Re: [Qemu-devel] [RFC PATCH v1 00/22] x86: Secure Encrypted Virtualization (AMD)

["Michael S. Tsirkin" <mst@redhat.com>]

On Tue, Sep 13, 2016 at 10:46:46AM -0400, Brijesh Singh wrote:
> This RFC series provides support for AMD's new Secure Encrypted 
> Virtualization (SEV) feature. This RFC is based KVM RFC [1].
> 
> SEV is an extension to the AMD-V architecture which supports running
> multiple VMs under the control of a hypervisor. The SEV feature allows
> the memory contents of a virtual machine (VM) to be transparently encrypted
> with a key unique to the guest VM. The memory controller contains a
> high performance encryption engine which can be programmed with multiple
> keys for use by a different VMs in the system. The programming and
> management of these keys is handled by the AMD Secure Processor firmware
> which exposes a commands for these tasks.
> 
> SEV is designed to protect guest VMs from a benign but vulnerable
> (i.e. not fully malicious) hypervisor.

Not fully malicious?  This sounds kind of weird. In my humble opinion,
the attack needs to be much better defined to be of any use.
I attempt to do this below.

> In particular, it reduces the attack
> surface of guest VMs and can prevent certain types of VM-escape bugs
> (e.g. hypervisor read-anywhere) from being used to steal guest data.

To rephrase this in terms I understand:

someone gets to read all hypervisor memory, we do not
want this someone to be able to read all guest memory too.
Sounds reasonable.

But I don't think you need to break features like debugging: clearly if
you decrypt memory it is readable in hypervisor memory, but I think
that's fine since it's encrypted if you do not debug.  In other words
policy should not be up to guest since fundamentally hypervisor is
benign.

> The KVM RFC introduced a new ioctl (KVM_SEV_ISSUE_CMD) which can be
> used by qemu to enable SEV for secure guest and assist performing common
> hypervisor activities such as a launching, running, snapshooting, migration
> and debugging a guests data.
> 
> 
> The following links provide additional details:
> 
> AMD Memory Encryption whitepaper:
>  
> http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
> 
> AMD64 Architecture Programmer's Manual:
>     http://support.amd.com/TechDocs/24593.pdf
>     SME is section 7.10
>     SEV is section 15.34
> 
> Secure Encrypted Virutualization Key Management:
> http://support.amd.com/TechDocs/55766_SEV-KM API_Spec.pdf
> 
> KVM Forum slides:
> http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf
> 
> KVM RFC link:
> 
> [1] http://marc.info/?l=kvm&m=147191038624432&w=2
> 
> ---
> 
> TODO:
> - send seabios RFC's on seabios mailing list
> - implement SEV guest migration command support
> - implement SEV snapshotting command support
> - virtio support in SEV guest
> 
> Brijesh Singh (22):
>       exec: add guest RAM read/write ops
>       cpu-common: add debug version of physical memory read/write
>       monitor: use debug version of physical memory read api
>       memattrs: add SEV debug attrs
>       i386: add new option to enable SEV guest
>       sev: add initial SEV support
>       sev: add SEV launch start command
>       sev: add SEV launch update command
>       sev: add SEV launch finish command
>       sev: add SEV debug decrypt command
>       sev: add SEV debug encrypt command
>       sev: add SEV guest status command
>       hmp: update 'info kvm' to display SEV status
>       sev: provide SEV-enabled guest RAM read/write ops
>       i386: sev: register RAM read/write ops for BIOS and PC.RAM region
>       i386: pc: load OS images at fixed location in SEV-enabled guest
>       target-i386: add cpuid Fn8000_001f
>       i386: clear C-bit in SEV guest page table walk
>       exec: set debug attribute in SEV-enabled guest
>       fw_cfg: sev: disable dma in real mode
>       hw: add pre and post system reset callback
>       loader: reload bios image on ROM reset in SEV-enabled guest
> 
> 
>  Makefile.target           |    2 
>  disas.c                   |    2 
>  exec.c                    |  323 ++++++++++++++++++++-----
>  hmp.c                     |   14 +
>  hw/core/loader.c          |    7 -
>  hw/i386/pc.c              |   99 ++++++++
>  hw/i386/pc_sysfw.c        |    6 
>  hw/nvram/fw_cfg.c         |    6 
>  include/exec/cpu-common.h |   12 +
>  include/exec/memattrs.h   |    4 
>  include/exec/memory.h     |   25 ++
>  include/hw/hw.h           |    2 
>  include/sysemu/kvm.h      |   10 +
>  include/sysemu/sev.h      |  104 ++++++++
>  kvm-all.c                 |    6 
>  monitor.c                 |    2 
>  qapi-schema.json          |    4 
>  qemu-options.hx           |    6 
>  qmp.c                     |    1 
>  sev.c                     |  574 +++++++++++++++++++++++++++++++++++++++++++++
>  target-i386/cpu.c         |    3 
>  target-i386/helper.c      |   36 ++-
>  target-i386/monitor.c     |   50 +++-
>  vl.c                      |   74 ++++++
>  24 files changed, 1288 insertions(+), 84 deletions(-)
>  create mode 100644 include/sysemu/sev.h
>  create mode 100644 sev.c
> 
> -- 
> 
> Brijesh Singh