[Qemu-devel] [RFC PATCH v4 11/20] sev: add LAUNCH

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [RFC PATCH v4 11/20] sev: add LAUNCH_START command

From:	Brijesh Singh
Subject:	[Qemu-devel] [RFC PATCH v4 11/20] sev: add LAUNCH_START command
Date:	Wed, 8 Mar 2017 15:53:03 -0500
User-agent:	StGit/0.17.1-dirty

The command is used to bootstrap SEV guest from unencrypted boot images.
The command creates a new VM encryption key (VEK) using guest owner's public
DH certificate, and security policy and session parameters. The encryption
key created during launch start process will be used for encryption the boot
images (such as BIOS).

Signed-off-by: Brijesh Singh <address@hidden>
---
 include/sysemu/sev.h |    1 +
 kvm-all.c            |    1 +
 sev.c                |   55 ++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 57 insertions(+)

diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h
index dbc3c6c..747fe87 100644
--- a/include/sysemu/sev.h
+++ b/include/sysemu/sev.h
@@ -86,6 +86,7 @@ typedef struct SEVState SEVState;
 bool sev_enabled(void);
 void *sev_guest_init(const char *keyid);
 void sev_set_debug_ops(void *handle, MemoryRegion *mr);
+int sev_create_launch_context(void *handle);
 
 #endif
 
diff --git a/kvm-all.c b/kvm-all.c
index 1fa6413..a13d62f 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -1826,6 +1826,7 @@ static int kvm_init(MachineState *ms)
                 goto err;
             }
             kvm_state->memcrypt_debug_ops = sev_set_debug_ops;
+            kvm_state->create_launch_context = sev_create_launch_context;
             g_free(id);
         }
     }
diff --git a/sev.c b/sev.c
index 3e02453..4b3f39a 100644
--- a/sev.c
+++ b/sev.c
@@ -148,6 +148,55 @@ static const TypeInfo qsev_launch_info = {
 };
 
 static int
+sev_ioctl(int cmd, void *data, int *error)
+{
+    int r;
+    struct kvm_sev_cmd input;
+
+    input.id = cmd;
+    input.sev_fd = sev_fd;
+    input.data = (__u64)data;
+
+    r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &input);
+    *error = input.error;
+    return r;
+}
+
+static int
+sev_launch_start(SEVState *s)
+{
+    int ret = 1;
+    Object *obj;
+    int fw_error;
+    struct kvm_sev_launch_start *start;
+
+    if (!s) {
+        return 1;
+    }
+
+    start = g_malloc0(sizeof(*start));
+    if (!start) {
+        return 1;
+    }
+
+    obj = object_property_get_link(OBJECT(s->sev_info), "launch", 
&error_abort);
+    if (!obj) {
+        goto err;
+    }
+
+    ret = sev_ioctl(KVM_SEV_LAUNCH_START, start, &fw_error);
+    if (ret < 0) {
+        fprintf(stderr, "failed LAUNCH_START %d (%#x)\n", ret, fw_error);
+        goto err;
+    }
+
+    DPRINTF("SEV: LAUNCH_START\n");
+err:
+    g_free(start);
+    return ret;
+}
+
+static int
 sev_mem_write(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs)
 {
     return 0;
@@ -200,6 +249,12 @@ err:
     return NULL;
 }
 
+int
+sev_create_launch_context(void *handle)
+{
+    return sev_launch_start((SEVState *)handle);
+}
+
 void
 sev_set_debug_ops(void *handle, MemoryRegion *mr)
 {

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [RFC PATCH v4 01/20] kvm: update kvm.h header file, (continued)
- [Qemu-devel] [RFC PATCH v4 01/20] kvm: update kvm.h header file, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 08/20] sev: add Secure Encrypted Virtulization (SEV) support, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 13/20] sev: add LAUNCH_UPDATE_DATA command, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 06/20] core: add new security-policy object, Brijesh Singh, 2017/03/08
  - Re: [Qemu-devel] [RFC PATCH v4 06/20] core: add new security-policy object, Stefan Hajnoczi, 2017/03/23
    - Re: [Qemu-devel] [RFC PATCH v4 06/20] core: add new security-policy object, Brijesh Singh, 2017/03/23
    - Re: [Qemu-devel] [RFC PATCH v4 06/20] core: add new security-policy object, Stefan Hajnoczi, 2017/03/24
    - Re: [Qemu-devel] [RFC PATCH v4 06/20] core: add new security-policy object, Brijesh Singh, 2017/03/24
    - Re: [Qemu-devel] [RFC PATCH v4 06/20] core: add new security-policy object, Stefan Hajnoczi, 2017/03/27
    - Re: [Qemu-devel] [RFC PATCH v4 06/20] core: add new security-policy object, Brijesh Singh, 2017/03/27
- [Qemu-devel] [RFC PATCH v4 11/20] sev: add LAUNCH_START command, Brijesh Singh <=
  - Re: [Qemu-devel] [RFC PATCH v4 11/20] sev: add LAUNCH_START command, Eduardo Habkost, 2017/03/08
    - Re: [Qemu-devel] [RFC PATCH v4 11/20] sev: add LAUNCH_START command, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 03/20] exec: add guest RAM read and write ops, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 10/20] vl: add memory encryption support, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 09/20] hmp: display memory encryption support in 'info kvm', Brijesh Singh, 2017/03/08
  - Re: [Qemu-devel] [RFC PATCH v4 09/20] hmp: display memory encryption support in 'info kvm', Eric Blake, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 12/20] SEV: add GUEST_STATUS command, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 14/20] sev: add LAUNCH_FINISH command, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 18/20] target/i386: add cpuid Fn8000_001f, Brijesh Singh, 2017/03/08
  - Re: [Qemu-devel] [RFC PATCH v4 18/20] target/i386: add cpuid Fn8000_001f, Eduardo Habkost, 2017/03/08

Prev by Date: [Qemu-devel] [RFC PATCH v4 06/20] core: add new security-policy object
Next by Date: [Qemu-devel] [RFC PATCH v4 03/20] exec: add guest RAM read and write ops
Previous by thread: Re: [Qemu-devel] [RFC PATCH v4 06/20] core: add new security-policy object
Next by thread: Re: [Qemu-devel] [RFC PATCH v4 11/20] sev: add LAUNCH_START command
Index(es):
- Date
- Thread