From: Brijesh Singh <brijesh.singh@amd.com>
To: Thomas.Lendacky@amd.com, ehabkost@redhat.com,
crosthwaite.peter@gmail.com, armbru@redhat.com, mst@redhat.com,
p.fedin@samsung.com, qemu-devel@nongnu.org,
lcapitulino@redhat.com, pbonzini@redhat.com, rth@twiddle.net
Cc: brijesh.ksingh@gmail.com
Subject: [Qemu-devel] [RFC PATCH v3 09/18] core: loader: create memory encryption context before copying data
Date: Tue, 1 Nov 2016 11:53:20 -0400 [thread overview]
Message-ID: <147801560075.18237.6031531546227610619.stgit@brijesh-build-machine> (raw)
In-Reply-To: <147801550845.18237.12915616525154608660.stgit@brijesh-build-machine>
During system boot, rom_reset copies bios binary from internal PC.BIOS
ROM to guest RAM (PC.RAM).
If memory encryption is enabled then we need to ensure that encryption
context is created before we start the copy process. When encryption is
enabled any data copy from PC.BIOS ROM to guest RAM will go through the
encryption routines which will encrypt the data as it copies into guest
memory. Similarly after we are done with copying destory the encryption
context.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
hw/core/loader.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/hw/core/loader.c b/hw/core/loader.c
index 6e022b5..52c7e2c 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -55,6 +55,7 @@
#include "exec/address-spaces.h"
#include "hw/boards.h"
#include "qemu/cutils.h"
+#include "sysemu/kvm.h"
#include <zlib.h>
@@ -1045,8 +1046,20 @@ int rom_add_option(const char *file, int32_t bootindex)
static void rom_reset(void *unused)
{
+ int ret;
Rom *rom;
+ /* create the memory encryption context before we copy any data
+ * from internal ROM to guest RAM.
+ */
+ if (kvm_memory_encryption_enabled()) {
+ ret = kvm_memory_encryption_start();
+ if (ret) {
+ fprintf(stderr, "failed to create memory encryption context\n");
+ return;
+ }
+ }
+
QTAILQ_FOREACH(rom, &roms, next) {
if (rom->fw_file) {
continue;
@@ -1074,6 +1087,15 @@ static void rom_reset(void *unused)
*/
cpu_flush_icache_range(rom->addr, rom->datasize);
}
+
+ /* delete the memory encryption context after we are done with copying */
+ if (kvm_memory_encryption_enabled()) {
+ ret = kvm_memory_encryption_finish();
+ if (ret) {
+ fprintf(stderr, "failed to destory memory encryption context\n");
+ return;
+ }
+ }
}
int rom_check_and_register_reset(void)
next prev parent reply other threads:[~2016-11-01 15:53 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-01 15:51 [Qemu-devel] [RFC PATCH v3 00/18] x86: Secure Encrypted Virtualization (AMD) Brijesh Singh
2016-11-01 15:51 ` [Qemu-devel] [RFC PATCH v3 01/18] memattrs: add debug attrs Brijesh Singh
2016-11-01 15:52 ` [Qemu-devel] [RFC PATCH v3 02/18] exec: add guest RAM read and write ops Brijesh Singh
2016-11-01 15:52 ` [Qemu-devel] [RFC PATCH v3 03/18] exec: add debug version of physical memory read and write apis Brijesh Singh
2016-11-01 15:52 ` [Qemu-devel] [RFC PATCH v3 04/18] monitor: use debug version of memory access apis Brijesh Singh
2016-11-01 15:52 ` [Qemu-devel] [RFC PATCH v3 05/18] core: add new security-policy object Brijesh Singh
2016-11-01 15:52 ` [Qemu-devel] [RFC PATCH v3 06/18] kvm: add memory encryption APIs Brijesh Singh
2016-11-01 15:53 ` [Qemu-devel] [RFC PATCH v3 07/18] sev: add Secure Encrypted Virtulization (SEV) support Brijesh Singh
2016-11-01 15:53 ` [Qemu-devel] [RFC PATCH v3 08/18] hmp: display memory encryption support in 'info kvm' Brijesh Singh
2016-11-01 15:53 ` Brijesh Singh [this message]
2016-11-01 15:53 ` [Qemu-devel] [RFC PATCH v3 10/18] sev: add LAUNCH_START command Brijesh Singh
2016-11-01 15:53 ` [Qemu-devel] [RFC PATCH v3 11/18] sev: add LAUNCH_UPDATE command Brijesh Singh
2016-11-01 15:53 ` [Qemu-devel] [RFC PATCH v3 12/18] sev: add LAUNCH_FINISH command Brijesh Singh
2016-11-01 15:54 ` [Qemu-devel] [RFC PATCH v3 13/18] sev: add DEBUG_DECRYPT command Brijesh Singh
2016-11-01 15:54 ` [Qemu-devel] [RFC PATCH v3 14/18] sev: add DEBUG_ENCRYPT command Brijesh Singh
2016-11-01 15:54 ` [Qemu-devel] [RFC PATCH v3 15/18] i386: register memory encryption ops Brijesh Singh
2016-11-01 15:54 ` [Qemu-devel] [RFC PATCH v3 16/18] target-i386: add cpuid Fn8000_001f Brijesh Singh
2016-11-01 15:54 ` [Qemu-devel] [RFC PATCH v3 17/18] i386: clear C-bit in SEV guest page table walk Brijesh Singh
2016-11-01 15:54 ` [Qemu-devel] [RFC PATCH v3 18/18] migration: disable save/restore and migration on SEV guest Brijesh Singh
2016-11-01 16:22 ` [Qemu-devel] [RFC PATCH v3 00/18] x86: Secure Encrypted Virtualization (AMD) no-reply
2016-11-01 16:31 ` Peter Maydell
2016-11-01 16:24 ` no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=147801560075.18237.6031531546227610619.stgit@brijesh-build-machine \
--to=brijesh.singh@amd.com \
--cc=Thomas.Lendacky@amd.com \
--cc=armbru@redhat.com \
--cc=brijesh.ksingh@gmail.com \
--cc=crosthwaite.peter@gmail.com \
--cc=ehabkost@redhat.com \
--cc=lcapitulino@redhat.com \
--cc=mst@redhat.com \
--cc=p.fedin@samsung.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).