[Qemu-devel] [RFC PATCH v2 00/16] x86: Secure Encrypted Virtualization (AMD)

[Brijesh Singh <brijesh.singh@amd.com>]

This RFC series provides support for AMD's new Secure Encrypted 
Virtualization (SEV) feature. This RFC is based KVM RFC [1].

SEV is an extension to the AMD-V architecture which supports running
multiple VMs under the control of a hypervisor. The SEV feature allows
the memory contents of a virtual machine (VM) to be transparently encrypted
with a key unique to the guest VM. The memory controller contains a
high performance encryption engine which can be programmed with multiple
keys for use by a different VMs in the system. The programming and
management of these keys is handled by the AMD Secure Processor firmware
which exposes a commands for these tasks.

SEV is designed to protect guest VMs from a benign but vulnerable
(i.e. not fully malicious) hypervisor. In particular, it reduces the attack
surface of guest VMs and can prevent certain types of VM-escape bugs
(e.g. hypervisor read-anywhere) from being used to steal guest data.

The KVM RFC introduced a new ioctl (KVM_SEV_ISSUE_CMD) which can be
used by qemu to enable SEV for secure guest and assist performing common
hypervisor activities such as a launching, running, snapshooting, migration
and debugging a guests data.


The following links provide additional details:

AMD Memory Encryption whitepaper:
 
http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf

AMD64 Architecture Programmer's Manual:
    http://support.amd.com/TechDocs/24593.pdf
    SME is section 7.10
    SEV is section 15.34

Secure Encrypted Virutualization Key Management:
http://support.amd.com/TechDocs/55766_SEV-KM API_Spec.pdf

KVM Forum slides:
http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf

KVM RFC link:

[1] http://marc.info/?l=kvm&m=147191038624432&w=2

Video of the KVM Forum Talk:
https://www.youtube.com/watch?v=RcvQ1xN55Ew

---

The patches are based on (d75aa43 Update version for v2.7.0-rc4 release)

Changes since v1:
- Added Documentation
- Added security-policy object.
- Drop sev config parsing support and create new objects to get/set SEV
  specific parameters
- Added sev-guest-info object.
- Added sev-launch-info object.
- Added kvm_memory_encrytion_* APIs. The idea behind this was to allow adding
  a non SEV memory encrytion object without modifying interfaces.
- Drop patch to load OS image at fixed location.
- updated LAUNCH_FINISH command structure. Now the structure contains
  just 'measurement' field. Other fields are not used and will also be removed
  from newer SEV firmware API spec.

TODO:
- investigate the possibilty of adding SEV support in UEFI BIOS.
- implement RECEIVE_START, RECEIVE_UPDATE and RECEIVE_FINISH commands
- implement SEND_START, SEND_UPDATE and SEND_FINISH commands
- implement  SEV guest migration and snapshotting support
- virtio support in SEV guest

Brijesh Singh (16):
      memattrs: add debug attrs
      exec: add guest RAM read and write ops
      exec: add debug version of physical memory read and write apis
      monitor: use debug version of memory access apis
      core: add new security-policy object
      sev: add Secure Encrypted Virtulization (SEV) support
      hmp: display memory encryption support in 'info kvm'
      core: loader: create memory encryption context before copying data
      sev: add LAUNCH_START command
      sev: add LAUNCH_UPDATE command
      sev: add LAUNCH_FINISH command
      sev: add DEBUG_DECRYPT command
      sev: add DEBUG_ENCRYPT command
      i386: set memory encryption ops for PC.BIOS and PC.RAM regions
      target-i386: add cpuid Fn8000_001f
      i386: clear C-bit in SEV guest page table walk


 Makefile.target                  |    2 
 cpus.c                           |    2 
 disas.c                          |    2 
 docs/amd-memory-encryption.txt   |  260 ++++++++
 exec.c                           |   96 +++
 hmp.c                            |    2 
 hw/core/Makefile.objs            |    1 
 hw/core/loader.c                 |   13 
 hw/core/machine.c                |   22 +
 hw/core/security-policy.c        |  166 +++++
 hw/i386/pc.c                     |    7 
 hw/i386/pc_sysfw.c               |    4 
 include/exec/cpu-common.h        |   17 +
 include/exec/memattrs.h          |    4 
 include/exec/memory.h            |   25 +
 include/hw/boards.h              |    1 
 include/sysemu/kvm.h             |    6 
 include/sysemu/security-policy.h |   75 ++
 include/sysemu/sev.h             |  208 +++++++
 kvm-all.c                        |   71 ++
 monitor.c                        |    2 
 qapi-schema.json                 |    7 
 qemu-options.hx                  |  127 ++++
 qmp.c                            |    1 
 sev.c                            | 1176 ++++++++++++++++++++++++++++++++++++++
 target-i386/cpu.c                |   10 
 target-i386/helper.c             |   37 +
 target-i386/monitor.c            |   51 +-
 28 files changed, 2356 insertions(+), 39 deletions(-)
 create mode 100644 docs/amd-memory-encryption.txt
 create mode 100644 hw/core/security-policy.c
 create mode 100644 include/sysemu/security-policy.h
 create mode 100644 include/sysemu/sev.h
 create mode 100644 sev.c

-- 

Brijesh Singh