From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Pankaj Gupta <pankaj.gupta@amd.com>
Cc: qemu-devel@nongnu.org, brijesh.singh@amd.com,
dovmurik@linux.ibm.com, armbru@redhat.com, michael.roth@amd.com,
xiaoyao.li@intel.com, pbonzini@redhat.com,
thomas.lendacky@amd.com, isaku.yamahata@intel.com,
kvm@vger.kernel.org, anisinha@redhat.com
Subject: Re: [PATCH v4 07/31] i386/sev: Introduce 'sev-snp-guest' object
Date: Mon, 3 Jun 2024 13:02:48 +0100 [thread overview]
Message-ID: <Zl2w6KktLnFxq83Y@redhat.com> (raw)
In-Reply-To: <20240530111643.1091816-8-pankaj.gupta@amd.com>
On Thu, May 30, 2024 at 06:16:19AM -0500, Pankaj Gupta wrote:
> +# @policy: the 'POLICY' parameter to the SNP_LAUNCH_START command, as
> +# defined in the SEV-SNP firmware ABI (default: 0x30000)
> +#
> +# @guest-visible-workarounds: 16-byte, base64-encoded blob to report
> +# hypervisor-defined workarounds, corresponding to the 'GOSVW'
> +# parameter of the SNP_LAUNCH_START command defined in the SEV-SNP
> +# firmware ABI (default: all-zero)
> +#
> +# @id-block: 96-byte, base64-encoded blob to provide the 'ID Block'
> +# structure for the SNP_LAUNCH_FINISH command defined in the
> +# SEV-SNP firmware ABI (default: all-zero)
> +#
> +# @id-auth: 4096-byte, base64-encoded blob to provide the 'ID
> +# Authentication Information Structure' for the SNP_LAUNCH_FINISH
> +# command defined in the SEV-SNP firmware ABI (default: all-zero)
> +#
> +# @auth-key-enabled: true if 'id-auth' blob contains the 'AUTHOR_KEY'
> +# field defined SEV-SNP firmware ABI (default: false)
In 'id-auth', 'auth' is short for 'authentication'
In 'auth-key-enabled', 'auth' is short for 'author'.
Shortening 'authentication' is a compelling win. Shorting 'author'
is not much of a win.
So to make it less ambiguous, how about '@author-key-enabled' for
the field ?
> +#
> +# @host-data: 32-byte, base64-encoded, user-defined blob to provide to
> +# the guest, as documented for the 'HOST_DATA' parameter of the
> +# SNP_LAUNCH_FINISH command in the SEV-SNP firmware ABI (default:
> +# all-zero)
> +#
> +# @vcek-disabled: Guests are by default allowed to choose between VLEK
> +# (Versioned Loaded Endorsement Key) or VCEK (Versioned Chip
> +# Endorsement Key) when requesting attestation reports from
> +# firmware. Set this to true to disable the use of VCEK.
> +# (default: false) (since: 9.1)
> +#
> +# Since: 9.1
> +##
> +{ 'struct': 'SevSnpGuestProperties',
> + 'base': 'SevCommonProperties',
> + 'data': {
> + '*policy': 'uint64',
> + '*guest-visible-workarounds': 'str',
> + '*id-block': 'str',
> + '*id-auth': 'str',
> + '*auth-key-enabled': 'bool',
> + '*host-data': 'str',
> + '*vcek-disabled': 'bool' } }
>
> ##
> # @ThreadContextProperties:
> @@ -1007,6 +1062,7 @@
> { 'name': 'secret_keyring',
> 'if': 'CONFIG_SECRET_KEYRING' },
> 'sev-guest',
> + 'sev-snp-guest',
> 'thread-context',
> 's390-pv-guest',
> 'throttle-group',
> @@ -1077,6 +1133,7 @@
> 'secret_keyring': { 'type': 'SecretKeyringProperties',
> 'if': 'CONFIG_SECRET_KEYRING' },
> 'sev-guest': 'SevGuestProperties',
> + 'sev-snp-guest': 'SevSnpGuestProperties',
> 'thread-context': 'ThreadContextProperties',
> 'throttle-group': 'ThrottleGroupProperties',
> 'tls-creds-anon': 'TlsCredsAnonProperties',
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index c141f4fed4..841b45f59b 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -42,6 +42,7 @@
>
> OBJECT_DECLARE_TYPE(SevCommonState, SevCommonStateClass, SEV_COMMON)
> OBJECT_DECLARE_TYPE(SevGuestState, SevGuestStateClass, SEV_GUEST)
> +OBJECT_DECLARE_TYPE(SevSnpGuestState, SevSnpGuestStateClass, SEV_SNP_GUEST)
>
> struct SevCommonState {
> X86ConfidentialGuest parent_obj;
> @@ -100,8 +101,26 @@ struct SevGuestStateClass {
> SevCommonStateClass parent_class;
> };
>
> +struct SevSnpGuestState {
> + SevCommonState parent_obj;
> +
> + /* configuration parameters */
> + char *guest_visible_workarounds;
> + char *id_block;
> + char *id_auth;
> + char *host_data;
> +
> + struct kvm_sev_snp_launch_start kvm_start_conf;
> + struct kvm_sev_snp_launch_finish kvm_finish_conf;
> +};
> +
> +struct SevSnpGuestStateClass {
> + SevCommonStateClass parent_class;
> +};
> +
> #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */
> #define DEFAULT_SEV_DEVICE "/dev/sev"
> +#define DEFAULT_SEV_SNP_POLICY 0x30000
>
> #define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e"
> typedef struct __attribute__((__packed__)) SevInfoBlock {
> @@ -1505,11 +1524,249 @@ static const TypeInfo sev_guest_info = {
> .class_init = sev_guest_class_init,
> };
>
> +static void
> +sev_snp_guest_get_policy(Object *obj, Visitor *v, const char *name,
> + void *opaque, Error **errp)
> +{
> + visit_type_uint64(v, name,
> + (uint64_t *)&SEV_SNP_GUEST(obj)->kvm_start_conf.policy,
> + errp);
> +}
> +
> +static void
> +sev_snp_guest_set_policy(Object *obj, Visitor *v, const char *name,
> + void *opaque, Error **errp)
> +{
> + visit_type_uint64(v, name,
> + (uint64_t *)&SEV_SNP_GUEST(obj)->kvm_start_conf.policy,
> + errp);
> +}
> +
> +static char *
> +sev_snp_guest_get_guest_visible_workarounds(Object *obj, Error **errp)
> +{
> + return g_strdup(SEV_SNP_GUEST(obj)->guest_visible_workarounds);
> +}
> +
> +static void
> +sev_snp_guest_set_guest_visible_workarounds(Object *obj, const char *value,
> + Error **errp)
> +{
> + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj);
> + struct kvm_sev_snp_launch_start *start = &sev_snp_guest->kvm_start_conf;
> + g_autofree guchar *blob;
> + gsize len;
> +
> + g_free(sev_snp_guest->guest_visible_workarounds);
> +
> + /* store the base64 str so we don't need to re-encode in getter */
> + sev_snp_guest->guest_visible_workarounds = g_strdup(value);
> +
> + blob = qbase64_decode(sev_snp_guest->guest_visible_workarounds,
> + -1, &len, errp);
> + if (!blob) {
> + return;
> + }
> +
> + if (len != sizeof(start->gosvw)) {
> + error_setg(errp, "parameter length of %lu exceeds max of %lu",
> + len, sizeof(start->gosvw));
> + return;
> + }
> +
> + memcpy(start->gosvw, blob, len);
> +}
> +
> +static char *
> +sev_snp_guest_get_id_block(Object *obj, Error **errp)
> +{
> + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj);
> +
> + return g_strdup(sev_snp_guest->id_block);
> +}
> +
> +static void
> +sev_snp_guest_set_id_block(Object *obj, const char *value, Error **errp)
> +{
> + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj);
> + struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf;
> + gsize len;
> +
> + g_free(sev_snp_guest->id_block);
> + g_free((guchar *)finish->id_block_uaddr);
> +
> + /* store the base64 str so we don't need to re-encode in getter */
> + sev_snp_guest->id_block = g_strdup(value);
> +
> + finish->id_block_uaddr =
> + (uint64_t)qbase64_decode(sev_snp_guest->id_block, -1, &len, errp);
> +
> + if (!finish->id_block_uaddr) {
> + return;
> + }
> +
> + if (len != KVM_SEV_SNP_ID_BLOCK_SIZE) {
> + error_setg(errp, "parameter length of %lu not equal to %u",
> + len, KVM_SEV_SNP_ID_BLOCK_SIZE);
> + return;
> + }
> +
> + finish->id_block_en = (len) ? 1 : 0;
> +}
> +
> +static char *
> +sev_snp_guest_get_id_auth(Object *obj, Error **errp)
> +{
> + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj);
> +
> + return g_strdup(sev_snp_guest->id_auth);
> +}
> +
> +static void
> +sev_snp_guest_set_id_auth(Object *obj, const char *value, Error **errp)
> +{
> + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj);
> + struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf;
> + gsize len;
> +
> + g_free(sev_snp_guest->id_auth);
> + g_free((guchar *)finish->id_auth_uaddr);
> +
> + /* store the base64 str so we don't need to re-encode in getter */
> + sev_snp_guest->id_auth = g_strdup(value);
> +
> + finish->id_auth_uaddr =
> + (uint64_t)qbase64_decode(sev_snp_guest->id_auth, -1, &len, errp);
> +
> + if (!finish->id_auth_uaddr) {
> + return;
> + }
> +
> + if (len > KVM_SEV_SNP_ID_AUTH_SIZE) {
> + error_setg(errp, "parameter length:ID_AUTH %lu exceeds max of %u",
> + len, KVM_SEV_SNP_ID_AUTH_SIZE);
> + return;
> + }
> +}
> +
> +static bool
> +sev_snp_guest_get_auth_key_en(Object *obj, Error **errp)
> +{
> + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj);
> +
> + return !!sev_snp_guest->kvm_finish_conf.auth_key_en;
> +}
> +
> +static void
> +sev_snp_guest_set_auth_key_en(Object *obj, bool value, Error **errp)
> +{
> + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj);
> +
> + sev_snp_guest->kvm_finish_conf.auth_key_en = value;
> +}
> +
> +static bool
> +sev_snp_guest_get_vcek_disabled(Object *obj, Error **errp)
> +{
> + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj);
> +
> + return !!sev_snp_guest->kvm_finish_conf.vcek_disabled;
> +}
> +
> +static void
> +sev_snp_guest_set_vcek_disabled(Object *obj, bool value, Error **errp)
> +{
> + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj);
> +
> + sev_snp_guest->kvm_finish_conf.vcek_disabled = value;
> +}
> +
> +static char *
> +sev_snp_guest_get_host_data(Object *obj, Error **errp)
> +{
> + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj);
> +
> + return g_strdup(sev_snp_guest->host_data);
> +}
> +
> +static void
> +sev_snp_guest_set_host_data(Object *obj, const char *value, Error **errp)
> +{
> + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj);
> + struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf;
> + g_autofree guchar *blob;
> + gsize len;
> +
> + g_free(sev_snp_guest->host_data);
> +
> + /* store the base64 str so we don't need to re-encode in getter */
> + sev_snp_guest->host_data = g_strdup(value);
> +
> + blob = qbase64_decode(sev_snp_guest->host_data, -1, &len, errp);
> +
> + if (!blob) {
> + return;
> + }
> +
> + if (len != sizeof(finish->host_data)) {
> + error_setg(errp, "parameter length of %lu not equal to %lu",
> + len, sizeof(finish->host_data));
> + return;
> + }
> +
> + memcpy(finish->host_data, blob, len);
> +}
> +
> +static void
> +sev_snp_guest_class_init(ObjectClass *oc, void *data)
> +{
> + object_class_property_add(oc, "policy", "uint64",
> + sev_snp_guest_get_policy,
> + sev_snp_guest_set_policy, NULL, NULL);
> + object_class_property_add_str(oc, "guest-visible-workarounds",
> + sev_snp_guest_get_guest_visible_workarounds,
> + sev_snp_guest_set_guest_visible_workarounds);
> + object_class_property_add_str(oc, "id-block",
> + sev_snp_guest_get_id_block,
> + sev_snp_guest_set_id_block);
> + object_class_property_add_str(oc, "id-auth",
> + sev_snp_guest_get_id_auth,
> + sev_snp_guest_set_id_auth);
> + object_class_property_add_bool(oc, "auth-key-enabled",
> + sev_snp_guest_get_auth_key_en,
> + sev_snp_guest_set_auth_key_en);
> + object_class_property_add_bool(oc, "vcek-required",
> + sev_snp_guest_get_vcek_disabled,
> + sev_snp_guest_set_vcek_disabled);
> + object_class_property_add_str(oc, "host-data",
> + sev_snp_guest_get_host_data,
> + sev_snp_guest_set_host_data);
> +}
> +
> +static void
> +sev_snp_guest_instance_init(Object *obj)
> +{
> + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj);
> +
> + /* default init/start/finish params for kvm */
> + sev_snp_guest->kvm_start_conf.policy = DEFAULT_SEV_SNP_POLICY;
> +}
> +
> +/* guest info specific to sev-snp */
> +static const TypeInfo sev_snp_guest_info = {
> + .parent = TYPE_SEV_COMMON,
> + .name = TYPE_SEV_SNP_GUEST,
> + .instance_size = sizeof(SevSnpGuestState),
> + .class_init = sev_snp_guest_class_init,
> + .instance_init = sev_snp_guest_instance_init,
> +};
> +
> static void
> sev_register_types(void)
> {
> type_register_static(&sev_common_info);
> type_register_static(&sev_guest_info);
> + type_register_static(&sev_snp_guest_info);
> }
>
> type_init(sev_register_types);
> diff --git a/target/i386/sev.h b/target/i386/sev.h
> index 668374eef3..bedc667eeb 100644
> --- a/target/i386/sev.h
> +++ b/target/i386/sev.h
> @@ -22,6 +22,7 @@
>
> #define TYPE_SEV_COMMON "sev-common"
> #define TYPE_SEV_GUEST "sev-guest"
> +#define TYPE_SEV_SNP_GUEST "sev-snp-guest"
>
> #define SEV_POLICY_NODBG 0x1
> #define SEV_POLICY_NOKS 0x2
> --
> 2.34.1
>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2024-06-03 12:04 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-30 11:16 [PATCH v4 00/31] Add AMD Secure Nested Paging (SEV-SNP) support Pankaj Gupta
2024-05-30 11:16 ` [PATCH v4 01/31] i386/sev: Replace error_report with error_setg Pankaj Gupta
2024-06-03 11:57 ` Daniel P. Berrangé
2024-05-30 11:16 ` [PATCH v4 02/31] linux-headers: Update to current kvm/next Pankaj Gupta
2024-05-31 14:38 ` Liam Merwick via
2024-05-31 15:37 ` Paolo Bonzini
2024-05-30 11:16 ` [PATCH v4 03/31] memory: Introduce memory_region_init_ram_guest_memfd() Pankaj Gupta
2024-05-30 11:16 ` [PATCH v4 04/31] i386/sev: Introduce "sev-common" type to encapsulate common SEV state Pankaj Gupta
2024-05-31 11:03 ` Paolo Bonzini
2024-05-30 11:16 ` [PATCH v4 05/31] i386/sev: Move sev_launch_update to separate class method Pankaj Gupta
2024-05-30 11:16 ` [PATCH v4 06/31] i386/sev: Move sev_launch_finish " Pankaj Gupta
2024-05-30 11:16 ` [PATCH v4 07/31] i386/sev: Introduce 'sev-snp-guest' object Pankaj Gupta
2024-05-31 11:06 ` Paolo Bonzini
2024-06-03 12:02 ` Daniel P. Berrangé [this message]
2024-06-03 17:48 ` Paolo Bonzini
2024-05-30 11:16 ` [PATCH v4 08/31] i386/sev: Add a sev_snp_enabled() helper Pankaj Gupta
2024-05-30 11:16 ` [PATCH v4 09/31] i386/sev: Add sev_kvm_init() override for SEV class Pankaj Gupta
2024-05-31 11:06 ` Paolo Bonzini
2024-05-30 11:16 ` [PATCH v4 10/31] i386/sev: Add snp_kvm_init() override for SNP class Pankaj Gupta
2024-05-31 11:07 ` Paolo Bonzini
2024-05-30 11:16 ` [PATCH v4 11/31] i386/cpu: Set SEV-SNP CPUID bit when SNP enabled Pankaj Gupta
2024-05-30 11:16 ` [PATCH v4 12/31] i386/sev: Don't return launch measurements for SEV-SNP guests Pankaj Gupta
2024-05-30 11:16 ` [PATCH v4 13/31] i386/sev: Add a class method to determine KVM VM type for SNP guests Pankaj Gupta
2024-05-30 11:16 ` [PATCH v4 14/31] i386/sev: Update query-sev QAPI format to handle SEV-SNP Pankaj Gupta
2024-05-30 11:16 ` [PATCH v4 15/31] i386/sev: Add the SNP launch start context Pankaj Gupta
2024-05-30 11:16 ` [PATCH v4 16/31] i386/sev: Add handling to encrypt/finalize guest launch data Pankaj Gupta
2024-05-30 11:16 ` [PATCH v4 17/31] i386/sev: Set CPU state to protected once SNP guest payload is finalized Pankaj Gupta
2024-05-30 11:16 ` [PATCH v4 18/31] hw/i386/sev: Add function to get SEV metadata from OVMF header Pankaj Gupta
2024-05-31 15:19 ` Liam Merwick via
2024-05-31 15:19 ` Liam Merwick
2024-05-31 15:41 ` Paolo Bonzini
2024-05-31 16:41 ` Liam Merwick via
2024-05-31 16:41 ` Liam Merwick
2024-05-30 11:16 ` [PATCH v4 19/31] i386/sev: Add support for populating OVMF metadata pages Pankaj Gupta
2024-05-30 11:16 ` [PATCH v4 20/31] i386/sev: Add support for SNP CPUID validation Pankaj Gupta
2024-07-02 3:07 ` Xiaoyao Li
2024-07-04 0:34 ` Michael Roth
2024-07-04 4:09 ` Xiaoyao Li
2024-07-04 5:31 ` Paolo Bonzini
2024-05-30 11:16 ` [PATCH v4 21/31] i386/sev: Extract build_kernel_loader_hashes Pankaj Gupta
2024-05-30 11:16 ` [PATCH v4 22/31] i386/sev: Reorder struct declarations Pankaj Gupta
2024-05-31 11:12 ` Paolo Bonzini
2024-05-30 11:16 ` [PATCH v4 23/31] i386/sev: Allow measured direct kernel boot on SNP Pankaj Gupta
2024-05-31 11:14 ` Paolo Bonzini
2024-05-30 11:16 ` [PATCH v4 24/31] hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled Pankaj Gupta
2024-05-30 11:16 ` [PATCH v4 25/31] i386/sev: Invoke launch_updata_data() for SEV class Pankaj Gupta
2024-05-31 11:10 ` Paolo Bonzini
2024-05-30 11:16 ` [PATCH v4 26/31] i386/sev: Invoke launch_updata_data() for SNP class Pankaj Gupta
2024-05-30 11:16 ` [PATCH v4 27/31] hw/i386/sev: Use guest_memfd for legacy ROMs Pankaj Gupta
2024-05-31 11:27 ` Paolo Bonzini
2024-06-14 8:58 ` Xiaoyao Li
2024-06-14 10:02 ` Gupta, Pankaj
2024-05-30 11:16 ` [PATCH v4 28/31] hw/i386: Add support for loading BIOS using guest_memfd Pankaj Gupta
2024-05-31 11:22 ` Paolo Bonzini
2024-06-14 8:34 ` Xiaoyao Li
2024-06-14 8:48 ` Gupta, Pankaj
2024-06-14 9:03 ` Xiaoyao Li
2024-05-30 11:16 ` [PATCH v4 29/31] hw/i386/sev: Allow use of pflash in conjunction with -bios Pankaj Gupta
2024-05-31 12:33 ` Paolo Bonzini
2024-06-03 11:55 ` Daniel P. Berrangé
2024-06-03 13:38 ` Paolo Bonzini
2024-06-04 9:03 ` Hoffmann, Gerd
2024-06-03 14:27 ` Michael Roth via
2024-06-03 14:27 ` Michael Roth
2024-06-03 14:31 ` Paolo Bonzini
2024-06-03 16:31 ` Michael Roth
2024-05-30 11:16 ` [PATCH v4 30/31] i386/kvm: Add KVM_EXIT_HYPERCALL handling for KVM_HC_MAP_GPA_RANGE Pankaj Gupta
2024-07-04 8:53 ` Binbin Wu
2024-05-30 11:16 ` [PATCH v4 31/31] i386/sev: Enable KVM_HC_MAP_GPA_RANGE hcall for SNP guests Pankaj Gupta
2024-05-31 11:20 ` [PATCH v4 00/31] Add AMD Secure Nested Paging (SEV-SNP) support Paolo Bonzini
2024-05-31 17:34 ` Paolo Bonzini
2024-05-31 17:40 ` Gupta, Pankaj
2024-05-31 17:53 ` Paolo Bonzini
2024-06-01 4:57 ` Gupta, Pankaj
2024-06-03 14:15 ` Michael Roth
2024-06-03 14:22 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zl2w6KktLnFxq83Y@redhat.com \
--to=berrange@redhat.com \
--cc=anisinha@redhat.com \
--cc=armbru@redhat.com \
--cc=brijesh.singh@amd.com \
--cc=dovmurik@linux.ibm.com \
--cc=isaku.yamahata@intel.com \
--cc=kvm@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=pankaj.gupta@amd.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=thomas.lendacky@amd.com \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.