[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 09/11] hw/i386: set ram_debug_ops when memory encryption is enabl
From: |
Ashish Kalra |
Subject: |
[PATCH 09/11] hw/i386: set ram_debug_ops when memory encryption is enabled |
Date: |
Mon, 16 Nov 2020 18:52:29 +0000 |
From: Brijesh Singh <brijesh.singh@amd.com>
When memory encryption is enabled, the guest RAM and boot flash ROM will
contain the encrypted data. By setting the debug ops allow us to invoke
encryption APIs when accessing the memory for the debug purposes.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
hw/i386/pc.c | 9 +++++++++
hw/i386/pc_sysfw.c | 6 ++++++
2 files changed, 15 insertions(+)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 5e6c0023e0..dfb63cd686 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -913,6 +913,15 @@ void pc_memory_init(PCMachineState *pcms,
e820_add_entry(0x100000000ULL, x86ms->above_4g_mem_size, E820_RAM);
}
+ /*
+ * When memory encryption is enabled, the guest RAM will be encrypted with
+ * a guest unique key. Set the debug ops so that any debug access to the
+ * guest RAM will go through the memory encryption APIs.
+ */
+ if (kvm_memcrypt_enabled()) {
+ kvm_memcrypt_set_debug_ops_memory_region(*ram_memory);
+ }
+
if (!pcmc->has_reserved_memory &&
(machine->ram_slots ||
(machine->maxram_size > machine->ram_size))) {
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
index b6c0822fe3..9f90c9d761 100644
--- a/hw/i386/pc_sysfw.c
+++ b/hw/i386/pc_sysfw.c
@@ -209,6 +209,12 @@ static void pc_system_flash_map(PCMachineState *pcms,
error_report("failed to encrypt pflash rom");
exit(1);
}
+
+ /*
+ * The pflash ROM is encrypted, set the debug ops so that any
+ * debug accesses will use memory encryption APIs.
+ */
+ kvm_memcrypt_set_debug_ops_memory_region(flash_mem);
}
}
}
--
2.17.1
- [PATCH 00/11] Add QEMU debug support for SEV guests, Ashish Kalra, 2020/11/16
- [PATCH 01/11] memattrs: add debug attribute, Ashish Kalra, 2020/11/16
- [PATCH 02/11] exec: Add new MemoryDebugOps., Ashish Kalra, 2020/11/16
- [PATCH 03/11] exec: add ram_debug_ops support, Ashish Kalra, 2020/11/16
- [PATCH 04/11] exec: Add address_space_read and address_space_write debug helpers., Ashish Kalra, 2020/11/16
- [PATCH 05/11] exec: add debug version of physical memory read and write API, Ashish Kalra, 2020/11/16
- [PATCH 06/11] monitor/i386: use debug APIs when accessing guest memory, Ashish Kalra, 2020/11/16
- [PATCH 07/11] kvm: introduce debug memory encryption API, Ashish Kalra, 2020/11/16
- [PATCH 08/11] sev/i386: add debug encrypt and decrypt commands, Ashish Kalra, 2020/11/16
- [PATCH 09/11] hw/i386: set ram_debug_ops when memory encryption is enabled,
Ashish Kalra <=
- [PATCH 10/11] sev/i386: add SEV specific MemoryDebugOps., Ashish Kalra, 2020/11/16
- [PATCH 11/11] target/i386: clear C-bit when walking SEV guest page table, Ashish Kalra, 2020/11/16