[Qemu-devel] [RFC PATCH v2 14/16] i386: set memory encryption ops for PC.BIOS and PC.RAM regions

[Brijesh Singh <brijesh.singh@amd.com>]

If guest is launched with memory encryption enabled then register
BIOS and PC.RAM memory regions with memory encryption handler.

Registering PC.BIOS memory region will ensure that memory encryption
routines will be used when rom_reset copies the BIOS image into guest memory.

A typical sequence look like:
qemy_system_reset
  rom_reset
    cpu_physical_memory_write_rom
      cpu_phyiscal_memory_rw_debug_internal
        memory_encryption->write


Similarly registering PC.RAM region will ensure that any debug or dump
accesses from qemu monitor will go through the memory encryption routines
to decrypt/encrypt the contents.

A sequence looks like:
cpu_phyiscal_memory_rw_debug
  cpu_phyiscal_memory_rw_debug_internal
    memory_encryption->write

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 hw/i386/pc.c       |    7 +++++++
 hw/i386/pc_sysfw.c |    4 ++++
 2 files changed, 11 insertions(+)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 022dd1b..64bedd3 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1387,6 +1387,13 @@ void pc_memory_init(PCMachineState *pcms,
         e820_add_entry(0x100000000ULL, pcms->above_4g_mem_size, E820_RAM);
     }
 
+    /* if memory encryption is enabled then set the memory encryption
+     * ops so that any read and write to guest RAM from hypervisor will
+     * go through encryption routines. */
+    if (kvm_memory_encryption_enabled()) {
+        kvm_memory_encryption_set_memory_region(ram);
+    }
+
     if (!pcmc->has_reserved_memory &&
         (machine->ram_slots ||
          (machine->maxram_size > machine->ram_size))) {
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
index f915ad0..5fa40e8 100644
--- a/hw/i386/pc_sysfw.c
+++ b/hw/i386/pc_sysfw.c
@@ -208,6 +208,9 @@ static void old_pc_system_rom_init(MemoryRegion *rom_memory, bool isapc_ram_fw)
     }
     g_free(filename);
 
+    if (kvm_memory_encryption_enabled()) {
+        kvm_memory_encryption_set_memory_region(bios);
+    }
     /* map the last 128KB of the BIOS in ISA space */
     isa_bios_size = bios_size;
     if (isa_bios_size > (128 * 1024)) {
@@ -228,6 +231,7 @@ static void old_pc_system_rom_init(MemoryRegion *rom_memory, bool isapc_ram_fw)
     memory_region_add_subregion(rom_memory,
                                 (uint32_t)(-bios_size),
                                 bios);
+
 }
 
 void pc_system_firmware_init(MemoryRegion *rom_memory, bool isapc_ram_fw)