qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: Dov Murik <dovmurik@linux.ibm.com>
To: qemu-devel@nongnu.org
Cc: "Dov Murik" <dovmurik@linux.ibm.com>,
	"Paolo Bonzini" <pbonzini@redhat.com>,
	"Daniel P . Berrangé" <berrange@redhat.com>,
	"Dr . David Alan Gilbert" <dgilbert@redhat.com>,
	"Eduardo Habkost" <eduardo@habkost.net>,
	"Eric Blake" <eblake@redhat.com>,
	"Markus Armbruster" <armbru@redhat.com>,
	"Marcelo Tosatti" <mtosatti@redhat.com>,
	"Gerd Hoffmann" <kraxel@redhat.com>,
	"James Bottomley" <jejb@linux.ibm.com>,
	"Tom Lendacky" <thomas.lendacky@amd.com>,
	"Michael Roth" <michael.roth@amd.com>,
	"Ashish Kalra" <ashish.kalra@amd.com>,
	"Mario Smarduch" <mario.smarduch@amd.com>,
	"Tobin Feldman-Fitzthum" <tobin@linux.ibm.com>
Subject: [RFC PATCH v2 2/2] i386/sev: Allow measured direct kernel boot on SNP
Date: Thu, 16 Feb 2023 08:49:13 +0000	[thread overview]
Message-ID: <20230216084913.2148508-3-dovmurik@linux.ibm.com> (raw)
In-Reply-To: <20230216084913.2148508-1-dovmurik@linux.ibm.com>

In SNP, the hashes page is not included in the ranges to pre-validate
that appear in the SNP metadata published by AmdSev OVMF.

Therefore, if the user enabled kernel hashes (for measured direct boot),
QEMU should fill hashes table and encrypt the page.  Note that in SNP
(unlike SEV and SEV-ES) the measurements is done in whole 4KB pages.
Therefore QEMU zeros the whole page that includes the hashes table, and
fills in the kernel hashes area in that page, and then encrypts the
whole page.  The rest of the page is reserved for SEV launch secrets
which are not usable anyway on SNP.

If the user disabled kernel hashes, QEMU pre-validates the page as a
zero page.

Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
---
 target/i386/sev.c | 51 +++++++++++++++++++++++++++++++++++++----------
 1 file changed, 41 insertions(+), 10 deletions(-)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 6b8e85888f..c36ba9a541 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -2079,8 +2079,11 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
     uint8_t initrd_hash[HASH_SIZE];
     uint8_t kernel_hash[HASH_SIZE];
     uint8_t *hashp;
+    hwaddr mapped_gpa, mapped_offset, mapped_len, expected_mapped_len;
+    uint8_t *mapped_area = NULL;
+    MemoryRegion *mr = NULL;
+    void *hva;
     size_t hash_len = HASH_SIZE;
-    hwaddr mapped_len = sizeof(*padded_ht);
     MemTxAttrs attrs = { 0 };
     bool ret = true;
     SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs);
@@ -2090,6 +2093,25 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
      * stated kernel-hashes=on.
      */
     if (!sev_common->kernel_hashes) {
+        if (sev_snp_enabled()) {
+            /* Mark the hashes page (if defined) as a zero page */
+            if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) {
+                return false;
+            }
+
+            area = (SevHashTableDescriptor *)data;
+            if (!area->base || area->size < sizeof(PaddedSevHashTable)) {
+                return false;
+            }
+
+            mapped_gpa = area->base & TARGET_PAGE_MASK;
+            hva = gpa2hva(&mr, mapped_gpa, TARGET_PAGE_SIZE, NULL);
+            if (sev_snp_launch_update(SEV_SNP_GUEST(sev_common), mapped_gpa, hva,
+                                      TARGET_PAGE_SIZE, KVM_SEV_SNP_PAGE_TYPE_ZERO)) {
+                error_setg(errp, "SEV: error marking kernel hashes page as zero");
+            }
+            return false;
+        }
         return false;
     }
 
@@ -2099,10 +2121,6 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
         return false;
     }
 
-    if (sev_snp_enabled()) {
-        return false;
-    }
-
     area = (SevHashTableDescriptor *)data;
     if (!area->base || area->size < sizeof(PaddedSevHashTable)) {
         error_setg(errp, "SEV: guest firmware hashes table area is invalid "
@@ -2149,12 +2167,25 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
      * Populate the hashes table in the guest's memory at the OVMF-designated
      * area for the SEV hashes table
      */
-    padded_ht = address_space_map(&address_space_memory, area->base,
-                                  &mapped_len, true, attrs);
-    if (!padded_ht || mapped_len != sizeof(*padded_ht)) {
+    if (sev_snp_enabled()) {
+        /* SNP encrypts and measures memory in whole pages */
+        mapped_gpa = area->base & TARGET_PAGE_MASK;
+        mapped_offset = area->base & ~TARGET_PAGE_MASK;
+        mapped_len = TARGET_PAGE_SIZE;
+    } else {
+        mapped_gpa = area->base;
+        mapped_offset = 0;
+        mapped_len = sizeof(*padded_ht);
+    }
+    expected_mapped_len = mapped_len;
+    mapped_area = address_space_map(&address_space_memory, mapped_gpa,
+                                    &mapped_len, true, attrs);
+    if (!mapped_area || mapped_len != expected_mapped_len) {
         error_setg(errp, "SEV: cannot map hashes table guest memory area");
         return false;
     }
+    memset(mapped_area, 0, mapped_len);
+    padded_ht = (PaddedSevHashTable *)(mapped_area + mapped_offset);
     ht = &padded_ht->ht;
 
     ht->guid = sev_hash_table_header_guid;
@@ -2175,11 +2206,11 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
     /* zero the excess data so the measurement can be reliably calculated */
     memset(padded_ht->padding, 0, sizeof(padded_ht->padding));
 
-    if (sev_encrypt_flash(area->base, (uint8_t *)padded_ht, sizeof(*padded_ht), errp) < 0) {
+    if (sev_encrypt_flash(mapped_gpa, mapped_area, mapped_len, errp) < 0) {
         ret = false;
     }
 
-    address_space_unmap(&address_space_memory, padded_ht,
+    address_space_unmap(&address_space_memory, mapped_area,
                         mapped_len, true, mapped_len);
 
     return ret;
-- 
2.25.1



  parent reply	other threads:[~2023-02-16  8:49 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-16  8:49 [RFC PATCH v2 0/2] i386/sev: Support measured direct kernel boot on SNP Dov Murik
2023-02-16  8:49 ` [RFC PATCH v2 1/2] qapi, i386: Move kernel-hashes to SevCommonProperties Dov Murik
2023-02-16  9:24   ` Markus Armbruster
2023-02-16  9:33     ` Dov Murik
2023-02-16 12:14       ` Markus Armbruster
2023-02-16  8:49 ` Dov Murik [this message]
2023-02-16  9:11 ` [RFC PATCH v2 0/2] i386/sev: Support measured direct kernel boot on SNP Dov Murik
2023-02-16 10:26 ` Daniel P. Berrangé
2023-02-16 11:10   ` Dr. David Alan Gilbert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230216084913.2148508-3-dovmurik@linux.ibm.com \
    --to=dovmurik@linux.ibm.com \
    --cc=armbru@redhat.com \
    --cc=ashish.kalra@amd.com \
    --cc=berrange@redhat.com \
    --cc=dgilbert@redhat.com \
    --cc=eblake@redhat.com \
    --cc=eduardo@habkost.net \
    --cc=jejb@linux.ibm.com \
    --cc=kraxel@redhat.com \
    --cc=mario.smarduch@amd.com \
    --cc=michael.roth@amd.com \
    --cc=mtosatti@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=thomas.lendacky@amd.com \
    --cc=tobin@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).