[kvm-unit-tests PATCH v3 0/5] s390x: Attestation tests

[kvm-unit-tests PATCH v3 0/5] s390x: Attestation tests

[Steffen Eiden]

This series adds some test in s390x/uv-guest.c verifying error paths of the
Request Attestation Measurement UVC.
Also adds a test in s390x/uv-host.c to verify that the
Request Attestation Measurement UVC cannot be called in guest1.

Additionally, adds a shared bit test and removes duplicated tests.

v2->v3:
  * added test for share bits as new PATCH 4/5
  * added r-b from Claudio in PATCH 1/4
  * replaced all u* with uint*_t
  * incorporated misc feedback from Claudio

v1->v2:
  * renamed 'uv_get_info(void)' to 'uv_get_query_data(void)'
  * renamed various fields in 'struct uv_arcb_v1'
  * added a test for invalid additional size
  * added r-b from Janosch in PATCH 1/4
  * added r-b from Janosch in PATCH 3/4

Steffen Eiden (5):
  s390x: uv-host: Add attestation test
  s390x: lib: Add QUI getter
  s390x: uv-guest: remove duplicated checks
  s390x: uv-guest: add share bit test
  s390x: uv-guest: Add attestation tests

 lib/s390x/asm/uv.h |  28 +++++-
 lib/s390x/uv.c     |   8 ++
 lib/s390x/uv.h     |   1 +
 s390x/uv-guest.c   | 229 +++++++++++++++++++++++++++++++++++++++++----
 s390x/uv-host.c    |   1 +
 5 files changed, 249 insertions(+), 18 deletions(-)

-- 
2.30.2

[kvm-unit-tests PATCH v3 1/5] s390x: uv-host: Add attestation test

[Steffen Eiden]

Adds an invalid command test for attestation in the uv-host.

Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
---
 lib/s390x/asm/uv.h | 23 ++++++++++++++++++++++-
 s390x/uv-host.c    |  1 +
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/lib/s390x/asm/uv.h b/lib/s390x/asm/uv.h
index 70bf65c4..c330c0f8 100644
--- a/lib/s390x/asm/uv.h
+++ b/lib/s390x/asm/uv.h
@@ -1,7 +1,7 @@
 /*
  * s390x Ultravisor related definitions
  *
- * Copyright (c) 2020 IBM Corp
+ * Copyright IBM Corp. 2020, 2022
  *
  * Authors:
  *  Janosch Frank <frankja@linux.ibm.com>
@@ -47,6 +47,7 @@
 #define UVC_CMD_UNPIN_PAGE_SHARED	0x0342
 #define UVC_CMD_SET_SHARED_ACCESS	0x1000
 #define UVC_CMD_REMOVE_SHARED_ACCESS	0x1001
+#define UVC_CMD_ATTESTATION		0x1020
 
 /* Bits in installed uv calls */
 enum uv_cmds_inst {
@@ -71,6 +72,7 @@ enum uv_cmds_inst {
 	BIT_UVC_CMD_UNSHARE_ALL = 20,
 	BIT_UVC_CMD_PIN_PAGE_SHARED = 21,
 	BIT_UVC_CMD_UNPIN_PAGE_SHARED = 22,
+	BIT_UVC_CMD_ATTESTATION = 28,
 };
 
 struct uv_cb_header {
@@ -178,6 +180,25 @@ struct uv_cb_cfs {
 	u64 paddr;
 }  __attribute__((packed))  __attribute__((aligned(8)));
 
+/* Retrieve Attestation Measurement */
+struct uv_cb_attest {
+	struct uv_cb_header header;	/* 0x0000 */
+	uint64_t reserved08[2];		/* 0x0008 */
+	uint64_t arcb_addr;		/* 0x0018 */
+	uint64_t continuation_token;	/* 0x0020 */
+	uint8_t  reserved28[6];		/* 0x0028 */
+	uint16_t user_data_length;	/* 0x002e */
+	uint8_t  user_data[256];	/* 0x0030 */
+	uint32_t reserved130[3];	/* 0x0130 */
+	uint32_t measurement_length;	/* 0x013c */
+	uint64_t measurement_address;	/* 0x0140 */
+	uint8_t config_uid[16];		/* 0x0148 */
+	uint32_t reserved158;		/* 0x0158 */
+	uint32_t add_data_length;	/* 0x015c */
+	uint64_t add_data_address;	/* 0x0160 */
+	uint64_t reserved168[4];	/* 0x0168 */
+}  __attribute__((packed))  __attribute__((aligned(8)));
+
 /* Set Secure Config Parameter */
 struct uv_cb_ssc {
 	struct uv_cb_header header;
diff --git a/s390x/uv-host.c b/s390x/uv-host.c
index de2e4850..fe49d7b9 100644
--- a/s390x/uv-host.c
+++ b/s390x/uv-host.c
@@ -418,6 +418,7 @@ static struct cmd_list invalid_cmds[] = {
 	{ "bogus", 0x4242, sizeof(struct uv_cb_header), -1},
 	{ "share", UVC_CMD_SET_SHARED_ACCESS, sizeof(struct uv_cb_share), BIT_UVC_CMD_SET_SHARED_ACCESS },
 	{ "unshare", UVC_CMD_REMOVE_SHARED_ACCESS, sizeof(struct uv_cb_share), BIT_UVC_CMD_REMOVE_SHARED_ACCESS },
+	{ "attest", UVC_CMD_ATTESTATION, sizeof(struct uv_cb_attest), BIT_UVC_CMD_ATTESTATION },
 	{ NULL, 0, 0 },
 };
 
-- 
2.30.2

[kvm-unit-tests PATCH v3 2/5] s390x: lib: Add QUI getter

[Steffen Eiden]

Some tests need the information provided by the QUI UVC and lib/s390x/uv.c
already has cached the qui result. Let's add a function to avoid
unnecessary QUI UVCs.

Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
---
 lib/s390x/uv.c | 8 ++++++++
 lib/s390x/uv.h | 1 +
 2 files changed, 9 insertions(+)

diff --git a/lib/s390x/uv.c b/lib/s390x/uv.c
index 6fe11dff..602cbbfc 100644
--- a/lib/s390x/uv.c
+++ b/lib/s390x/uv.c
@@ -47,6 +47,14 @@ bool uv_query_test_call(unsigned int nr)
 	return test_bit_inv(nr, uvcb_qui.inst_calls_list);
 }
 
+const struct uv_cb_qui *uv_get_query_data(void)
+{
+	/* Query needs to be called first */
+	assert(uvcb_qui.header.rc);
+
+	return &uvcb_qui;
+}
+
 int uv_setup(void)
 {
 	if (!test_facility(158))
diff --git a/lib/s390x/uv.h b/lib/s390x/uv.h
index 8175d9c6..44264861 100644
--- a/lib/s390x/uv.h
+++ b/lib/s390x/uv.h
@@ -8,6 +8,7 @@
 bool uv_os_is_guest(void);
 bool uv_os_is_host(void);
 bool uv_query_test_call(unsigned int nr);
+const struct uv_cb_qui *uv_get_query_data(void);
 void uv_init(void);
 int uv_setup(void);
 void uv_create_guest(struct vm *vm);
-- 
2.30.2

[kvm-unit-tests PATCH v3 3/5] s390x: uv-guest: remove duplicated checks

[Steffen Eiden]

Removing some tests which are done at other points in the code
implicitly.

In lib/s390x/uc.c#setup_uv(void) the rc of the qui result is verified
using asserts.
The whole test is fenced by lib/s390x/uc.c#uv_os_is_guest(void) that
checks if SET and REMOVE SHARED is present.

Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
---
 s390x/uv-guest.c | 22 +++++++---------------
 1 file changed, 7 insertions(+), 15 deletions(-)

diff --git a/s390x/uv-guest.c b/s390x/uv-guest.c
index 99120cae..728c60aa 100644
--- a/s390x/uv-guest.c
+++ b/s390x/uv-guest.c
@@ -69,23 +69,15 @@ static void test_query(void)
 	cc = uv_call(0, (u64)&uvcb);
 	report(cc == 1 && uvcb.header.rc == UVC_RC_INV_LEN, "length");
 
-	uvcb.header.len = sizeof(uvcb);
-	cc = uv_call(0, (u64)&uvcb);
-	report((!cc && uvcb.header.rc == UVC_RC_EXECUTED) ||
-	       (cc == 1 && uvcb.header.rc == 0x100),
-		"successful query");
-
 	/*
-	 * These bits have been introduced with the very first
-	 * Ultravisor version and are expected to always be available
-	 * because they are basic building blocks.
+	 * BIT_UVC_CMD_QUI, BIT_UVC_CMD_SET_SHARED_ACCESS and
+	 * BIT_UVC_CMD_REMOVE_SHARED_ACCESS are always present as they
+	 * have been introduced with the first Ultravisor version.
+	 * However, we only need to check for QUI as
+	 * SET/REMOVE SHARED are used to fence this test to be only
+	 * executed by protected guests.
 	 */
-	report(test_bit_inv(BIT_UVC_CMD_QUI, &uvcb.inst_calls_list[0]),
-	       "query indicated");
-	report(test_bit_inv(BIT_UVC_CMD_SET_SHARED_ACCESS, &uvcb.inst_calls_list[0]),
-	       "share indicated");
-	report(test_bit_inv(BIT_UVC_CMD_REMOVE_SHARED_ACCESS, &uvcb.inst_calls_list[0]),
-	       "unshare indicated");
+	report(uv_query_test_call(BIT_UVC_CMD_QUI), "query indicated");
 	report_prefix_pop();
 }
 
-- 
2.30.2

[kvm-unit-tests PATCH v3 4/5] s390x: uv-guest: add share bit test

[Steffen Eiden]

The UV facility bits shared/unshared must both be set or none.

Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
---
 s390x/uv-guest.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/s390x/uv-guest.c b/s390x/uv-guest.c
index 728c60aa..77057bd2 100644
--- a/s390x/uv-guest.c
+++ b/s390x/uv-guest.c
@@ -159,6 +159,14 @@ static void test_invalid(void)
 	report_prefix_pop();
 }
 
+static void test_share_bits(void)
+{
+	bool unshare = uv_query_test_call(BIT_UVC_CMD_REMOVE_SHARED_ACCESS);
+	bool share = uv_query_test_call(BIT_UVC_CMD_SET_SHARED_ACCESS);
+
+	report(!(share ^ unshare), "share bits");
+}
+
 int main(void)
 {
 	bool has_uvc = test_facility(158);
@@ -169,6 +177,12 @@ int main(void)
 		goto done;
 	}
 
+	/*
+	 * Needs to be done before the guest-fence,
+	 * as the fence tests if both shared bits are present
+	 */
+	test_share_bits();
+
 	if (!uv_os_is_guest()) {
 		report_skip("Not a protected guest");
 		goto done;
-- 
2.30.2

[kvm-unit-tests PATCH v3 5/5] s390x: uv-guest: Add attestation tests

[Steffen Eiden]

Adds several tests to verify correct error paths of attestation.

Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
---
 lib/s390x/asm/uv.h |   5 +-
 s390x/uv-guest.c   | 193 ++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 196 insertions(+), 2 deletions(-)

diff --git a/lib/s390x/asm/uv.h b/lib/s390x/asm/uv.h
index c330c0f8..e5f7aa72 100644
--- a/lib/s390x/asm/uv.h
+++ b/lib/s390x/asm/uv.h
@@ -108,7 +108,10 @@ struct uv_cb_qui {
 	u8  reserved88[158 - 136];	/* 0x0088 */
 	uint16_t max_guest_cpus;	/* 0x009e */
 	u64 uv_feature_indications;	/* 0x00a0 */
-	u8  reserveda8[200 - 168];	/* 0x00a8 */
+	uint8_t  reserveda8[224 - 168];	/* 0x00a8 */
+	uint64_t supp_att_hdr_ver;	/* 0x00e0 */
+	uint64_t supp_paf;		/* 0x00e8 */
+	uint8_t  reservedf0[256 - 240];	/* 0x00f0 */
 }  __attribute__((packed))  __attribute__((aligned(8)));
 
 struct uv_cb_cgc {
diff --git a/s390x/uv-guest.c b/s390x/uv-guest.c
index 77057bd2..77edbba2 100644
--- a/s390x/uv-guest.c
+++ b/s390x/uv-guest.c
@@ -2,10 +2,11 @@
 /*
  * Guest Ultravisor Call tests
  *
- * Copyright (c) 2020 IBM Corp
+ * Copyright IBM Corp. 2020, 2022
  *
  * Authors:
  *  Janosch Frank <frankja@linux.ibm.com>
+ *  Steffen Eiden <seiden@linux.ibm.com>
  */
 
 #include <libcflat.h>
@@ -53,6 +54,15 @@ static void test_priv(void)
 	check_pgm_int_code(PGM_INT_CODE_PRIVILEGED_OPERATION);
 	report_prefix_pop();
 
+	report_prefix_push("attest");
+	uvcb.cmd = UVC_CMD_ATTESTATION;
+	uvcb.len = sizeof(struct uv_cb_attest);
+	expect_pgm_int();
+	enter_pstate();
+	uv_call_once(0, (uint64_t)&uvcb);
+	check_pgm_int_code(PGM_INT_CODE_PRIVILEGED_OPERATION);
+	report_prefix_pop();
+
 	report_prefix_pop();
 }
 
@@ -111,7 +121,187 @@ static void test_sharing(void)
 	cc = uv_call(0, (u64)&uvcb);
 	report(cc == 0 && uvcb.header.rc == UVC_RC_EXECUTED, "unshare");
 	report_prefix_pop();
+}
+
+#define ARCB_VERSION_NONE 0
+#define ARCB_VERSION_1 0x0100
+#define ARCB_MEAS_NONE 0
+#define ARCB_MEAS_HMAC_SHA512 1
+#define MEASUREMENT_SIZE_HMAC_SHA512 64
+#define PAF_PHKH_ATT (1ULL << 61)
+#define ADDITIONAL_SIZE_PAF_PHKH_ATT 32
+/* arcb with one key slot and no nonce */
+struct uv_arcb_v1 {
+	uint64_t reserved0;		/* 0x0000 */
+	uint32_t req_ver;		/* 0x0008 */
+	uint32_t req_len;		/* 0x000c */
+	uint8_t  iv[12];		/* 0x0010 */
+	uint32_t reserved1c;		/* 0x001c */
+	uint8_t  reserved20[7];		/* 0x0020 */
+	uint8_t  nks;			/* 0x0027 */
+	uint32_t reserved28;		/* 0x0028 */
+	uint32_t sea;			/* 0x002c */
+	uint64_t plaint_att_flags;	/* 0x0030 */
+	uint32_t meas_alg_id;		/* 0x0038 */
+	uint32_t reserved3c;		/* 0x003c */
+	uint8_t  cpk[160];		/* 0x0040 */
+	uint8_t  key_slot[80];		/* 0x00e0 */
+	uint8_t  meas_key[64];		/* 0x0130 */
+	uint8_t  tag[16];		/* 0x0170 */
+} __attribute__((packed));
+
+struct attest_request_v1 {
+	struct uv_arcb_v1 arcb;
+	uint8_t measurement[MEASUREMENT_SIZE_HMAC_SHA512];
+	uint8_t additional[ADDITIONAL_SIZE_PAF_PHKH_ATT];
+};
+
+static void test_attest_v1(u64 supported_paf)
+{
+	struct uv_cb_attest uvcb = {
+		.header.cmd = UVC_CMD_ATTESTATION,
+		.header.len = sizeof(uvcb),
+	};
+	struct attest_request_v1 *attest_req = (void *)page;
+	struct uv_arcb_v1 *arcb = &attest_req->arcb;
+	int cc;
+
+	memset((void *)page, 0, PAGE_SIZE);
+
+	/*
+	 * Create a minimal arcb/uvcb such that FW has everything to start
+	 * unsealing the request. However, this unsealing will fail as the
+	 * kvm-unit-test framework provides no cryptography functions that
+	 * would be needed to seal such requests.
+	 */
+	arcb->req_ver = ARCB_VERSION_1;
+	arcb->req_len = sizeof(*arcb);
+	arcb->nks = 1;
+	arcb->sea = sizeof(arcb->meas_key);
+	arcb->plaint_att_flags = PAF_PHKH_ATT;
+	arcb->meas_alg_id = ARCB_MEAS_HMAC_SHA512;
+	uvcb.arcb_addr = (uint64_t)&attest_req->arcb;
+	uvcb.measurement_address = (uint64_t)attest_req->measurement;
+	uvcb.measurement_length = sizeof(attest_req->measurement);
+	uvcb.add_data_address = (uint64_t)attest_req->additional;
+	uvcb.add_data_length = sizeof(attest_req->additional);
+
+	uvcb.continuation_token = 0xff;
+	cc = uv_call(0, (uint64_t)&uvcb);
+	report(cc == 1 && uvcb.header.rc == 0x0101, "invalid continuation token");
+	uvcb.continuation_token = 0;
+
+	uvcb.user_data_length = sizeof(uvcb.user_data) + 1;
+	cc = uv_call(0, (uint64_t)&uvcb);
+	report(cc == 1 && uvcb.header.rc == 0x0102, "invalid user data size");
+	uvcb.user_data_length = 0;
+
+	uvcb.arcb_addr = get_ram_size() + PAGE_SIZE;
+	cc = uv_call(0, (uint64_t)&uvcb);
+	report(cc == 1 && uvcb.header.rc == 0x0103, "invalid address arcb");
+	uvcb.arcb_addr = page;
+
+	/* 0104 - 0105 need an unseal-able request */
+
+	arcb->req_ver = ARCB_VERSION_NONE;
+	cc = uv_call(0, (uint64_t)&uvcb);
+	report(cc == 1 && uvcb.header.rc == 0x0106, "unsupported version");
+	arcb->req_ver = ARCB_VERSION_1;
+
+	arcb->req_len += 1;
+	cc = uv_call(0, (uint64_t)&uvcb);
+	report(cc == 1 && uvcb.header.rc == 0x0107, "invalid arcb size 1");
+	arcb->req_len -= 1;
+
+	/*
+	 * The arcb needs to grow as well if number of key slots (nks)
+	 * is increased. However, this is not the case and there is no explicit
+	 * 'too many/less nks for that arcb size' error code -> expect 0x0107
+	 */
+	arcb->nks = 2;
+	cc = uv_call(0, (uint64_t)&uvcb);
+	report(cc == 1 && uvcb.header.rc == 0x0107, "invalid arcb size 2");
+	arcb->nks = 1;
+
+	arcb->nks = 0;
+	cc = uv_call(0, (uint64_t)&uvcb);
+	report(cc == 1 && uvcb.header.rc == 0x0108, "invalid num key slots");
+	arcb->nks = 1;
+
+	/*
+	 * Possible valid size (when using nonce).
+	 * However, req_len too small to host a nonce
+	 */
+	arcb->sea = 80;
+	cc = uv_call(0, (uint64_t)&uvcb);
+	report(cc == 1 && uvcb.header.rc == 0x0109, "invalid encrypted size 1");
+	arcb->sea = 17;
+	cc = uv_call(0, (uint64_t)&uvcb);
+	report(cc == 1 && uvcb.header.rc == 0x0109, "invalid encrypted size 2");
+	arcb->sea = 64;
+
+	arcb->plaint_att_flags = supported_paf ^ GENMASK_ULL(63, 0);
+	cc = uv_call(0, (uint64_t)&uvcb);
+	report(cc == 1 && uvcb.header.rc == 0x010a, "invalid flag");
+	arcb->plaint_att_flags = PAF_PHKH_ATT;
+
+	arcb->meas_alg_id = ARCB_MEAS_NONE;
+	cc = uv_call(0, (uint64_t)&uvcb);
+	report(cc == 1 && uvcb.header.rc == 0x010b, "invalid measurement algorithm");
+	arcb->meas_alg_id = ARCB_MEAS_HMAC_SHA512;
 
+	cc = uv_call(0, (uint64_t)&uvcb);
+	report(cc == 1 && uvcb.header.rc == 0x010c, "unable unseal");
+
+	uvcb.measurement_length = 0;
+	cc = uv_call(0, (uint64_t)&uvcb);
+	report(cc == 1 && uvcb.header.rc == 0x010d, "invalid measurement size");
+	uvcb.measurement_length = sizeof(attest_req->measurement);
+
+	uvcb.add_data_length = 0;
+	cc = uv_call(0, (uint64_t)&uvcb);
+	report(cc == 1 && uvcb.header.rc == 0x010e, "invalid additional size");
+	uvcb.add_data_length = sizeof(attest_req->additional);
+}
+
+static void test_attest(void)
+{
+	struct uv_cb_attest uvcb = {
+		.header.cmd = UVC_CMD_ATTESTATION,
+		.header.len = sizeof(uvcb),
+	};
+	const struct uv_cb_qui *uvcb_qui = uv_get_query_data();
+	int cc;
+
+	report_prefix_push("attest");
+
+	if (!uv_query_test_call(BIT_UVC_CMD_ATTESTATION)) {
+		report_skip("Attestation not supported.");
+		goto done;
+	}
+
+	/* Verify that the UV supports at least one header version */
+	report(uvcb_qui->supp_att_hdr_ver, "has hdr support");
+
+	memset((void *)page, 0, PAGE_SIZE);
+
+	uvcb.header.len -= 1;
+	cc = uv_call(0, (uint64_t)&uvcb);
+	report(cc && uvcb.header.rc == UVC_RC_INV_LEN, "invalid uvcb size 1");
+	uvcb.header.len += 1;
+
+	uvcb.header.len += 1;
+	cc = uv_call(0, (uint64_t)&uvcb);
+	report(cc && uvcb.header.rc == UVC_RC_INV_LEN, "invalid uvcb size 2");
+	uvcb.header.len -= 1;
+
+	report_prefix_push("v1");
+	if (test_bit_inv(0, &uvcb_qui->supp_att_hdr_ver))
+		test_attest_v1(uvcb_qui->supp_paf);
+	else
+		report_skip("Attestation version 1 not supported");
+	report_prefix_pop();
+done:
 	report_prefix_pop();
 }
 
@@ -193,6 +383,7 @@ int main(void)
 	test_invalid();
 	test_query();
 	test_sharing();
+	test_attest();
 	free_page((void *)page);
 done:
 	report_prefix_pop();
-- 
2.30.2

Re: [kvm-unit-tests PATCH v3 4/5] s390x: uv-guest: add share bit test

[Claudio Imbrenda]

On Tue, 22 Feb 2022 14:54:55 +0000
Steffen Eiden <seiden@linux.ibm.com> wrote:

> The UV facility bits shared/unshared must both be set or none.
> 
> Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>

Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>

> ---
>  s390x/uv-guest.c | 14 ++++++++++++++
>  1 file changed, 14 insertions(+)
> 
> diff --git a/s390x/uv-guest.c b/s390x/uv-guest.c
> index 728c60aa..77057bd2 100644
> --- a/s390x/uv-guest.c
> +++ b/s390x/uv-guest.c
> @@ -159,6 +159,14 @@ static void test_invalid(void)
>  	report_prefix_pop();
>  }
>  
> +static void test_share_bits(void)
> +{
> +	bool unshare = uv_query_test_call(BIT_UVC_CMD_REMOVE_SHARED_ACCESS);
> +	bool share = uv_query_test_call(BIT_UVC_CMD_SET_SHARED_ACCESS);
> +
> +	report(!(share ^ unshare), "share bits");
> +}
> +
>  int main(void)
>  {
>  	bool has_uvc = test_facility(158);
> @@ -169,6 +177,12 @@ int main(void)
>  		goto done;
>  	}
>  
> +	/*
> +	 * Needs to be done before the guest-fence,
> +	 * as the fence tests if both shared bits are present
> +	 */
> +	test_share_bits();
> +
>  	if (!uv_os_is_guest()) {
>  		report_skip("Not a protected guest");
>  		goto done;

Re: [kvm-unit-tests PATCH v3 2/5] s390x: lib: Add QUI getter

[Claudio Imbrenda]

On Tue, 22 Feb 2022 14:54:53 +0000
Steffen Eiden <seiden@linux.ibm.com> wrote:

> Some tests need the information provided by the QUI UVC and lib/s390x/uv.c
> already has cached the qui result. Let's add a function to avoid
> unnecessary QUI UVCs.
> 
> Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>

Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>

> ---
>  lib/s390x/uv.c | 8 ++++++++
>  lib/s390x/uv.h | 1 +
>  2 files changed, 9 insertions(+)
> 
> diff --git a/lib/s390x/uv.c b/lib/s390x/uv.c
> index 6fe11dff..602cbbfc 100644
> --- a/lib/s390x/uv.c
> +++ b/lib/s390x/uv.c
> @@ -47,6 +47,14 @@ bool uv_query_test_call(unsigned int nr)
>  	return test_bit_inv(nr, uvcb_qui.inst_calls_list);
>  }
>  
> +const struct uv_cb_qui *uv_get_query_data(void)
> +{
> +	/* Query needs to be called first */
> +	assert(uvcb_qui.header.rc);
> +
> +	return &uvcb_qui;
> +}
> +
>  int uv_setup(void)
>  {
>  	if (!test_facility(158))
> diff --git a/lib/s390x/uv.h b/lib/s390x/uv.h
> index 8175d9c6..44264861 100644
> --- a/lib/s390x/uv.h
> +++ b/lib/s390x/uv.h
> @@ -8,6 +8,7 @@
>  bool uv_os_is_guest(void);
>  bool uv_os_is_host(void);
>  bool uv_query_test_call(unsigned int nr);
> +const struct uv_cb_qui *uv_get_query_data(void);
>  void uv_init(void);
>  int uv_setup(void);
>  void uv_create_guest(struct vm *vm);

Re: [kvm-unit-tests PATCH v3 5/5] s390x: uv-guest: Add attestation tests

[Claudio Imbrenda]

On Tue, 22 Feb 2022 14:54:56 +0000
Steffen Eiden <seiden@linux.ibm.com> wrote:

> Adds several tests to verify correct error paths of attestation.
> 
> Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>

in general looks good but I have several nits regarding the strings
used to report the tests

> ---
>  lib/s390x/asm/uv.h |   5 +-
>  s390x/uv-guest.c   | 193 ++++++++++++++++++++++++++++++++++++++++++++-
>  2 files changed, 196 insertions(+), 2 deletions(-)
> 
> diff --git a/lib/s390x/asm/uv.h b/lib/s390x/asm/uv.h
> index c330c0f8..e5f7aa72 100644
> --- a/lib/s390x/asm/uv.h
> +++ b/lib/s390x/asm/uv.h
> @@ -108,7 +108,10 @@ struct uv_cb_qui {
>  	u8  reserved88[158 - 136];	/* 0x0088 */
>  	uint16_t max_guest_cpus;	/* 0x009e */
>  	u64 uv_feature_indications;	/* 0x00a0 */
> -	u8  reserveda8[200 - 168];	/* 0x00a8 */
> +	uint8_t  reserveda8[224 - 168];	/* 0x00a8 */
> +	uint64_t supp_att_hdr_ver;	/* 0x00e0 */
> +	uint64_t supp_paf;		/* 0x00e8 */
> +	uint8_t  reservedf0[256 - 240];	/* 0x00f0 */
>  }  __attribute__((packed))  __attribute__((aligned(8)));
>  
>  struct uv_cb_cgc {
> diff --git a/s390x/uv-guest.c b/s390x/uv-guest.c
> index 77057bd2..77edbba2 100644
> --- a/s390x/uv-guest.c
> +++ b/s390x/uv-guest.c
> @@ -2,10 +2,11 @@
>  /*
>   * Guest Ultravisor Call tests
>   *
> - * Copyright (c) 2020 IBM Corp
> + * Copyright IBM Corp. 2020, 2022
>   *
>   * Authors:
>   *  Janosch Frank <frankja@linux.ibm.com>
> + *  Steffen Eiden <seiden@linux.ibm.com>
>   */
>  
>  #include <libcflat.h>
> @@ -53,6 +54,15 @@ static void test_priv(void)
>  	check_pgm_int_code(PGM_INT_CODE_PRIVILEGED_OPERATION);
>  	report_prefix_pop();
>  
> +	report_prefix_push("attest");
> +	uvcb.cmd = UVC_CMD_ATTESTATION;
> +	uvcb.len = sizeof(struct uv_cb_attest);
> +	expect_pgm_int();
> +	enter_pstate();
> +	uv_call_once(0, (uint64_t)&uvcb);
> +	check_pgm_int_code(PGM_INT_CODE_PRIVILEGED_OPERATION);
> +	report_prefix_pop();
> +
>  	report_prefix_pop();
>  }
>  
> @@ -111,7 +121,187 @@ static void test_sharing(void)
>  	cc = uv_call(0, (u64)&uvcb);
>  	report(cc == 0 && uvcb.header.rc == UVC_RC_EXECUTED, "unshare");
>  	report_prefix_pop();
> +}
> +
> +#define ARCB_VERSION_NONE 0
> +#define ARCB_VERSION_1 0x0100
> +#define ARCB_MEAS_NONE 0
> +#define ARCB_MEAS_HMAC_SHA512 1
> +#define MEASUREMENT_SIZE_HMAC_SHA512 64
> +#define PAF_PHKH_ATT (1ULL << 61)
> +#define ADDITIONAL_SIZE_PAF_PHKH_ATT 32
> +/* arcb with one key slot and no nonce */
> +struct uv_arcb_v1 {
> +	uint64_t reserved0;		/* 0x0000 */
> +	uint32_t req_ver;		/* 0x0008 */
> +	uint32_t req_len;		/* 0x000c */
> +	uint8_t  iv[12];		/* 0x0010 */
> +	uint32_t reserved1c;		/* 0x001c */
> +	uint8_t  reserved20[7];		/* 0x0020 */
> +	uint8_t  nks;			/* 0x0027 */
> +	uint32_t reserved28;		/* 0x0028 */
> +	uint32_t sea;			/* 0x002c */
> +	uint64_t plaint_att_flags;	/* 0x0030 */
> +	uint32_t meas_alg_id;		/* 0x0038 */
> +	uint32_t reserved3c;		/* 0x003c */
> +	uint8_t  cpk[160];		/* 0x0040 */
> +	uint8_t  key_slot[80];		/* 0x00e0 */
> +	uint8_t  meas_key[64];		/* 0x0130 */
> +	uint8_t  tag[16];		/* 0x0170 */
> +} __attribute__((packed));
> +
> +struct attest_request_v1 {
> +	struct uv_arcb_v1 arcb;
> +	uint8_t measurement[MEASUREMENT_SIZE_HMAC_SHA512];
> +	uint8_t additional[ADDITIONAL_SIZE_PAF_PHKH_ATT];
> +};
> +
> +static void test_attest_v1(u64 supported_paf)
> +{
> +	struct uv_cb_attest uvcb = {
> +		.header.cmd = UVC_CMD_ATTESTATION,
> +		.header.len = sizeof(uvcb),
> +	};
> +	struct attest_request_v1 *attest_req = (void *)page;
> +	struct uv_arcb_v1 *arcb = &attest_req->arcb;
> +	int cc;
> +
> +	memset((void *)page, 0, PAGE_SIZE);
> +
> +	/*
> +	 * Create a minimal arcb/uvcb such that FW has everything to start
> +	 * unsealing the request. However, this unsealing will fail as the
> +	 * kvm-unit-test framework provides no cryptography functions that
> +	 * would be needed to seal such requests.
> +	 */
> +	arcb->req_ver = ARCB_VERSION_1;
> +	arcb->req_len = sizeof(*arcb);
> +	arcb->nks = 1;
> +	arcb->sea = sizeof(arcb->meas_key);
> +	arcb->plaint_att_flags = PAF_PHKH_ATT;
> +	arcb->meas_alg_id = ARCB_MEAS_HMAC_SHA512;
> +	uvcb.arcb_addr = (uint64_t)&attest_req->arcb;
> +	uvcb.measurement_address = (uint64_t)attest_req->measurement;
> +	uvcb.measurement_length = sizeof(attest_req->measurement);
> +	uvcb.add_data_address = (uint64_t)attest_req->additional;
> +	uvcb.add_data_length = sizeof(attest_req->additional);
> +
> +	uvcb.continuation_token = 0xff;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0101, "invalid continuation token");
> +	uvcb.continuation_token = 0;
> +
> +	uvcb.user_data_length = sizeof(uvcb.user_data) + 1;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0102, "invalid user data size");
> +	uvcb.user_data_length = 0;
> +
> +	uvcb.arcb_addr = get_ram_size() + PAGE_SIZE;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0103, "invalid address arcb");
> +	uvcb.arcb_addr = page;
> +
> +	/* 0104 - 0105 need an unseal-able request */
> +
> +	arcb->req_ver = ARCB_VERSION_NONE;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0106, "unsupported version");
> +	arcb->req_ver = ARCB_VERSION_1;
> +
> +	arcb->req_len += 1;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0107, "invalid arcb size 1");

I would like a more descriptive string for the report message.
something like "arcb too big"

> +	arcb->req_len -= 1;
> +
> +	/*
> +	 * The arcb needs to grow as well if number of key slots (nks)
> +	 * is increased. However, this is not the case and there is no explicit
> +	 * 'too many/less nks for that arcb size' error code -> expect 0x0107
> +	 */
> +	arcb->nks = 2;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0107, "invalid arcb size 2");

and here maybe something like "arcb too small for nks" or "too many nks
for arcb"

> +	arcb->nks = 1;
> +
> +	arcb->nks = 0;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0108, "invalid num key slots");
> +	arcb->nks = 1;
> +
> +	/*
> +	 * Possible valid size (when using nonce).
> +	 * However, req_len too small to host a nonce
> +	 */
> +	arcb->sea = 80;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0109, "invalid encrypted size 1");

"encrypted size too big" (if I understand correctly)

> +	arcb->sea = 17;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0109, "invalid encrypted size 2");

"encrypted size too small" (if I understand correctly)

> +	arcb->sea = 64;
> +
> +	arcb->plaint_att_flags = supported_paf ^ GENMASK_ULL(63, 0);
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x010a, "invalid flag");
> +	arcb->plaint_att_flags = PAF_PHKH_ATT;
> +
> +	arcb->meas_alg_id = ARCB_MEAS_NONE;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x010b, "invalid measurement algorithm");
> +	arcb->meas_alg_id = ARCB_MEAS_HMAC_SHA512;
>  
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x010c, "unable unseal");
> +
> +	uvcb.measurement_length = 0;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x010d, "invalid measurement size");
> +	uvcb.measurement_length = sizeof(attest_req->measurement);
> +
> +	uvcb.add_data_length = 0;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x010e, "invalid additional size");
> +	uvcb.add_data_length = sizeof(attest_req->additional);
> +}
> +
> +static void test_attest(void)
> +{
> +	struct uv_cb_attest uvcb = {
> +		.header.cmd = UVC_CMD_ATTESTATION,
> +		.header.len = sizeof(uvcb),
> +	};
> +	const struct uv_cb_qui *uvcb_qui = uv_get_query_data();
> +	int cc;
> +
> +	report_prefix_push("attest");
> +
> +	if (!uv_query_test_call(BIT_UVC_CMD_ATTESTATION)) {
> +		report_skip("Attestation not supported.");
> +		goto done;
> +	}
> +
> +	/* Verify that the UV supports at least one header version */
> +	report(uvcb_qui->supp_att_hdr_ver, "has hdr support");
> +
> +	memset((void *)page, 0, PAGE_SIZE);
> +
> +	uvcb.header.len -= 1;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc && uvcb.header.rc == UVC_RC_INV_LEN, "invalid uvcb size 1");

"uvcb too small"

> +	uvcb.header.len += 1;
> +
> +	uvcb.header.len += 1;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc && uvcb.header.rc == UVC_RC_INV_LEN, "invalid uvcb size 2");

"uvcb too large"

> +	uvcb.header.len -= 1;
> +
> +	report_prefix_push("v1");
> +	if (test_bit_inv(0, &uvcb_qui->supp_att_hdr_ver))
> +		test_attest_v1(uvcb_qui->supp_paf);
> +	else
> +		report_skip("Attestation version 1 not supported");
> +	report_prefix_pop();
> +done:
>  	report_prefix_pop();
>  }
>  
> @@ -193,6 +383,7 @@ int main(void)
>  	test_invalid();
>  	test_query();
>  	test_sharing();
> +	test_attest();
>  	free_page((void *)page);
>  done:
>  	report_prefix_pop();

Re: [kvm-unit-tests PATCH v3 2/5] s390x: lib: Add QUI getter

[Janosch Frank]

On 2/22/22 15:54, Steffen Eiden wrote:
> Some tests need the information provided by the QUI UVC and lib/s390x/uv.c
> already has cached the qui result. Let's add a function to avoid
> unnecessary QUI UVCs.
> 
> Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>

Reviewed-by: Janosch Frank <frankja@linux.ibm.com>

> ---
>   lib/s390x/uv.c | 8 ++++++++
>   lib/s390x/uv.h | 1 +
>   2 files changed, 9 insertions(+)
> 
> diff --git a/lib/s390x/uv.c b/lib/s390x/uv.c
> index 6fe11dff..602cbbfc 100644
> --- a/lib/s390x/uv.c
> +++ b/lib/s390x/uv.c
> @@ -47,6 +47,14 @@ bool uv_query_test_call(unsigned int nr)
>   	return test_bit_inv(nr, uvcb_qui.inst_calls_list);
>   }
>   
> +const struct uv_cb_qui *uv_get_query_data(void)
> +{
> +	/* Query needs to be called first */
> +	assert(uvcb_qui.header.rc);
> +
> +	return &uvcb_qui;
> +}
> +
>   int uv_setup(void)
>   {
>   	if (!test_facility(158))
> diff --git a/lib/s390x/uv.h b/lib/s390x/uv.h
> index 8175d9c6..44264861 100644
> --- a/lib/s390x/uv.h
> +++ b/lib/s390x/uv.h
> @@ -8,6 +8,7 @@
>   bool uv_os_is_guest(void);
>   bool uv_os_is_host(void);
>   bool uv_query_test_call(unsigned int nr);
> +const struct uv_cb_qui *uv_get_query_data(void);
>   void uv_init(void);
>   int uv_setup(void);
>   void uv_create_guest(struct vm *vm);

Re: [kvm-unit-tests PATCH v3 4/5] s390x: uv-guest: add share bit test

[Janosch Frank]

On 2/22/22 15:54, Steffen Eiden wrote:
> The UV facility bits shared/unshared must both be set or none.
> 
> Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>

Reviewed-by: Janosch Frank <frankja@linux.ibm.com>

> ---
>   s390x/uv-guest.c | 14 ++++++++++++++
>   1 file changed, 14 insertions(+)
> 
> diff --git a/s390x/uv-guest.c b/s390x/uv-guest.c
> index 728c60aa..77057bd2 100644
> --- a/s390x/uv-guest.c
> +++ b/s390x/uv-guest.c
> @@ -159,6 +159,14 @@ static void test_invalid(void)
>   	report_prefix_pop();
>   }
>   
> +static void test_share_bits(void)
> +{
> +	bool unshare = uv_query_test_call(BIT_UVC_CMD_REMOVE_SHARED_ACCESS);
> +	bool share = uv_query_test_call(BIT_UVC_CMD_SET_SHARED_ACCESS);
> +
> +	report(!(share ^ unshare), "share bits");
> +}
> +
>   int main(void)
>   {
>   	bool has_uvc = test_facility(158);
> @@ -169,6 +177,12 @@ int main(void)
>   		goto done;
>   	}
>   
> +	/*
> +	 * Needs to be done before the guest-fence,
> +	 * as the fence tests if both shared bits are present
> +	 */
> +	test_share_bits();
> +
>   	if (!uv_os_is_guest()) {
>   		report_skip("Not a protected guest");
>   		goto done;

Re: [kvm-unit-tests PATCH v3 1/5] s390x: uv-host: Add attestation test

[Janosch Frank]

On 2/22/22 15:54, Steffen Eiden wrote:
> Adds an invalid command test for attestation in the uv-host.

I'm still fine with this test but I'd suggest changing the title to:
s390x: uv-host: Add invalid command attestation check

Just so it doesn't sound the same as the last patch in the series.

> 
> Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
> Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
> ---
>   lib/s390x/asm/uv.h | 23 ++++++++++++++++++++++-
>   s390x/uv-host.c    |  1 +
>   2 files changed, 23 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/s390x/asm/uv.h b/lib/s390x/asm/uv.h
> index 70bf65c4..c330c0f8 100644
> --- a/lib/s390x/asm/uv.h
> +++ b/lib/s390x/asm/uv.h
> @@ -1,7 +1,7 @@
>   /*
>    * s390x Ultravisor related definitions
>    *
> - * Copyright (c) 2020 IBM Corp
> + * Copyright IBM Corp. 2020, 2022
>    *
>    * Authors:
>    *  Janosch Frank <frankja@linux.ibm.com>
> @@ -47,6 +47,7 @@
>   #define UVC_CMD_UNPIN_PAGE_SHARED	0x0342
>   #define UVC_CMD_SET_SHARED_ACCESS	0x1000
>   #define UVC_CMD_REMOVE_SHARED_ACCESS	0x1001
> +#define UVC_CMD_ATTESTATION		0x1020
>   
>   /* Bits in installed uv calls */
>   enum uv_cmds_inst {
> @@ -71,6 +72,7 @@ enum uv_cmds_inst {
>   	BIT_UVC_CMD_UNSHARE_ALL = 20,
>   	BIT_UVC_CMD_PIN_PAGE_SHARED = 21,
>   	BIT_UVC_CMD_UNPIN_PAGE_SHARED = 22,
> +	BIT_UVC_CMD_ATTESTATION = 28,
>   };
>   
>   struct uv_cb_header {
> @@ -178,6 +180,25 @@ struct uv_cb_cfs {
>   	u64 paddr;
>   }  __attribute__((packed))  __attribute__((aligned(8)));
>   
> +/* Retrieve Attestation Measurement */
> +struct uv_cb_attest {
> +	struct uv_cb_header header;	/* 0x0000 */
> +	uint64_t reserved08[2];		/* 0x0008 */
> +	uint64_t arcb_addr;		/* 0x0018 */
> +	uint64_t continuation_token;	/* 0x0020 */
> +	uint8_t  reserved28[6];		/* 0x0028 */
> +	uint16_t user_data_length;	/* 0x002e */
> +	uint8_t  user_data[256];	/* 0x0030 */
> +	uint32_t reserved130[3];	/* 0x0130 */
> +	uint32_t measurement_length;	/* 0x013c */
> +	uint64_t measurement_address;	/* 0x0140 */
> +	uint8_t config_uid[16];		/* 0x0148 */
> +	uint32_t reserved158;		/* 0x0158 */
> +	uint32_t add_data_length;	/* 0x015c */
> +	uint64_t add_data_address;	/* 0x0160 */
> +	uint64_t reserved168[4];	/* 0x0168 */
> +}  __attribute__((packed))  __attribute__((aligned(8)));
> +
>   /* Set Secure Config Parameter */
>   struct uv_cb_ssc {
>   	struct uv_cb_header header;
> diff --git a/s390x/uv-host.c b/s390x/uv-host.c
> index de2e4850..fe49d7b9 100644
> --- a/s390x/uv-host.c
> +++ b/s390x/uv-host.c
> @@ -418,6 +418,7 @@ static struct cmd_list invalid_cmds[] = {
>   	{ "bogus", 0x4242, sizeof(struct uv_cb_header), -1},
>   	{ "share", UVC_CMD_SET_SHARED_ACCESS, sizeof(struct uv_cb_share), BIT_UVC_CMD_SET_SHARED_ACCESS },
>   	{ "unshare", UVC_CMD_REMOVE_SHARED_ACCESS, sizeof(struct uv_cb_share), BIT_UVC_CMD_REMOVE_SHARED_ACCESS },
> +	{ "attest", UVC_CMD_ATTESTATION, sizeof(struct uv_cb_attest), BIT_UVC_CMD_ATTESTATION },
>   	{ NULL, 0, 0 },
>   };
>   

Re: [kvm-unit-tests PATCH v3 5/5] s390x: uv-guest: Add attestation tests

[Janosch Frank]

On 2/22/22 15:54, Steffen Eiden wrote:
> Adds several tests to verify correct error paths of attestation.
> 
> Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>

I think this test deserves its own file: pv-attest.c

But I'd leave the priv check in uv-guest.c.
@Claudio: Any opinion about having all priv checks here and doing the 
actual execution tests in pv-*.c files?

> ---
>   lib/s390x/asm/uv.h |   5 +-
>   s390x/uv-guest.c   | 193 ++++++++++++++++++++++++++++++++++++++++++++-
>   2 files changed, 196 insertions(+), 2 deletions(-)
> 
> diff --git a/lib/s390x/asm/uv.h b/lib/s390x/asm/uv.h
> index c330c0f8..e5f7aa72 100644
> --- a/lib/s390x/asm/uv.h
> +++ b/lib/s390x/asm/uv.h
> @@ -108,7 +108,10 @@ struct uv_cb_qui {
>   	u8  reserved88[158 - 136];	/* 0x0088 */
>   	uint16_t max_guest_cpus;	/* 0x009e */
>   	u64 uv_feature_indications;	/* 0x00a0 */
> -	u8  reserveda8[200 - 168];	/* 0x00a8 */
> +	uint8_t  reserveda8[224 - 168];	/* 0x00a8 */
> +	uint64_t supp_att_hdr_ver;	/* 0x00e0 */
> +	uint64_t supp_paf;		/* 0x00e8 */
> +	uint8_t  reservedf0[256 - 240];	/* 0x00f0 */
>   }  __attribute__((packed))  __attribute__((aligned(8)));
>   
>   struct uv_cb_cgc {
> diff --git a/s390x/uv-guest.c b/s390x/uv-guest.c
> index 77057bd2..77edbba2 100644
> --- a/s390x/uv-guest.c
> +++ b/s390x/uv-guest.c
> @@ -2,10 +2,11 @@
>   /*
>    * Guest Ultravisor Call tests
>    *
> - * Copyright (c) 2020 IBM Corp
> + * Copyright IBM Corp. 2020, 2022
>    *
>    * Authors:
>    *  Janosch Frank <frankja@linux.ibm.com>
> + *  Steffen Eiden <seiden@linux.ibm.com>
>    */
>   
>   #include <libcflat.h>
> @@ -53,6 +54,15 @@ static void test_priv(void)
>   	check_pgm_int_code(PGM_INT_CODE_PRIVILEGED_OPERATION);
>   	report_prefix_pop();
>   
> +	report_prefix_push("attest");
> +	uvcb.cmd = UVC_CMD_ATTESTATION;
> +	uvcb.len = sizeof(struct uv_cb_attest);
> +	expect_pgm_int();
> +	enter_pstate();
> +	uv_call_once(0, (uint64_t)&uvcb);
> +	check_pgm_int_code(PGM_INT_CODE_PRIVILEGED_OPERATION);
> +	report_prefix_pop();
> +
>   	report_prefix_pop();
>   }
>   
> @@ -111,7 +121,187 @@ static void test_sharing(void)
>   	cc = uv_call(0, (u64)&uvcb);
>   	report(cc == 0 && uvcb.header.rc == UVC_RC_EXECUTED, "unshare");
>   	report_prefix_pop();
> +}
> +
> +#define ARCB_VERSION_NONE 0
> +#define ARCB_VERSION_1 0x0100
> +#define ARCB_MEAS_NONE 0
> +#define ARCB_MEAS_HMAC_SHA512 1
> +#define MEASUREMENT_SIZE_HMAC_SHA512 64
> +#define PAF_PHKH_ATT (1ULL << 61)
> +#define ADDITIONAL_SIZE_PAF_PHKH_ATT 32
> +/* arcb with one key slot and no nonce */
> +struct uv_arcb_v1 {
> +	uint64_t reserved0;		/* 0x0000 */
> +	uint32_t req_ver;		/* 0x0008 */
> +	uint32_t req_len;		/* 0x000c */
> +	uint8_t  iv[12];		/* 0x0010 */
> +	uint32_t reserved1c;		/* 0x001c */
> +	uint8_t  reserved20[7];		/* 0x0020 */
> +	uint8_t  nks;			/* 0x0027 */
> +	uint32_t reserved28;		/* 0x0028 */
> +	uint32_t sea;			/* 0x002c */
> +	uint64_t plaint_att_flags;	/* 0x0030 */
> +	uint32_t meas_alg_id;		/* 0x0038 */
> +	uint32_t reserved3c;		/* 0x003c */
> +	uint8_t  cpk[160];		/* 0x0040 */
> +	uint8_t  key_slot[80];		/* 0x00e0 */
> +	uint8_t  meas_key[64];		/* 0x0130 */
> +	uint8_t  tag[16];		/* 0x0170 */
> +} __attribute__((packed));
> +
> +struct attest_request_v1 {
> +	struct uv_arcb_v1 arcb;
> +	uint8_t measurement[MEASUREMENT_SIZE_HMAC_SHA512];
> +	uint8_t additional[ADDITIONAL_SIZE_PAF_PHKH_ATT];
> +};
> +
> +static void test_attest_v1(u64 supported_paf)
> +{
> +	struct uv_cb_attest uvcb = {
> +		.header.cmd = UVC_CMD_ATTESTATION,
> +		.header.len = sizeof(uvcb),
> +	};
> +	struct attest_request_v1 *attest_req = (void *)page;
> +	struct uv_arcb_v1 *arcb = &attest_req->arcb;
> +	int cc;
> +
> +	memset((void *)page, 0, PAGE_SIZE);
> +
> +	/*
> +	 * Create a minimal arcb/uvcb such that FW has everything to start
> +	 * unsealing the request. However, this unsealing will fail as the
> +	 * kvm-unit-test framework provides no cryptography functions that
> +	 * would be needed to seal such requests.
> +	 */
> +	arcb->req_ver = ARCB_VERSION_1;
> +	arcb->req_len = sizeof(*arcb);
> +	arcb->nks = 1;
> +	arcb->sea = sizeof(arcb->meas_key);
> +	arcb->plaint_att_flags = PAF_PHKH_ATT;
> +	arcb->meas_alg_id = ARCB_MEAS_HMAC_SHA512;
> +	uvcb.arcb_addr = (uint64_t)&attest_req->arcb;
> +	uvcb.measurement_address = (uint64_t)attest_req->measurement;
> +	uvcb.measurement_length = sizeof(attest_req->measurement);
> +	uvcb.add_data_address = (uint64_t)attest_req->additional;
> +	uvcb.add_data_length = sizeof(attest_req->additional);
> +
> +	uvcb.continuation_token = 0xff;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0101, "invalid continuation token");
> +	uvcb.continuation_token = 0;
> +
> +	uvcb.user_data_length = sizeof(uvcb.user_data) + 1;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0102, "invalid user data size");
> +	uvcb.user_data_length = 0;
> +
> +	uvcb.arcb_addr = get_ram_size() + PAGE_SIZE;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0103, "invalid address arcb");
> +	uvcb.arcb_addr = page;
> +
> +	/* 0104 - 0105 need an unseal-able request */
> +
> +	arcb->req_ver = ARCB_VERSION_NONE;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0106, "unsupported version");
> +	arcb->req_ver = ARCB_VERSION_1;
> +
> +	arcb->req_len += 1;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0107, "invalid arcb size 1");
> +	arcb->req_len -= 1;
> +
> +	/*
> +	 * The arcb needs to grow as well if number of key slots (nks)
> +	 * is increased. However, this is not the case and there is no explicit
> +	 * 'too many/less nks for that arcb size' error code -> expect 0x0107
> +	 */
> +	arcb->nks = 2;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0107, "invalid arcb size 2");
> +	arcb->nks = 1;
> +
> +	arcb->nks = 0;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0108, "invalid num key slots");
> +	arcb->nks = 1;
> +
> +	/*
> +	 * Possible valid size (when using nonce).
> +	 * However, req_len too small to host a nonce
> +	 */
> +	arcb->sea = 80;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0109, "invalid encrypted size 1");
> +	arcb->sea = 17;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x0109, "invalid encrypted size 2");
> +	arcb->sea = 64;
> +
> +	arcb->plaint_att_flags = supported_paf ^ GENMASK_ULL(63, 0);
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x010a, "invalid flag");
> +	arcb->plaint_att_flags = PAF_PHKH_ATT;
> +
> +	arcb->meas_alg_id = ARCB_MEAS_NONE;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x010b, "invalid measurement algorithm");
> +	arcb->meas_alg_id = ARCB_MEAS_HMAC_SHA512;
>   
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x010c, "unable unseal");
> +
> +	uvcb.measurement_length = 0;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x010d, "invalid measurement size");
> +	uvcb.measurement_length = sizeof(attest_req->measurement);
> +
> +	uvcb.add_data_length = 0;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc == 1 && uvcb.header.rc == 0x010e, "invalid additional size");
> +	uvcb.add_data_length = sizeof(attest_req->additional);
> +}
> +
> +static void test_attest(void)
> +{
> +	struct uv_cb_attest uvcb = {
> +		.header.cmd = UVC_CMD_ATTESTATION,
> +		.header.len = sizeof(uvcb),
> +	};
> +	const struct uv_cb_qui *uvcb_qui = uv_get_query_data();
> +	int cc;
> +
> +	report_prefix_push("attest");
> +
> +	if (!uv_query_test_call(BIT_UVC_CMD_ATTESTATION)) {
> +		report_skip("Attestation not supported.");
> +		goto done;
> +	}
> +
> +	/* Verify that the UV supports at least one header version */
> +	report(uvcb_qui->supp_att_hdr_ver, "has hdr support");
> +
> +	memset((void *)page, 0, PAGE_SIZE);
> +
> +	uvcb.header.len -= 1;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc && uvcb.header.rc == UVC_RC_INV_LEN, "invalid uvcb size 1");
> +	uvcb.header.len += 1;
> +
> +	uvcb.header.len += 1;
> +	cc = uv_call(0, (uint64_t)&uvcb);
> +	report(cc && uvcb.header.rc == UVC_RC_INV_LEN, "invalid uvcb size 2");
> +	uvcb.header.len -= 1;
> +
> +	report_prefix_push("v1");
> +	if (test_bit_inv(0, &uvcb_qui->supp_att_hdr_ver))
> +		test_attest_v1(uvcb_qui->supp_paf);
> +	else
> +		report_skip("Attestation version 1 not supported");
> +	report_prefix_pop();
> +done:
>   	report_prefix_pop();
>   }
>   
> @@ -193,6 +383,7 @@ int main(void)
>   	test_invalid();
>   	test_query();
>   	test_sharing();
> +	test_attest();
>   	free_page((void *)page);
>   done:
>   	report_prefix_pop();

Re: [kvm-unit-tests PATCH v3 5/5] s390x: uv-guest: Add attestation tests

[Claudio Imbrenda]

On Wed, 23 Mar 2022 09:39:27 +0100
Janosch Frank <frankja@linux.ibm.com> wrote:

> On 2/22/22 15:54, Steffen Eiden wrote:
> > Adds several tests to verify correct error paths of attestation.
> > 
> > Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>  
> 
> I think this test deserves its own file: pv-attest.c

sounds like a good idea

> 
> But I'd leave the priv check in uv-guest.c.
> @Claudio: Any opinion about having all priv checks here and doing the 
> actual execution tests in pv-*.c files?

fine for me

maybe put a comment in pv-attest.c to explain that the priv check is
covered somewhere else already

> 
> > ---
> >   lib/s390x/asm/uv.h |   5 +-
> >   s390x/uv-guest.c   | 193 ++++++++++++++++++++++++++++++++++++++++++++-
> >   2 files changed, 196 insertions(+), 2 deletions(-)
> > 
> > diff --git a/lib/s390x/asm/uv.h b/lib/s390x/asm/uv.h
> > index c330c0f8..e5f7aa72 100644
> > --- a/lib/s390x/asm/uv.h
> > +++ b/lib/s390x/asm/uv.h
> > @@ -108,7 +108,10 @@ struct uv_cb_qui {
> >   	u8  reserved88[158 - 136];	/* 0x0088 */
> >   	uint16_t max_guest_cpus;	/* 0x009e */
> >   	u64 uv_feature_indications;	/* 0x00a0 */
> > -	u8  reserveda8[200 - 168];	/* 0x00a8 */
> > +	uint8_t  reserveda8[224 - 168];	/* 0x00a8 */
> > +	uint64_t supp_att_hdr_ver;	/* 0x00e0 */
> > +	uint64_t supp_paf;		/* 0x00e8 */
> > +	uint8_t  reservedf0[256 - 240];	/* 0x00f0 */
> >   }  __attribute__((packed))  __attribute__((aligned(8)));
> >   
> >   struct uv_cb_cgc {
> > diff --git a/s390x/uv-guest.c b/s390x/uv-guest.c
> > index 77057bd2..77edbba2 100644
> > --- a/s390x/uv-guest.c
> > +++ b/s390x/uv-guest.c
> > @@ -2,10 +2,11 @@
> >   /*
> >    * Guest Ultravisor Call tests
> >    *
> > - * Copyright (c) 2020 IBM Corp
> > + * Copyright IBM Corp. 2020, 2022
> >    *
> >    * Authors:
> >    *  Janosch Frank <frankja@linux.ibm.com>
> > + *  Steffen Eiden <seiden@linux.ibm.com>
> >    */
> >   
> >   #include <libcflat.h>
> > @@ -53,6 +54,15 @@ static void test_priv(void)
> >   	check_pgm_int_code(PGM_INT_CODE_PRIVILEGED_OPERATION);
> >   	report_prefix_pop();
> >   
> > +	report_prefix_push("attest");
> > +	uvcb.cmd = UVC_CMD_ATTESTATION;
> > +	uvcb.len = sizeof(struct uv_cb_attest);
> > +	expect_pgm_int();
> > +	enter_pstate();
> > +	uv_call_once(0, (uint64_t)&uvcb);
> > +	check_pgm_int_code(PGM_INT_CODE_PRIVILEGED_OPERATION);
> > +	report_prefix_pop();
> > +
> >   	report_prefix_pop();
> >   }
> >   
> > @@ -111,7 +121,187 @@ static void test_sharing(void)
> >   	cc = uv_call(0, (u64)&uvcb);
> >   	report(cc == 0 && uvcb.header.rc == UVC_RC_EXECUTED, "unshare");
> >   	report_prefix_pop();
> > +}
> > +
> > +#define ARCB_VERSION_NONE 0
> > +#define ARCB_VERSION_1 0x0100
> > +#define ARCB_MEAS_NONE 0
> > +#define ARCB_MEAS_HMAC_SHA512 1
> > +#define MEASUREMENT_SIZE_HMAC_SHA512 64
> > +#define PAF_PHKH_ATT (1ULL << 61)
> > +#define ADDITIONAL_SIZE_PAF_PHKH_ATT 32
> > +/* arcb with one key slot and no nonce */
> > +struct uv_arcb_v1 {
> > +	uint64_t reserved0;		/* 0x0000 */
> > +	uint32_t req_ver;		/* 0x0008 */
> > +	uint32_t req_len;		/* 0x000c */
> > +	uint8_t  iv[12];		/* 0x0010 */
> > +	uint32_t reserved1c;		/* 0x001c */
> > +	uint8_t  reserved20[7];		/* 0x0020 */
> > +	uint8_t  nks;			/* 0x0027 */
> > +	uint32_t reserved28;		/* 0x0028 */
> > +	uint32_t sea;			/* 0x002c */
> > +	uint64_t plaint_att_flags;	/* 0x0030 */
> > +	uint32_t meas_alg_id;		/* 0x0038 */
> > +	uint32_t reserved3c;		/* 0x003c */
> > +	uint8_t  cpk[160];		/* 0x0040 */
> > +	uint8_t  key_slot[80];		/* 0x00e0 */
> > +	uint8_t  meas_key[64];		/* 0x0130 */
> > +	uint8_t  tag[16];		/* 0x0170 */
> > +} __attribute__((packed));
> > +
> > +struct attest_request_v1 {
> > +	struct uv_arcb_v1 arcb;
> > +	uint8_t measurement[MEASUREMENT_SIZE_HMAC_SHA512];
> > +	uint8_t additional[ADDITIONAL_SIZE_PAF_PHKH_ATT];
> > +};
> > +
> > +static void test_attest_v1(u64 supported_paf)
> > +{
> > +	struct uv_cb_attest uvcb = {
> > +		.header.cmd = UVC_CMD_ATTESTATION,
> > +		.header.len = sizeof(uvcb),
> > +	};
> > +	struct attest_request_v1 *attest_req = (void *)page;
> > +	struct uv_arcb_v1 *arcb = &attest_req->arcb;
> > +	int cc;
> > +
> > +	memset((void *)page, 0, PAGE_SIZE);
> > +
> > +	/*
> > +	 * Create a minimal arcb/uvcb such that FW has everything to start
> > +	 * unsealing the request. However, this unsealing will fail as the
> > +	 * kvm-unit-test framework provides no cryptography functions that
> > +	 * would be needed to seal such requests.
> > +	 */
> > +	arcb->req_ver = ARCB_VERSION_1;
> > +	arcb->req_len = sizeof(*arcb);
> > +	arcb->nks = 1;
> > +	arcb->sea = sizeof(arcb->meas_key);
> > +	arcb->plaint_att_flags = PAF_PHKH_ATT;
> > +	arcb->meas_alg_id = ARCB_MEAS_HMAC_SHA512;
> > +	uvcb.arcb_addr = (uint64_t)&attest_req->arcb;
> > +	uvcb.measurement_address = (uint64_t)attest_req->measurement;
> > +	uvcb.measurement_length = sizeof(attest_req->measurement);
> > +	uvcb.add_data_address = (uint64_t)attest_req->additional;
> > +	uvcb.add_data_length = sizeof(attest_req->additional);
> > +
> > +	uvcb.continuation_token = 0xff;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0101, "invalid continuation token");
> > +	uvcb.continuation_token = 0;
> > +
> > +	uvcb.user_data_length = sizeof(uvcb.user_data) + 1;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0102, "invalid user data size");
> > +	uvcb.user_data_length = 0;
> > +
> > +	uvcb.arcb_addr = get_ram_size() + PAGE_SIZE;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0103, "invalid address arcb");
> > +	uvcb.arcb_addr = page;
> > +
> > +	/* 0104 - 0105 need an unseal-able request */
> > +
> > +	arcb->req_ver = ARCB_VERSION_NONE;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0106, "unsupported version");
> > +	arcb->req_ver = ARCB_VERSION_1;
> > +
> > +	arcb->req_len += 1;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0107, "invalid arcb size 1");
> > +	arcb->req_len -= 1;
> > +
> > +	/*
> > +	 * The arcb needs to grow as well if number of key slots (nks)
> > +	 * is increased. However, this is not the case and there is no explicit
> > +	 * 'too many/less nks for that arcb size' error code -> expect 0x0107
> > +	 */
> > +	arcb->nks = 2;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0107, "invalid arcb size 2");
> > +	arcb->nks = 1;
> > +
> > +	arcb->nks = 0;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0108, "invalid num key slots");
> > +	arcb->nks = 1;
> > +
> > +	/*
> > +	 * Possible valid size (when using nonce).
> > +	 * However, req_len too small to host a nonce
> > +	 */
> > +	arcb->sea = 80;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0109, "invalid encrypted size 1");
> > +	arcb->sea = 17;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x0109, "invalid encrypted size 2");
> > +	arcb->sea = 64;
> > +
> > +	arcb->plaint_att_flags = supported_paf ^ GENMASK_ULL(63, 0);
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x010a, "invalid flag");
> > +	arcb->plaint_att_flags = PAF_PHKH_ATT;
> > +
> > +	arcb->meas_alg_id = ARCB_MEAS_NONE;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x010b, "invalid measurement algorithm");
> > +	arcb->meas_alg_id = ARCB_MEAS_HMAC_SHA512;
> >   
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x010c, "unable unseal");
> > +
> > +	uvcb.measurement_length = 0;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x010d, "invalid measurement size");
> > +	uvcb.measurement_length = sizeof(attest_req->measurement);
> > +
> > +	uvcb.add_data_length = 0;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc == 1 && uvcb.header.rc == 0x010e, "invalid additional size");
> > +	uvcb.add_data_length = sizeof(attest_req->additional);
> > +}
> > +
> > +static void test_attest(void)
> > +{
> > +	struct uv_cb_attest uvcb = {
> > +		.header.cmd = UVC_CMD_ATTESTATION,
> > +		.header.len = sizeof(uvcb),
> > +	};
> > +	const struct uv_cb_qui *uvcb_qui = uv_get_query_data();
> > +	int cc;
> > +
> > +	report_prefix_push("attest");
> > +
> > +	if (!uv_query_test_call(BIT_UVC_CMD_ATTESTATION)) {
> > +		report_skip("Attestation not supported.");
> > +		goto done;
> > +	}
> > +
> > +	/* Verify that the UV supports at least one header version */
> > +	report(uvcb_qui->supp_att_hdr_ver, "has hdr support");
> > +
> > +	memset((void *)page, 0, PAGE_SIZE);
> > +
> > +	uvcb.header.len -= 1;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc && uvcb.header.rc == UVC_RC_INV_LEN, "invalid uvcb size 1");
> > +	uvcb.header.len += 1;
> > +
> > +	uvcb.header.len += 1;
> > +	cc = uv_call(0, (uint64_t)&uvcb);
> > +	report(cc && uvcb.header.rc == UVC_RC_INV_LEN, "invalid uvcb size 2");
> > +	uvcb.header.len -= 1;
> > +
> > +	report_prefix_push("v1");
> > +	if (test_bit_inv(0, &uvcb_qui->supp_att_hdr_ver))
> > +		test_attest_v1(uvcb_qui->supp_paf);
> > +	else
> > +		report_skip("Attestation version 1 not supported");
> > +	report_prefix_pop();
> > +done:
> >   	report_prefix_pop();
> >   }
> >   
> > @@ -193,6 +383,7 @@ int main(void)
> >   	test_invalid();
> >   	test_query();
> >   	test_sharing();
> > +	test_attest();
> >   	free_page((void *)page);
> >   done:
> >   	report_prefix_pop();  
>