From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57346)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <brijesh.singh@amd.com>) id 1c1bNU-0005SK-U4
	for qemu-devel@nongnu.org; Tue, 01 Nov 2016 11:53:37 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <brijesh.singh@amd.com>) id 1c1bNQ-0003mF-FX
	for qemu-devel@nongnu.org; Tue, 01 Nov 2016 11:53:32 -0400
Received: from mail-sn1nam02on0070.outbound.protection.outlook.com
	([104.47.36.70]:47881
	helo=NAM02-SN1-obe.outbound.protection.outlook.com)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <brijesh.singh@amd.com>)
	id 1c1bNQ-0003lw-8k
	for qemu-devel@nongnu.org; Tue, 01 Nov 2016 11:53:28 -0400
From: Brijesh Singh <brijesh.singh@amd.com>
Date: Tue, 1 Nov 2016 11:53:20 -0400
Message-ID: <147801560075.18237.6031531546227610619.stgit@brijesh-build-machine>
In-Reply-To: <147801550845.18237.12915616525154608660.stgit@brijesh-build-machine>
References: <147801550845.18237.12915616525154608660.stgit@brijesh-build-machine>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] [RFC PATCH v3 09/18] core: loader: create memory
 encryption context before copying data
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Thomas.Lendacky@amd.com, ehabkost@redhat.com, crosthwaite.peter@gmail.com, armbru@redhat.com, mst@redhat.com, p.fedin@samsung.com, qemu-devel@nongnu.org, lcapitulino@redhat.com, pbonzini@redhat.com, rth@twiddle.net
Cc: brijesh.ksingh@gmail.com

During system boot, rom_reset copies bios binary from internal PC.BIOS
ROM to guest RAM (PC.RAM).

If memory encryption is enabled then we need to ensure that encryption
context is created before we start the copy process. When encryption is
enabled any data copy from PC.BIOS ROM to guest RAM will go through the
encryption routines which will encrypt the data as it copies into guest
memory. Similarly after we are done with copying destory the encryption
context.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 hw/core/loader.c |   22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/hw/core/loader.c b/hw/core/loader.c
index 6e022b5..52c7e2c 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -55,6 +55,7 @@
 #include "exec/address-spaces.h"
 #include "hw/boards.h"
 #include "qemu/cutils.h"
+#include "sysemu/kvm.h"
 
 #include <zlib.h>
 
@@ -1045,8 +1046,20 @@ int rom_add_option(const char *file, int32_t bootindex)
 
 static void rom_reset(void *unused)
 {
+    int ret;
     Rom *rom;
 
+    /* create the memory encryption context before we copy any data
+     * from internal ROM to guest RAM.
+     */
+    if (kvm_memory_encryption_enabled()) {
+        ret = kvm_memory_encryption_start();
+        if (ret) {
+            fprintf(stderr, "failed to create memory encryption context\n");
+            return;
+        }
+    }
+
     QTAILQ_FOREACH(rom, &roms, next) {
         if (rom->fw_file) {
             continue;
@@ -1074,6 +1087,15 @@ static void rom_reset(void *unused)
          */
         cpu_flush_icache_range(rom->addr, rom->datasize);
     }
+
+    /* delete the memory encryption context after we are done with copying */
+    if (kvm_memory_encryption_enabled()) {
+        ret = kvm_memory_encryption_finish();
+        if (ret) {
+            fprintf(stderr, "failed to destory memory encryption context\n");
+            return;
+        }
+    }
 }
 
 int rom_check_and_register_reset(void)