From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Roy Hopkins <roy.hopkins@suse.com>
Cc: qemu-devel@nongnu.org, "Paolo Bonzini" <pbonzini@redhat.com>,
"Stefano Garzarella" <sgarzare@redhat.com>,
"Marcelo Tosatti" <mtosatti@redhat.com>,
"Michael S . Tsirkin" <mst@redhat.com>,
"Cornelia Huck" <cohuck@redhat.com>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Sergio Lopez" <slp@redhat.com>,
"Eduardo Habkost" <eduardo@habkost.net>,
"Alistair Francis" <alistair@alistair23.me>,
"Peter Xu" <peterx@redhat.com>,
"David Hildenbrand" <david@redhat.com>,
"Igor Mammedov" <imammedo@redhat.com>,
"Tom Lendacky" <thomas.lendacky@amd.com>,
"Michael Roth" <michael.roth@amd.com>,
"Ani Sinha" <anisinha@redhat.com>,
"Jörg Roedel" <jroedel@suse.com>
Subject: Re: [PATCH v3 13/15] backends/igvm: Handle policy for SEV guests
Date: Mon, 24 Jun 2024 15:56:30 +0100 [thread overview]
Message-ID: <ZnmJHgslZYmA12S-@redhat.com> (raw)
In-Reply-To: <96b230d5a47e3dbb357a09b27c0f5cb0ce2dec09.1718979106.git.roy.hopkins@suse.com>
On Fri, Jun 21, 2024 at 03:29:16PM +0100, Roy Hopkins wrote:
> Adds a handler for the guest policy initialization IGVM section and
> builds an SEV policy based on this information and the ID block
> directive if present. The policy is applied using by calling
> 'set_guest_policy()' on the ConfidentialGuestSupport object.
>
> Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
> ---
> backends/igvm.c | 136 ++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 136 insertions(+)
>
> diff --git a/backends/igvm.c b/backends/igvm.c
> index b6b7d30a3f..bb8038f9e9 100644
> --- a/backends/igvm.c
> +++ b/backends/igvm.c
> @@ -28,6 +28,33 @@ typedef struct IgvmParameterData {
> uint32_t index;
> } IgvmParameterData;
>
> +/*
> + * Some directives are specific to particular confidential computing platforms.
> + * Define required types for each of those platforms here.
> + */
> +
> +/* SEV/SEV-ES/SEV-SNP */
> +struct QEMU_PACKED sev_id_block {
> + uint8_t ld[48];
> + uint8_t family_id[16];
> + uint8_t image_id[16];
> + uint32_t version;
> + uint32_t guest_svn;
> + uint64_t policy;
> +};
> +
> +struct QEMU_PACKED sev_id_authentication {
> + uint32_t id_key_alg;
> + uint32_t auth_key_algo;
> + uint8_t reserved[56];
> + uint8_t id_block_sig[512];
> + uint8_t id_key[1028];
> + uint8_t reserved2[60];
> + uint8_t id_key_sig[512];
> + uint8_t author_key[1028];
> + uint8_t reserved3[892];
> +};
> +
> /*
> * QemuIgvm contains the information required during processing
> * of a single IGVM file.
> @@ -39,6 +66,17 @@ typedef struct QemuIgvm {
> uint32_t compatibility_mask;
> unsigned current_header_index;
> QTAILQ_HEAD(, IgvmParameterData) parameter_data;
> + IgvmPlatformType platform_type;
> +
> + /*
> + * SEV-SNP platforms can contain an ID block and authentication
> + * that should be verified by the guest.
> + */
> + struct sev_id_block *id_block;
> + struct sev_id_authentication *id_auth;
> +
> + /* Define the guest policy for SEV guests */
> + uint64_t sev_policy;
>
> /* These variables keep track of contiguous page regions */
> IGVM_VHS_PAGE_DATA region_prev_page_data;
> @@ -64,6 +102,11 @@ static int directive_environment_info(QemuIgvm *ctx, const uint8_t *header_data,
> Error **errp);
> static int directive_required_memory(QemuIgvm *ctx, const uint8_t *header_data,
> Error **errp);
> +static int directive_snp_id_block(QemuIgvm *ctx, const uint8_t *header_data,
> + Error **errp);
> +static int initialization_guest_policy(QemuIgvm *ctx,
> + const uint8_t *header_data,
> + Error **errp);
>
> struct IGVMHandler {
> uint32_t type;
> @@ -87,6 +130,10 @@ static struct IGVMHandler handlers[] = {
> directive_environment_info },
> { IGVM_VHT_REQUIRED_MEMORY, IGVM_HEADER_SECTION_DIRECTIVE,
> directive_required_memory },
> + { IGVM_VHT_SNP_ID_BLOCK, IGVM_HEADER_SECTION_DIRECTIVE,
> + directive_snp_id_block },
> + { IGVM_VHT_GUEST_POLICY, IGVM_HEADER_SECTION_INITIALIZATION,
> + initialization_guest_policy },
> };
>
> static int handler(QemuIgvm *ctx, uint32_t type, Error **errp)
> @@ -619,6 +666,68 @@ static int directive_required_memory(QemuIgvm *ctx, const uint8_t *header_data,
> return 0;
> }
>
> +static int directive_snp_id_block(QemuIgvm *ctx, const uint8_t *header_data,
> + Error **errp)
> +{
> + const IGVM_VHS_SNP_ID_BLOCK *igvm_id =
> + (const IGVM_VHS_SNP_ID_BLOCK *)header_data;
> +
> + if (ctx->compatibility_mask & igvm_id->compatibility_mask) {
> + if (ctx->id_block) {
> + error_setg(errp, "IGVM: Multiple ID blocks encountered "
> + "in IGVM file.");
> + return -1;
> + }
> + ctx->id_block = g_malloc0(sizeof(struct sev_id_block));
> + ctx->id_auth = g_malloc0(sizeof(struct sev_id_authentication));
QEMU has a preference for
g_new0(struct sev_id_block, 1);
g_new0(struct sev_id_authentication, 1);
> +
> + memcpy(ctx->id_block->family_id, igvm_id->family_id,
> + sizeof(ctx->id_block->family_id));
> + memcpy(ctx->id_block->image_id, igvm_id->image_id,
> + sizeof(ctx->id_block->image_id));
> + ctx->id_block->guest_svn = igvm_id->guest_svn;
> + ctx->id_block->version = 1;
> + memcpy(ctx->id_block->ld, igvm_id->ld, sizeof(ctx->id_block->ld));
> +
> + ctx->id_auth->id_key_alg = igvm_id->id_key_algorithm;
> + memcpy(ctx->id_auth->id_block_sig, &igvm_id->id_key_signature,
> + sizeof(igvm_id->id_key_signature));
> +
> + ctx->id_auth->auth_key_algo = igvm_id->author_key_algorithm;
> + memcpy(ctx->id_auth->id_key_sig, &igvm_id->author_key_signature,
> + sizeof(igvm_id->author_key_signature));
> +
> + /*
> + * SEV and IGVM public key structure population are slightly different.
> + * See SEV Secure Nested Paging Firmware ABI Specification, Chapter 10.
> + */
> + *((uint32_t *)ctx->id_auth->id_key) = igvm_id->id_public_key.curve;
> + memcpy(&ctx->id_auth->id_key[4], &igvm_id->id_public_key.qx, 72);
> + memcpy(&ctx->id_auth->id_key[76], &igvm_id->id_public_key.qy, 72);
> +
> + *((uint32_t *)ctx->id_auth->author_key) =
> + igvm_id->author_public_key.curve;
> + memcpy(&ctx->id_auth->author_key[4], &igvm_id->author_public_key.qx,
> + 72);
> + memcpy(&ctx->id_auth->author_key[76], &igvm_id->author_public_key.qy,
> + 72);
> + }
> +
> + return 0;
> +}
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2024-06-24 14:57 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-21 14:29 [PATCH v3 00/15] Introduce support for IGVM files Roy Hopkins
2024-06-21 14:29 ` [PATCH v3 01/15] meson: Add optional dependency on IGVM library Roy Hopkins
2024-06-21 14:29 ` [PATCH v3 02/15] backends/confidential-guest-support: Add functions to support IGVM Roy Hopkins
2024-06-21 14:29 ` [PATCH v3 03/15] backends/igvm: Add IGVM loader and configuration Roy Hopkins
2024-06-24 13:29 ` Daniel P. Berrangé
2024-06-28 10:59 ` Roy Hopkins
2024-06-27 9:06 ` Stefano Garzarella
2024-06-27 9:14 ` Daniel P. Berrangé
2024-06-28 11:00 ` Roy Hopkins
2024-06-21 14:29 ` [PATCH v3 04/15] hw/core/machine: Add igvm-cfg object and processing for IGVM files Roy Hopkins
2024-06-24 14:00 ` Daniel P. Berrangé
2024-06-28 11:09 ` Roy Hopkins
2024-06-28 11:23 ` Daniel P. Berrangé
2024-07-01 11:59 ` Roy Hopkins
2024-06-21 14:29 ` [PATCH v3 05/15] i386/pc_sysfw: Ensure sysfw flash configuration does not conflict with IGVM Roy Hopkins
2024-06-27 12:38 ` Stefano Garzarella
2024-06-28 11:10 ` Roy Hopkins
2024-06-21 14:29 ` [PATCH v3 06/15] sev: Update launch_update_data functions to use Error handling Roy Hopkins
2024-06-27 12:48 ` Stefano Garzarella
2024-06-28 11:20 ` Roy Hopkins
2024-06-21 14:29 ` [PATCH v3 07/15] i386/sev: Refactor setting of reset vector and initial CPU state Roy Hopkins
2024-06-21 14:29 ` [PATCH v3 08/15] i386/sev: Implement ConfidentialGuestSupport functions for SEV Roy Hopkins
2024-06-21 14:29 ` [PATCH v3 09/15] docs/system: Add documentation on support for IGVM Roy Hopkins
2024-06-24 14:09 ` Daniel P. Berrangé
2024-07-01 14:28 ` Roy Hopkins
2024-06-21 14:29 ` [PATCH v3 10/15] docs/interop/firmware.json: Add igvm to FirmwareDevice Roy Hopkins
2024-06-27 12:53 ` Stefano Garzarella
2024-07-02 10:36 ` Roy Hopkins
2024-06-21 14:29 ` [PATCH v3 11/15] backends/confidential-guest-support: Add set_guest_policy() function Roy Hopkins
2024-06-21 14:29 ` [PATCH v3 12/15] backends/igvm: Process initialization sections in IGVM file Roy Hopkins
2024-06-21 14:29 ` [PATCH v3 13/15] backends/igvm: Handle policy for SEV guests Roy Hopkins
2024-06-24 14:56 ` Daniel P. Berrangé [this message]
2024-06-21 14:29 ` [PATCH v3 14/15] i386/sev: Add implementation of CGS set_guest_policy() Roy Hopkins
2024-06-24 14:53 ` Daniel P. Berrangé
2024-06-21 14:29 ` [PATCH v3 15/15] sev: Provide sev_features flags from IGVM VMSA to KVM_SEV_INIT2 Roy Hopkins
2024-06-24 14:14 ` Daniel P. Berrangé
2024-07-01 13:50 ` Roy Hopkins
2024-06-24 13:50 ` [PATCH v3 00/15] Introduce support for IGVM files Daniel P. Berrangé
2024-06-28 10:56 ` Roy Hopkins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZnmJHgslZYmA12S-@redhat.com \
--to=berrange@redhat.com \
--cc=alistair@alistair23.me \
--cc=anisinha@redhat.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=eduardo@habkost.net \
--cc=imammedo@redhat.com \
--cc=jroedel@suse.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=michael.roth@amd.com \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=roy.hopkins@suse.com \
--cc=sgarzare@redhat.com \
--cc=slp@redhat.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.