From: Brijesh Singh <brijesh.singh@amd.com>
To: Thomas.Lendacky@amd.com, ehabkost@redhat.com,
crosthwaite.peter@gmail.com, armbru@redhat.com, mst@redhat.com,
p.fedin@samsung.com, qemu-devel@nongnu.org,
lcapitulino@redhat.com, pbonzini@redhat.com, rth@twiddle.net
Cc: brijesh.ksingh@gmail.com
Subject: [Qemu-devel] [RFC PATCH v3 11/18] sev: add LAUNCH_UPDATE command
Date: Tue, 1 Nov 2016 11:53:48 -0400 [thread overview]
Message-ID: <147801562823.18237.14268813373957314485.stgit@brijesh-build-machine> (raw)
In-Reply-To: <147801550845.18237.12915616525154608660.stgit@brijesh-build-machine>
The command is used to encrypt a guest memory region using the VM Encryption
Key (VEK) created by LAUNCH_START command. The firmware will also update
the measurement with the contents of the memory region. This measurement
can be retrieved by calling LAUNCH_FINISH command.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
sev.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/sev.c b/sev.c
index 2fbab2f..fafef6f 100644
--- a/sev.c
+++ b/sev.c
@@ -282,12 +282,41 @@ sev_launch_finish(SEVState *s)
}
static int
+sev_launch_update(SEVState *s, uint8_t *addr, uint32_t len)
+{
+ int ret;
+ struct kvm_sev_launch_update *data;
+
+ data = g_malloc0(sizeof(*data));
+ if (!data) {
+ return 1;
+ }
+
+ data->address = (__u64)addr;
+ data->length = len;
+ ret = sev_ioctl(KVM_SEV_LAUNCH_UPDATE, data);
+ if (ret) {
+ goto err;
+ }
+
+ DPRINTF("SEV: LAUNCH_UPDATE %#lx+%#x\n", (unsigned long)addr, len);
+err:
+ g_free(data);
+ return ret;
+}
+
+static int
sev_mem_write(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs)
{
SEVState *s = kvm_memory_encryption_get_handle();
assert(s != NULL && s->state != SEV_STATE_INVALID);
+ if (s->state == SEV_STATE_LAUNCHING) {
+ memcpy(dst, src, len);
+ return sev_launch_update(s, dst, len);
+ }
+
return 0;
}
next prev parent reply other threads:[~2016-11-01 15:54 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-01 15:51 [Qemu-devel] [RFC PATCH v3 00/18] x86: Secure Encrypted Virtualization (AMD) Brijesh Singh
2016-11-01 15:51 ` [Qemu-devel] [RFC PATCH v3 01/18] memattrs: add debug attrs Brijesh Singh
2016-11-01 15:52 ` [Qemu-devel] [RFC PATCH v3 02/18] exec: add guest RAM read and write ops Brijesh Singh
2016-11-01 15:52 ` [Qemu-devel] [RFC PATCH v3 03/18] exec: add debug version of physical memory read and write apis Brijesh Singh
2016-11-01 15:52 ` [Qemu-devel] [RFC PATCH v3 04/18] monitor: use debug version of memory access apis Brijesh Singh
2016-11-01 15:52 ` [Qemu-devel] [RFC PATCH v3 05/18] core: add new security-policy object Brijesh Singh
2016-11-01 15:52 ` [Qemu-devel] [RFC PATCH v3 06/18] kvm: add memory encryption APIs Brijesh Singh
2016-11-01 15:53 ` [Qemu-devel] [RFC PATCH v3 07/18] sev: add Secure Encrypted Virtulization (SEV) support Brijesh Singh
2016-11-01 15:53 ` [Qemu-devel] [RFC PATCH v3 08/18] hmp: display memory encryption support in 'info kvm' Brijesh Singh
2016-11-01 15:53 ` [Qemu-devel] [RFC PATCH v3 09/18] core: loader: create memory encryption context before copying data Brijesh Singh
2016-11-01 15:53 ` [Qemu-devel] [RFC PATCH v3 10/18] sev: add LAUNCH_START command Brijesh Singh
2016-11-01 15:53 ` Brijesh Singh [this message]
2016-11-01 15:53 ` [Qemu-devel] [RFC PATCH v3 12/18] sev: add LAUNCH_FINISH command Brijesh Singh
2016-11-01 15:54 ` [Qemu-devel] [RFC PATCH v3 13/18] sev: add DEBUG_DECRYPT command Brijesh Singh
2016-11-01 15:54 ` [Qemu-devel] [RFC PATCH v3 14/18] sev: add DEBUG_ENCRYPT command Brijesh Singh
2016-11-01 15:54 ` [Qemu-devel] [RFC PATCH v3 15/18] i386: register memory encryption ops Brijesh Singh
2016-11-01 15:54 ` [Qemu-devel] [RFC PATCH v3 16/18] target-i386: add cpuid Fn8000_001f Brijesh Singh
2016-11-01 15:54 ` [Qemu-devel] [RFC PATCH v3 17/18] i386: clear C-bit in SEV guest page table walk Brijesh Singh
2016-11-01 15:54 ` [Qemu-devel] [RFC PATCH v3 18/18] migration: disable save/restore and migration on SEV guest Brijesh Singh
2016-11-01 16:22 ` [Qemu-devel] [RFC PATCH v3 00/18] x86: Secure Encrypted Virtualization (AMD) no-reply
2016-11-01 16:31 ` Peter Maydell
2016-11-01 16:24 ` no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=147801562823.18237.14268813373957314485.stgit@brijesh-build-machine \
--to=brijesh.singh@amd.com \
--cc=Thomas.Lendacky@amd.com \
--cc=armbru@redhat.com \
--cc=brijesh.ksingh@gmail.com \
--cc=crosthwaite.peter@gmail.com \
--cc=ehabkost@redhat.com \
--cc=lcapitulino@redhat.com \
--cc=mst@redhat.com \
--cc=p.fedin@samsung.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).