From: Markus Armbruster <armbru@redhat.com>
To: Jean-Philippe Brucker <jean-philippe@linaro.org>
Cc: peter.maydell@linaro.org, richard.henderson@linaro.org,
philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org,
qemu-devel@nongnu.org, qemu-arm@nongnu.org,
"Eric Blake" <eblake@redhat.com>,
"Daniel P . Berrangé" <berrange@redhat.com>,
"Eduardo Habkost" <eduardo@habkost.net>
Subject: Re: [PATCH v2 15/22] target/arm/kvm-rme: Add measurement algorithm property
Date: Tue, 23 Apr 2024 14:23:55 +0200 [thread overview]
Message-ID: <87o7a0b738.fsf@pond.sub.org> (raw)
In-Reply-To: <20240419155709.318866-17-jean-philippe@linaro.org> (Jean-Philippe Brucker's message of "Fri, 19 Apr 2024 16:57:03 +0100")
Jean-Philippe Brucker <jean-philippe@linaro.org> writes:
> This option selects which measurement algorithm to use for attestation.
> Supported values are SHA256 and SHA512. Default to SHA512 arbitrarily.
>
> SHA512 is generally faster on 64-bit architectures. On a few arm64 CPUs
> I tested SHA256 is much faster, but that's most likely because they only
> support acceleration via FEAT_SHA256 (Armv8.0) and not FEAT_SHA512
> (Armv8.2). Future CPUs supporting RME are likely to also support
> FEAT_SHA512.
>
> Cc: Eric Blake <eblake@redhat.com>
> Cc: Markus Armbruster <armbru@redhat.com>
> Cc: Daniel P. Berrangé <berrange@redhat.com>
> Cc: Eduardo Habkost <eduardo@habkost.net>
> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
> ---
> v1->v2: use enum, pick default
> ---
> qapi/qom.json | 18 +++++++++++++++++-
> target/arm/kvm-rme.c | 39 ++++++++++++++++++++++++++++++++++++++-
> 2 files changed, 55 insertions(+), 2 deletions(-)
>
> diff --git a/qapi/qom.json b/qapi/qom.json
> index 91654aa267..84dce666b2 100644
> --- a/qapi/qom.json
> +++ b/qapi/qom.json
> @@ -931,18 +931,34 @@
> 'data': { '*cpu-affinity': ['uint16'],
> '*node-affinity': ['uint16'] } }
>
> +##
> +# @RmeGuestMeasurementAlgo:
> +#
> +# @sha256: Use the SHA256 algorithm
Let's have a blank line here.
> +# @sha512: Use the SHA512 algorithm
> +#
> +# Algorithm to use for realm measurements
> +#
> +# Since: FIXME
9.1
> +##
> +{ 'enum': 'RmeGuestMeasurementAlgo',
> + 'data': ['sha256', 'sha512'] }
> +
> ##
> # @RmeGuestProperties:
> #
> # Properties for rme-guest objects.
> #
> +# @measurement-algo: Realm measurement algorithm (default: sha512)
> +#
We tend to avoid abbreviations in QMP: @measurement-algorithm.
May want to rename the type to RmeGuestMeasurementAlgorithm for
consistency.
> # @personalization-value: Realm personalization value, as a 64-byte hex string
> # (default: 0)
> #
> # Since: FIXME
> ##
> { 'struct': 'RmeGuestProperties',
> - 'data': { '*personalization-value': 'str' } }
> + 'data': { '*personalization-value': 'str',
> + '*measurement-algo': 'RmeGuestMeasurementAlgo' } }
>
> ##
> # @ObjectType:
With these issues addressed, QAPI schema
Acked-by: Markus Armbruster <armbru@redhat.com>
[...]
next prev parent reply other threads:[~2024-04-23 12:24 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-19 15:56 [PATCH v2 00/22] arm: Run CCA VMs with KVM Jean-Philippe Brucker
2024-04-19 15:56 ` [PATCH v2 01/22] kvm: Merge kvm_check_extension() and kvm_vm_check_extension() Jean-Philippe Brucker
2024-04-19 15:56 ` [PATCH v2 02/22] target/arm: Add confidential guest support Jean-Philippe Brucker
2024-04-19 16:25 ` Daniel P. Berrangé
2024-04-23 9:44 ` Jean-Philippe Brucker
2024-04-23 9:49 ` Daniel P. Berrangé
2024-04-23 12:15 ` Markus Armbruster
2024-04-19 15:56 ` [PATCH v2 03/22] target/arm/kvm: Return immediately on error in kvm_arch_init() Jean-Philippe Brucker
2024-04-19 15:56 ` [PATCH v2 04/22] target/arm/kvm-rme: Initialize realm Jean-Philippe Brucker
2024-04-19 15:56 ` [PATCH v2 05/22] hw/arm/virt: Add support for Arm RME Jean-Philippe Brucker
2024-04-19 15:56 ` [PATCH v2 06/22] hw/arm/virt: Disable DTB randomness for confidential VMs Jean-Philippe Brucker
2024-04-19 15:56 ` [PATCH v2 07/22] hw/arm/virt: Reserve one bit of guest-physical address for RME Jean-Philippe Brucker
2024-04-19 15:56 ` [PATCH v2 08/22] target/arm/kvm: Split kvm_arch_get/put_registers Jean-Philippe Brucker
2024-04-19 15:56 ` [PATCH v2 09/22] target/arm/kvm-rme: Initialize vCPU Jean-Philippe Brucker
2024-04-19 15:56 ` [PATCH v2 10/22] target/arm/kvm: Create scratch VM as Realm if necessary Jean-Philippe Brucker
2024-04-19 15:56 ` [PATCH v2 11/22] hw/core/loader: Add ROM loader notifier Jean-Philippe Brucker
2024-04-19 15:57 ` [PATCH v2 12/22] target/arm/kvm-rme: Populate Realm memory Jean-Philippe Brucker
2024-04-19 15:57 ` [PATCH v2 13/22] hw/arm/boot: Register Linux BSS section for confidential guests Jean-Philippe Brucker
2024-04-19 15:57 ` [PATCH v2 14/22] target/arm/kvm-rme: Add Realm Personalization Value parameter Jean-Philippe Brucker
2024-04-23 12:17 ` Markus Armbruster
2024-04-23 12:20 ` Peter Maydell
2024-04-23 12:30 ` Daniel P. Berrangé
2024-04-23 12:35 ` Markus Armbruster
2024-04-19 15:57 ` [PATCH v2 15/22] target/arm/kvm-rme: Add measurement algorithm property Jean-Philippe Brucker
2024-04-23 12:23 ` Markus Armbruster [this message]
2024-04-19 15:57 ` [PATCH v2 16/22] target/arm/cpu: Set number of breakpoints and watchpoints in KVM Jean-Philippe Brucker
2024-04-19 15:57 ` [PATCH v2 17/22] target/arm/cpu: Set number of PMU counters " Jean-Philippe Brucker
2024-04-19 15:57 ` [PATCH v2 18/22] target/arm/kvm: Disable Realm reboot Jean-Philippe Brucker
2024-04-19 15:57 ` [PATCH v2 19/22] target/arm/cpu: Inform about reading confidential CPU registers Jean-Philippe Brucker
2024-04-19 15:57 ` [PATCH v2 20/22] target/arm/kvm-rme: Enable guest memfd Jean-Philippe Brucker
2024-04-19 15:57 ` [PATCH v2 21/22] hw/arm/virt: Move virt_flash_create() to machvirt_init() Jean-Philippe Brucker
2024-04-19 15:57 ` [PATCH v2 22/22] hw/arm/virt: Use RAM instead of flash for confidential guest firmware Jean-Philippe Brucker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87o7a0b738.fsf@pond.sub.org \
--to=armbru@redhat.com \
--cc=alex.bennee@linaro.org \
--cc=berrange@redhat.com \
--cc=eblake@redhat.com \
--cc=eduardo@habkost.net \
--cc=jean-philippe@linaro.org \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.