFC PATCH v2 06/16] sev: add Secure Encrypted
 Virtulization (SEV) support
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Brijesh Singh <brijesh.singh@amd.com>
Cc: ehabkost@redhat.com, crosthwaite.peter@gmail.com, armbru@redhat.com, p.fedin@samsung.com, qemu-devel@nongnu.org, lcapitulino@redhat.com, pbonzini@redhat.com, rth@twiddle.net

On Thu, Sep 22, 2016 at 10:52:49AM -0400, Brijesh Singh wrote:
>  # $QEMU \
>     -object sev-receive-info,id=launch0,flags.ks=off \
>     -object sev-guest-info,id=sev0,launch=launch0 \
>     -object security-policy,id=secure0,memory-encryption=sev0 \
>     -machine ....,security-policy=secure0

Looks like most of info in a sev object is actually quite generic.
Let's give it readable generic names please, it will be easier to
review then. For example sev-guest-info -> memory-encryption-guest-info,
etc.

+Bit 0 (debug) - Debugging of the guest is disallowed when set
+Bit 1 (ks) - Sharing keys with other guests is disallowed when set
+Bit 2 (reserved) - must be set to 1
+Bit 3 (nosend) - Sending the guest to another platform is disallowed when set
+Bit 4 (domain) - The guest must not be transmitted to another platform that is not in the domain when set
+Bit 5 (sev) - The guest must not be transmitted to another platform that is not SEV capable when set.
+Bit 15:6 (reserved)
+Bit 16:24 (fw_major) - The guest must not be transmitted to another platform that is not SEV capable when set.
+Bit 25:31 (fw_minor) - The guest must not be transmitted to another platform that is not SEV capable when set.

So e.g. ks -> key-sharing=off. Etc.

And please include documentation about what does each of these things
actually do, so we can discuss whether we even need all of these knobs.

For example: key-sharing=off - will this mean that starting two VMs with
same key on same host fails?
But is it ever useful to do allow key sharing?
Etc.

-- 
MST