[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 02/19] sev: update sev-inject-launch-secret to make gpa optional
From: |
Paolo Bonzini |
Subject: |
[PULL 02/19] sev: update sev-inject-launch-secret to make gpa optional |
Date: |
Mon, 15 Feb 2021 14:16:09 +0100 |
From: James Bottomley <jejb@linux.ibm.com>
If the gpa isn't specified, it's value is extracted from the OVMF
properties table located below the reset vector (and if this doesn't
exist, an error is returned). OVMF has defined the GUID for the SEV
secret area as 4c2eb361-7d9b-4cc3-8081-127c90d3d294 and the format of
the <data> is: <base>|<size> where both are uint32_t. We extract
<base> and use it as the gpa for the injection.
Note: it is expected that the injected secret will also be GUID
described but since qemu can't interpret it, the format is left
undefined here.
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20210204193939.16617-3-jejb@linux.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
qapi/misc-target.json | 2 +-
target/i386/monitor.c | 23 ++++++++++++++++++++++-
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/qapi/misc-target.json b/qapi/misc-target.json
index 06ef8757f0..0c7491cd82 100644
--- a/qapi/misc-target.json
+++ b/qapi/misc-target.json
@@ -216,7 +216,7 @@
#
##
{ 'command': 'sev-inject-launch-secret',
- 'data': { 'packet-header': 'str', 'secret': 'str', 'gpa': 'uint64' },
+ 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' },
'if': 'defined(TARGET_I386)' }
##
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index 1bc91442b1..5994408bee 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -34,6 +34,7 @@
#include "sev_i386.h"
#include "qapi/qapi-commands-misc-target.h"
#include "qapi/qapi-commands-misc.h"
+#include "hw/i386/pc.h"
/* Perform linear address sign extension */
static hwaddr addr_canonical(CPUArchState *env, hwaddr addr)
@@ -730,9 +731,29 @@ SevCapability *qmp_query_sev_capabilities(Error **errp)
return sev_get_capabilities(errp);
}
+#define SEV_SECRET_GUID "4c2eb361-7d9b-4cc3-8081-127c90d3d294"
+struct sev_secret_area {
+ uint32_t base;
+ uint32_t size;
+};
+
void qmp_sev_inject_launch_secret(const char *packet_hdr,
- const char *secret, uint64_t gpa,
+ const char *secret,
+ bool has_gpa, uint64_t gpa,
Error **errp)
{
+ if (!has_gpa) {
+ uint8_t *data;
+ struct sev_secret_area *area;
+
+ if (!pc_system_ovmf_table_find(SEV_SECRET_GUID, &data, NULL)) {
+ error_setg(errp, "SEV: no secret area found in OVMF,"
+ " gpa must be specified.");
+ return;
+ }
+ area = (struct sev_secret_area *)data;
+ gpa = area->base;
+ }
+
sev_inject_launch_secret(packet_hdr, secret, gpa, errp);
}
--
2.29.2
- [PULL 00/19] i386, qgraph patches for 2020-02-15, Paolo Bonzini, 2021/02/15
- [PULL 01/19] pc: add parser for OVMF reset block, Paolo Bonzini, 2021/02/15
- [PULL 03/19] sev/i386: Add initial support for SEV-ES, Paolo Bonzini, 2021/02/15
- [PULL 02/19] sev: update sev-inject-launch-secret to make gpa optional,
Paolo Bonzini <=
- [PULL 04/19] sev/i386: Require in-kernel irqchip support for SEV-ES guests, Paolo Bonzini, 2021/02/15
- [PULL 05/19] sev/i386: Allow AP booting under SEV-ES, Paolo Bonzini, 2021/02/15
- [PULL 06/19] sev/i386: Don't allow a system reset under an SEV-ES guest, Paolo Bonzini, 2021/02/15
- [PULL 07/19] kvm/i386: Use a per-VM check for SMM capability, Paolo Bonzini, 2021/02/15
- [PULL 10/19] libqos/qgraph_internal: add qos_printf() and qos_printf_literal(), Paolo Bonzini, 2021/02/15
- [PULL 08/19] sev/i386: Enable an SEV-ES guest based on SEV policy, Paolo Bonzini, 2021/02/15
- [PULL 09/19] libqos/qgraph: add qos_node_create_driver_named(), Paolo Bonzini, 2021/02/15