Re: [PATCH v6 10/13] spapr: Add PEF based confidential guest support

[David Gibson]

On Tue, Jan 12, 2021 at 09:56:12AM +0000, Daniel P. Berrangé wrote:
> On Tue, Jan 12, 2021 at 03:45:05PM +1100, David Gibson wrote:
> > Some upcoming POWER machines have a system called PEF (Protected
> > Execution Facility) which uses a small ultravisor to allow guests to
> > run in a way that they can't be eavesdropped by the hypervisor.  The
> > effect is roughly similar to AMD SEV, although the mechanisms are
> > quite different.
> > 
> > Most of the work of this is done between the guest, KVM and the
> > ultravisor, with little need for involvement by qemu.  However qemu
> > does need to tell KVM to allow secure VMs.
> > 
> > Because the availability of secure mode is a guest visible difference
> > which depends on having the right hardware and firmware, we don't
> > enable this by default.  In order to run a secure guest you need to
> > create a "pef-guest" object and set the confidential-guest-support
> > property to point to it.
> > 
> > Note that this just *allows* secure guests, the architecture of PEF is
> > such that the guest still needs to talk to the ultravisor to enter
> > secure mode.  Qemu has no directl way of knowing if the guest is in
> > secure mode, and certainly can't know until well after machine
> > creation time.
> > 
> > To start a PEF-capable guest, use the command line options:
> >     -object pef-guest,id=pef0 -machine confidential-guest-support=pef0
> > 
> > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> > ---
> >  docs/confidential-guest-support.txt |   2 +
> >  docs/papr-pef.txt                   |  30 ++++++++
> >  hw/ppc/meson.build                  |   1 +
> >  hw/ppc/pef.c                        | 115 ++++++++++++++++++++++++++++
> >  hw/ppc/spapr.c                      |  10 +++
> >  include/hw/ppc/pef.h                |  26 +++++++
> >  target/ppc/kvm.c                    |  18 -----
> >  target/ppc/kvm_ppc.h                |   6 --
> >  8 files changed, 184 insertions(+), 24 deletions(-)
> >  create mode 100644 docs/papr-pef.txt
> >  create mode 100644 hw/ppc/pef.c
> >  create mode 100644 include/hw/ppc/pef.h
> > 
> 
> > +static const TypeInfo pef_guest_info = {
> > +    .parent = TYPE_OBJECT,
> > +    .name = TYPE_PEF_GUEST,
> > +    .instance_size = sizeof(PefGuestState),
> > +    .interfaces = (InterfaceInfo[]) {
> > +        { TYPE_CONFIDENTIAL_GUEST_SUPPORT },
> > +        { TYPE_USER_CREATABLE },
> > +        { }
> > +    }
> > +};
> 
> IIUC, the earlier patch defines TYPE_CONFIDENTIAL_GUEST_SUPPORT
> as a object, but you're using it as an interface here. The later
> s390 patch uses it as a parent, which makes more sense given it
> is a declared as an object.

Oops, that's a holdover from an earlier version that used an
interface.  Fixed.

-- 
David Gibson                    | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
                                | _way_ _around_!
http://www.ozlabs.org/~dgibson

signature.asc
Description: PGP signature