[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [RFC PATCH v3 09/18] core: loader: create memory encryption
From: |
Brijesh Singh |
Subject: |
[Qemu-devel] [RFC PATCH v3 09/18] core: loader: create memory encryption context before copying data |
Date: |
Tue, 1 Nov 2016 11:53:20 -0400 |
User-agent: |
StGit/0.17.1-dirty |
During system boot, rom_reset copies bios binary from internal PC.BIOS
ROM to guest RAM (PC.RAM).
If memory encryption is enabled then we need to ensure that encryption
context is created before we start the copy process. When encryption is
enabled any data copy from PC.BIOS ROM to guest RAM will go through the
encryption routines which will encrypt the data as it copies into guest
memory. Similarly after we are done with copying destory the encryption
context.
Signed-off-by: Brijesh Singh <address@hidden>
---
hw/core/loader.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/hw/core/loader.c b/hw/core/loader.c
index 6e022b5..52c7e2c 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -55,6 +55,7 @@
#include "exec/address-spaces.h"
#include "hw/boards.h"
#include "qemu/cutils.h"
+#include "sysemu/kvm.h"
#include <zlib.h>
@@ -1045,8 +1046,20 @@ int rom_add_option(const char *file, int32_t bootindex)
static void rom_reset(void *unused)
{
+ int ret;
Rom *rom;
+ /* create the memory encryption context before we copy any data
+ * from internal ROM to guest RAM.
+ */
+ if (kvm_memory_encryption_enabled()) {
+ ret = kvm_memory_encryption_start();
+ if (ret) {
+ fprintf(stderr, "failed to create memory encryption context\n");
+ return;
+ }
+ }
+
QTAILQ_FOREACH(rom, &roms, next) {
if (rom->fw_file) {
continue;
@@ -1074,6 +1087,15 @@ static void rom_reset(void *unused)
*/
cpu_flush_icache_range(rom->addr, rom->datasize);
}
+
+ /* delete the memory encryption context after we are done with copying */
+ if (kvm_memory_encryption_enabled()) {
+ ret = kvm_memory_encryption_finish();
+ if (ret) {
+ fprintf(stderr, "failed to destory memory encryption context\n");
+ return;
+ }
+ }
}
int rom_check_and_register_reset(void)
- [Qemu-devel] [RFC PATCH v3 00/18] x86: Secure Encrypted Virtualization (AMD), Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 01/18] memattrs: add debug attrs, Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 02/18] exec: add guest RAM read and write ops, Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 03/18] exec: add debug version of physical memory read and write apis, Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 04/18] monitor: use debug version of memory access apis, Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 05/18] core: add new security-policy object, Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 06/18] kvm: add memory encryption APIs, Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 07/18] sev: add Secure Encrypted Virtulization (SEV) support, Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 08/18] hmp: display memory encryption support in 'info kvm', Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 09/18] core: loader: create memory encryption context before copying data,
Brijesh Singh <=
- [Qemu-devel] [RFC PATCH v3 10/18] sev: add LAUNCH_START command, Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 11/18] sev: add LAUNCH_UPDATE command, Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 12/18] sev: add LAUNCH_FINISH command, Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 13/18] sev: add DEBUG_DECRYPT command, Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 14/18] sev: add DEBUG_ENCRYPT command, Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 16/18] target-i386: add cpuid Fn8000_001f, Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 17/18] i386: clear C-bit in SEV guest page table walk, Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 18/18] migration: disable save/restore and migration on SEV guest, Brijesh Singh, 2016/11/01
- [Qemu-devel] [RFC PATCH v3 15/18] i386: register memory encryption ops, Brijesh Singh, 2016/11/01
- Re: [Qemu-devel] [RFC PATCH v3 00/18] x86: Secure Encrypted Virtualization (AMD), no-reply, 2016/11/01