]> git.proxmox.com Git - mirror_qemu.git/blob - target/i386/sev.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
dtc: Update to version 1.6.1
[mirror_qemu.git] / target / i386 / sev.c
1 /*
2 * QEMU SEV support
3 *
4 * Copyright Advanced Micro Devices 2016-2018
5 *
6 * Author:
7 * Brijesh Singh <brijesh.singh@amd.com>
8 *
9 * This work is licensed under the terms of the GNU GPL, version 2 or later.
10 * See the COPYING file in the top-level directory.
11 *
12 */
13
14 #include "qemu/osdep.h"
15
16 #include <linux/kvm.h>
17 #include <linux/psp-sev.h>
18
19 #include <sys/ioctl.h>
20
21 #include "qapi/error.h"
22 #include "qom/object_interfaces.h"
23 #include "qemu/base64.h"
24 #include "qemu/module.h"
25 #include "qemu/uuid.h"
26 #include "crypto/hash.h"
27 #include "sysemu/kvm.h"
28 #include "sev_i386.h"
29 #include "sysemu/sysemu.h"
30 #include "sysemu/runstate.h"
31 #include "trace.h"
32 #include "migration/blocker.h"
33 #include "qom/object.h"
34 #include "monitor/monitor.h"
35 #include "exec/confidential-guest-support.h"
36 #include "hw/i386/pc.h"
37
38 #define TYPE_SEV_GUEST "sev-guest"
39 OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST)
40
41
42 /**
43 * SevGuestState:
44 *
45 * The SevGuestState object is used for creating and managing a SEV
46 * guest.
47 *
48 * # $QEMU \
49 * -object sev-guest,id=sev0 \
50 * -machine ...,memory-encryption=sev0
51 */
52 struct SevGuestState {
53 ConfidentialGuestSupport parent_obj;
54
55 /* configuration parameters */
56 char *sev_device;
57 uint32_t policy;
58 char *dh_cert_file;
59 char *session_file;
60 uint32_t cbitpos;
61 uint32_t reduced_phys_bits;
62
63 /* runtime state */
64 uint32_t handle;
65 uint8_t api_major;
66 uint8_t api_minor;
67 uint8_t build_id;
68 uint64_t me_mask;
69 int sev_fd;
70 SevState state;
71 gchar *measurement;
72
73 uint32_t reset_cs;
74 uint32_t reset_ip;
75 bool reset_data_valid;
76 };
77
78 #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */
79 #define DEFAULT_SEV_DEVICE "/dev/sev"
80
81 #define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e"
82 typedef struct __attribute__((__packed__)) SevInfoBlock {
83 /* SEV-ES Reset Vector Address */
84 uint32_t reset_addr;
85 } SevInfoBlock;
86
87 #define SEV_HASH_TABLE_RV_GUID "7255371f-3a3b-4b04-927b-1da6efa8d454"
88 typedef struct QEMU_PACKED SevHashTableDescriptor {
89 /* SEV hash table area guest address */
90 uint32_t base;
91 /* SEV hash table area size (in bytes) */
92 uint32_t size;
93 } SevHashTableDescriptor;
94
95 /* hard code sha256 digest size */
96 #define HASH_SIZE 32
97
98 typedef struct QEMU_PACKED SevHashTableEntry {
99 QemuUUID guid;
100 uint16_t len;
101 uint8_t hash[HASH_SIZE];
102 } SevHashTableEntry;
103
104 typedef struct QEMU_PACKED SevHashTable {
105 QemuUUID guid;
106 uint16_t len;
107 SevHashTableEntry cmdline;
108 SevHashTableEntry initrd;
109 SevHashTableEntry kernel;
110 uint8_t padding[];
111 } SevHashTable;
112
113 static SevGuestState *sev_guest;
114 static Error *sev_mig_blocker;
115
116 static const char *const sev_fw_errlist[] = {
117 [SEV_RET_SUCCESS] = "",
118 [SEV_RET_INVALID_PLATFORM_STATE] = "Platform state is invalid",
119 [SEV_RET_INVALID_GUEST_STATE] = "Guest state is invalid",
120 [SEV_RET_INAVLID_CONFIG] = "Platform configuration is invalid",
121 [SEV_RET_INVALID_LEN] = "Buffer too small",
122 [SEV_RET_ALREADY_OWNED] = "Platform is already owned",
123 [SEV_RET_INVALID_CERTIFICATE] = "Certificate is invalid",
124 [SEV_RET_POLICY_FAILURE] = "Policy is not allowed",
125 [SEV_RET_INACTIVE] = "Guest is not active",
126 [SEV_RET_INVALID_ADDRESS] = "Invalid address",
127 [SEV_RET_BAD_SIGNATURE] = "Bad signature",
128 [SEV_RET_BAD_MEASUREMENT] = "Bad measurement",
129 [SEV_RET_ASID_OWNED] = "ASID is already owned",
130 [SEV_RET_INVALID_ASID] = "Invalid ASID",
131 [SEV_RET_WBINVD_REQUIRED] = "WBINVD is required",
132 [SEV_RET_DFFLUSH_REQUIRED] = "DF_FLUSH is required",
133 [SEV_RET_INVALID_GUEST] = "Guest handle is invalid",
134 [SEV_RET_INVALID_COMMAND] = "Invalid command",
135 [SEV_RET_ACTIVE] = "Guest is active",
136 [SEV_RET_HWSEV_RET_PLATFORM] = "Hardware error",
137 [SEV_RET_HWSEV_RET_UNSAFE] = "Hardware unsafe",
138 [SEV_RET_UNSUPPORTED] = "Feature not supported",
139 [SEV_RET_INVALID_PARAM] = "Invalid parameter",
140 [SEV_RET_RESOURCE_LIMIT] = "Required firmware resource depleted",
141 [SEV_RET_SECURE_DATA_INVALID] = "Part-specific integrity check failure",
142 };
143
144 #define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist)
145
146 static int
147 sev_ioctl(int fd, int cmd, void *data, int *error)
148 {
149 int r;
150 struct kvm_sev_cmd input;
151
152 memset(&input, 0x0, sizeof(input));
153
154 input.id = cmd;
155 input.sev_fd = fd;
156 input.data = (__u64)(unsigned long)data;
157
158 r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &input);
159
160 if (error) {
161 *error = input.error;
162 }
163
164 return r;
165 }
166
167 static int
168 sev_platform_ioctl(int fd, int cmd, void *data, int *error)
169 {
170 int r;
171 struct sev_issue_cmd arg;
172
173 arg.cmd = cmd;
174 arg.data = (unsigned long)data;
175 r = ioctl(fd, SEV_ISSUE_CMD, &arg);
176 if (error) {
177 *error = arg.error;
178 }
179
180 return r;
181 }
182
183 static const char *
184 fw_error_to_str(int code)
185 {
186 if (code < 0 || code >= SEV_FW_MAX_ERROR) {
187 return "unknown error";
188 }
189
190 return sev_fw_errlist[code];
191 }
192
193 static bool
194 sev_check_state(const SevGuestState *sev, SevState state)
195 {
196 assert(sev);
197 return sev->state == state ? true : false;
198 }
199
200 static void
201 sev_set_guest_state(SevGuestState *sev, SevState new_state)
202 {
203 assert(new_state < SEV_STATE__MAX);
204 assert(sev);
205
206 trace_kvm_sev_change_state(SevState_str(sev->state),
207 SevState_str(new_state));
208 sev->state = new_state;
209 }
210
211 static void
212 sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size,
213 size_t max_size)
214 {
215 int r;
216 struct kvm_enc_region range;
217 ram_addr_t offset;
218 MemoryRegion *mr;
219
220 /*
221 * The RAM device presents a memory region that should be treated
222 * as IO region and should not be pinned.
223 */
224 mr = memory_region_from_host(host, &offset);
225 if (mr && memory_region_is_ram_device(mr)) {
226 return;
227 }
228
229 range.addr = (__u64)(unsigned long)host;
230 range.size = max_size;
231
232 trace_kvm_memcrypt_register_region(host, max_size);
233 r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_REG_REGION, &range);
234 if (r) {
235 error_report("%s: failed to register region (%p+%#zx) error '%s'",
236 __func__, host, max_size, strerror(errno));
237 exit(1);
238 }
239 }
240
241 static void
242 sev_ram_block_removed(RAMBlockNotifier *n, void *host, size_t size,
243 size_t max_size)
244 {
245 int r;
246 struct kvm_enc_region range;
247 ram_addr_t offset;
248 MemoryRegion *mr;
249
250 /*
251 * The RAM device presents a memory region that should be treated
252 * as IO region and should not have been pinned.
253 */
254 mr = memory_region_from_host(host, &offset);
255 if (mr && memory_region_is_ram_device(mr)) {
256 return;
257 }
258
259 range.addr = (__u64)(unsigned long)host;
260 range.size = max_size;
261
262 trace_kvm_memcrypt_unregister_region(host, max_size);
263 r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_UNREG_REGION, &range);
264 if (r) {
265 error_report("%s: failed to unregister region (%p+%#zx)",
266 __func__, host, max_size);
267 }
268 }
269
270 static struct RAMBlockNotifier sev_ram_notifier = {
271 .ram_block_added = sev_ram_block_added,
272 .ram_block_removed = sev_ram_block_removed,
273 };
274
275 static void
276 sev_guest_finalize(Object *obj)
277 {
278 }
279
280 static char *
281 sev_guest_get_session_file(Object *obj, Error **errp)
282 {
283 SevGuestState *s = SEV_GUEST(obj);
284
285 return s->session_file ? g_strdup(s->session_file) : NULL;
286 }
287
288 static void
289 sev_guest_set_session_file(Object *obj, const char *value, Error **errp)
290 {
291 SevGuestState *s = SEV_GUEST(obj);
292
293 s->session_file = g_strdup(value);
294 }
295
296 static char *
297 sev_guest_get_dh_cert_file(Object *obj, Error **errp)
298 {
299 SevGuestState *s = SEV_GUEST(obj);
300
301 return g_strdup(s->dh_cert_file);
302 }
303
304 static void
305 sev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp)
306 {
307 SevGuestState *s = SEV_GUEST(obj);
308
309 s->dh_cert_file = g_strdup(value);
310 }
311
312 static char *
313 sev_guest_get_sev_device(Object *obj, Error **errp)
314 {
315 SevGuestState *sev = SEV_GUEST(obj);
316
317 return g_strdup(sev->sev_device);
318 }
319
320 static void
321 sev_guest_set_sev_device(Object *obj, const char *value, Error **errp)
322 {
323 SevGuestState *sev = SEV_GUEST(obj);
324
325 sev->sev_device = g_strdup(value);
326 }
327
328 static void
329 sev_guest_class_init(ObjectClass *oc, void *data)
330 {
331 object_class_property_add_str(oc, "sev-device",
332 sev_guest_get_sev_device,
333 sev_guest_set_sev_device);
334 object_class_property_set_description(oc, "sev-device",
335 "SEV device to use");
336 object_class_property_add_str(oc, "dh-cert-file",
337 sev_guest_get_dh_cert_file,
338 sev_guest_set_dh_cert_file);
339 object_class_property_set_description(oc, "dh-cert-file",
340 "guest owners DH certificate (encoded with base64)");
341 object_class_property_add_str(oc, "session-file",
342 sev_guest_get_session_file,
343 sev_guest_set_session_file);
344 object_class_property_set_description(oc, "session-file",
345 "guest owners session parameters (encoded with base64)");
346 }
347
348 static void
349 sev_guest_instance_init(Object *obj)
350 {
351 SevGuestState *sev = SEV_GUEST(obj);
352
353 sev->sev_device = g_strdup(DEFAULT_SEV_DEVICE);
354 sev->policy = DEFAULT_GUEST_POLICY;
355 object_property_add_uint32_ptr(obj, "policy", &sev->policy,
356 OBJ_PROP_FLAG_READWRITE);
357 object_property_add_uint32_ptr(obj, "handle", &sev->handle,
358 OBJ_PROP_FLAG_READWRITE);
359 object_property_add_uint32_ptr(obj, "cbitpos", &sev->cbitpos,
360 OBJ_PROP_FLAG_READWRITE);
361 object_property_add_uint32_ptr(obj, "reduced-phys-bits",
362 &sev->reduced_phys_bits,
363 OBJ_PROP_FLAG_READWRITE);
364 }
365
366 /* sev guest info */
367 static const TypeInfo sev_guest_info = {
368 .parent = TYPE_CONFIDENTIAL_GUEST_SUPPORT,
369 .name = TYPE_SEV_GUEST,
370 .instance_size = sizeof(SevGuestState),
371 .instance_finalize = sev_guest_finalize,
372 .class_init = sev_guest_class_init,
373 .instance_init = sev_guest_instance_init,
374 .interfaces = (InterfaceInfo[]) {
375 { TYPE_USER_CREATABLE },
376 { }
377 }
378 };
379
380 bool
381 sev_enabled(void)
382 {
383 return !!sev_guest;
384 }
385
386 bool
387 sev_es_enabled(void)
388 {
389 return sev_enabled() && (sev_guest->policy & SEV_POLICY_ES);
390 }
391
392 uint64_t
393 sev_get_me_mask(void)
394 {
395 return sev_guest ? sev_guest->me_mask : ~0;
396 }
397
398 uint32_t
399 sev_get_cbit_position(void)
400 {
401 return sev_guest ? sev_guest->cbitpos : 0;
402 }
403
404 uint32_t
405 sev_get_reduced_phys_bits(void)
406 {
407 return sev_guest ? sev_guest->reduced_phys_bits : 0;
408 }
409
410 SevInfo *
411 sev_get_info(void)
412 {
413 SevInfo *info;
414
415 info = g_new0(SevInfo, 1);
416 info->enabled = sev_enabled();
417
418 if (info->enabled) {
419 info->api_major = sev_guest->api_major;
420 info->api_minor = sev_guest->api_minor;
421 info->build_id = sev_guest->build_id;
422 info->policy = sev_guest->policy;
423 info->state = sev_guest->state;
424 info->handle = sev_guest->handle;
425 }
426
427 return info;
428 }
429
430 static int
431 sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len, guchar **cert_chain,
432 size_t *cert_chain_len, Error **errp)
433 {
434 guchar *pdh_data = NULL;
435 guchar *cert_chain_data = NULL;
436 struct sev_user_data_pdh_cert_export export = {};
437 int err, r;
438
439 /* query the certificate length */
440 r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err);
441 if (r < 0) {
442 if (err != SEV_RET_INVALID_LEN) {
443 error_setg(errp, "failed to export PDH cert ret=%d fw_err=%d (%s)",
444 r, err, fw_error_to_str(err));
445 return 1;
446 }
447 }
448
449 pdh_data = g_new(guchar, export.pdh_cert_len);
450 cert_chain_data = g_new(guchar, export.cert_chain_len);
451 export.pdh_cert_address = (unsigned long)pdh_data;
452 export.cert_chain_address = (unsigned long)cert_chain_data;
453
454 r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err);
455 if (r < 0) {
456 error_setg(errp, "failed to export PDH cert ret=%d fw_err=%d (%s)",
457 r, err, fw_error_to_str(err));
458 goto e_free;
459 }
460
461 *pdh = pdh_data;
462 *pdh_len = export.pdh_cert_len;
463 *cert_chain = cert_chain_data;
464 *cert_chain_len = export.cert_chain_len;
465 return 0;
466
467 e_free:
468 g_free(pdh_data);
469 g_free(cert_chain_data);
470 return 1;
471 }
472
473 SevCapability *
474 sev_get_capabilities(Error **errp)
475 {
476 SevCapability *cap = NULL;
477 guchar *pdh_data = NULL;
478 guchar *cert_chain_data = NULL;
479 size_t pdh_len = 0, cert_chain_len = 0;
480 uint32_t ebx;
481 int fd;
482
483 if (!kvm_enabled()) {
484 error_setg(errp, "KVM not enabled");
485 return NULL;
486 }
487 if (kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, NULL) < 0) {
488 error_setg(errp, "SEV is not enabled in KVM");
489 return NULL;
490 }
491
492 fd = open(DEFAULT_SEV_DEVICE, O_RDWR);
493 if (fd < 0) {
494 error_setg_errno(errp, errno, "Failed to open %s",
495 DEFAULT_SEV_DEVICE);
496 return NULL;
497 }
498
499 if (sev_get_pdh_info(fd, &pdh_data, &pdh_len,
500 &cert_chain_data, &cert_chain_len, errp)) {
501 goto out;
502 }
503
504 cap = g_new0(SevCapability, 1);
505 cap->pdh = g_base64_encode(pdh_data, pdh_len);
506 cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len);
507
508 host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
509 cap->cbitpos = ebx & 0x3f;
510
511 /*
512 * When SEV feature is enabled, we loose one bit in guest physical
513 * addressing.
514 */
515 cap->reduced_phys_bits = 1;
516
517 out:
518 g_free(pdh_data);
519 g_free(cert_chain_data);
520 close(fd);
521 return cap;
522 }
523
524 SevAttestationReport *
525 sev_get_attestation_report(const char *mnonce, Error **errp)
526 {
527 struct kvm_sev_attestation_report input = {};
528 SevAttestationReport *report = NULL;
529 SevGuestState *sev = sev_guest;
530 guchar *data;
531 guchar *buf;
532 gsize len;
533 int err = 0, ret;
534
535 if (!sev_enabled()) {
536 error_setg(errp, "SEV is not enabled");
537 return NULL;
538 }
539
540 /* lets decode the mnonce string */
541 buf = g_base64_decode(mnonce, &len);
542 if (!buf) {
543 error_setg(errp, "SEV: failed to decode mnonce input");
544 return NULL;
545 }
546
547 /* verify the input mnonce length */
548 if (len != sizeof(input.mnonce)) {
549 error_setg(errp, "SEV: mnonce must be %zu bytes (got %" G_GSIZE_FORMAT ")",
550 sizeof(input.mnonce), len);
551 g_free(buf);
552 return NULL;
553 }
554
555 /* Query the report length */
556 ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT,
557 &input, &err);
558 if (ret < 0) {
559 if (err != SEV_RET_INVALID_LEN) {
560 error_setg(errp, "failed to query the attestation report length "
561 "ret=%d fw_err=%d (%s)", ret, err, fw_error_to_str(err));
562 g_free(buf);
563 return NULL;
564 }
565 }
566
567 data = g_malloc(input.len);
568 input.uaddr = (unsigned long)data;
569 memcpy(input.mnonce, buf, sizeof(input.mnonce));
570
571 /* Query the report */
572 ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT,
573 &input, &err);
574 if (ret) {
575 error_setg_errno(errp, errno, "Failed to get attestation report"
576 " ret=%d fw_err=%d (%s)", ret, err, fw_error_to_str(err));
577 goto e_free_data;
578 }
579
580 report = g_new0(SevAttestationReport, 1);
581 report->data = g_base64_encode(data, input.len);
582
583 trace_kvm_sev_attestation_report(mnonce, report->data);
584
585 e_free_data:
586 g_free(data);
587 g_free(buf);
588 return report;
589 }
590
591 static int
592 sev_read_file_base64(const char *filename, guchar **data, gsize *len)
593 {
594 gsize sz;
595 g_autofree gchar *base64 = NULL;
596 GError *error = NULL;
597
598 if (!g_file_get_contents(filename, &base64, &sz, &error)) {
599 error_report("failed to read '%s' (%s)", filename, error->message);
600 g_error_free(error);
601 return -1;
602 }
603
604 *data = g_base64_decode(base64, len);
605 return 0;
606 }
607
608 static int
609 sev_launch_start(SevGuestState *sev)
610 {
611 gsize sz;
612 int ret = 1;
613 int fw_error, rc;
614 struct kvm_sev_launch_start *start;
615 guchar *session = NULL, *dh_cert = NULL;
616
617 start = g_new0(struct kvm_sev_launch_start, 1);
618
619 start->handle = sev->handle;
620 start->policy = sev->policy;
621 if (sev->session_file) {
622 if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) {
623 goto out;
624 }
625 start->session_uaddr = (unsigned long)session;
626 start->session_len = sz;
627 }
628
629 if (sev->dh_cert_file) {
630 if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) {
631 goto out;
632 }
633 start->dh_uaddr = (unsigned long)dh_cert;
634 start->dh_len = sz;
635 }
636
637 trace_kvm_sev_launch_start(start->policy, session, dh_cert);
638 rc = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_START, start, &fw_error);
639 if (rc < 0) {
640 error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'",
641 __func__, ret, fw_error, fw_error_to_str(fw_error));
642 goto out;
643 }
644
645 sev_set_guest_state(sev, SEV_STATE_LAUNCH_UPDATE);
646 sev->handle = start->handle;
647 ret = 0;
648
649 out:
650 g_free(start);
651 g_free(session);
652 g_free(dh_cert);
653 return ret;
654 }
655
656 static int
657 sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len)
658 {
659 int ret, fw_error;
660 struct kvm_sev_launch_update_data update;
661
662 if (!addr || !len) {
663 return 1;
664 }
665
666 update.uaddr = (__u64)(unsigned long)addr;
667 update.len = len;
668 trace_kvm_sev_launch_update_data(addr, len);
669 ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA,
670 &update, &fw_error);
671 if (ret) {
672 error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'",
673 __func__, ret, fw_error, fw_error_to_str(fw_error));
674 }
675
676 return ret;
677 }
678
679 static int
680 sev_launch_update_vmsa(SevGuestState *sev)
681 {
682 int ret, fw_error;
683
684 ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL, &fw_error);
685 if (ret) {
686 error_report("%s: LAUNCH_UPDATE_VMSA ret=%d fw_error=%d '%s'",
687 __func__, ret, fw_error, fw_error_to_str(fw_error));
688 }
689
690 return ret;
691 }
692
693 static void
694 sev_launch_get_measure(Notifier *notifier, void *unused)
695 {
696 SevGuestState *sev = sev_guest;
697 int ret, error;
698 guchar *data;
699 struct kvm_sev_launch_measure *measurement;
700
701 if (!sev_check_state(sev, SEV_STATE_LAUNCH_UPDATE)) {
702 return;
703 }
704
705 if (sev_es_enabled()) {
706 /* measure all the VM save areas before getting launch_measure */
707 ret = sev_launch_update_vmsa(sev);
708 if (ret) {
709 exit(1);
710 }
711 }
712
713 measurement = g_new0(struct kvm_sev_launch_measure, 1);
714
715 /* query the measurement blob length */
716 ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE,
717 measurement, &error);
718 if (!measurement->len) {
719 error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'",
720 __func__, ret, error, fw_error_to_str(errno));
721 goto free_measurement;
722 }
723
724 data = g_new0(guchar, measurement->len);
725 measurement->uaddr = (unsigned long)data;
726
727 /* get the measurement blob */
728 ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE,
729 measurement, &error);
730 if (ret) {
731 error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'",
732 __func__, ret, error, fw_error_to_str(errno));
733 goto free_data;
734 }
735
736 sev_set_guest_state(sev, SEV_STATE_LAUNCH_SECRET);
737
738 /* encode the measurement value and emit the event */
739 sev->measurement = g_base64_encode(data, measurement->len);
740 trace_kvm_sev_launch_measurement(sev->measurement);
741
742 free_data:
743 g_free(data);
744 free_measurement:
745 g_free(measurement);
746 }
747
748 char *
749 sev_get_launch_measurement(void)
750 {
751 if (sev_guest &&
752 sev_guest->state >= SEV_STATE_LAUNCH_SECRET) {
753 return g_strdup(sev_guest->measurement);
754 }
755
756 return NULL;
757 }
758
759 static Notifier sev_machine_done_notify = {
760 .notify = sev_launch_get_measure,
761 };
762
763 static void
764 sev_launch_finish(SevGuestState *sev)
765 {
766 int ret, error;
767
768 trace_kvm_sev_launch_finish();
769 ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, &error);
770 if (ret) {
771 error_report("%s: LAUNCH_FINISH ret=%d fw_error=%d '%s'",
772 __func__, ret, error, fw_error_to_str(error));
773 exit(1);
774 }
775
776 sev_set_guest_state(sev, SEV_STATE_RUNNING);
777
778 /* add migration blocker */
779 error_setg(&sev_mig_blocker,
780 "SEV: Migration is not implemented");
781 migrate_add_blocker(sev_mig_blocker, &error_fatal);
782 }
783
784 static void
785 sev_vm_state_change(void *opaque, bool running, RunState state)
786 {
787 SevGuestState *sev = opaque;
788
789 if (running) {
790 if (!sev_check_state(sev, SEV_STATE_RUNNING)) {
791 sev_launch_finish(sev);
792 }
793 }
794 }
795
796 int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
797 {
798 SevGuestState *sev
799 = (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUEST);
800 char *devname;
801 int ret, fw_error, cmd;
802 uint32_t ebx;
803 uint32_t host_cbitpos;
804 struct sev_user_data_status status = {};
805
806 if (!sev) {
807 return 0;
808 }
809
810 ret = ram_block_discard_disable(true);
811 if (ret) {
812 error_report("%s: cannot disable RAM discard", __func__);
813 return -1;
814 }
815
816 sev_guest = sev;
817 sev->state = SEV_STATE_UNINIT;
818
819 host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
820 host_cbitpos = ebx & 0x3f;
821
822 if (host_cbitpos != sev->cbitpos) {
823 error_setg(errp, "%s: cbitpos check failed, host '%d' requested '%d'",
824 __func__, host_cbitpos, sev->cbitpos);
825 goto err;
826 }
827
828 if (sev->reduced_phys_bits < 1) {
829 error_setg(errp, "%s: reduced_phys_bits check failed, it should be >=1,"
830 " requested '%d'", __func__, sev->reduced_phys_bits);
831 goto err;
832 }
833
834 sev->me_mask = ~(1UL << sev->cbitpos);
835
836 devname = object_property_get_str(OBJECT(sev), "sev-device", NULL);
837 sev->sev_fd = open(devname, O_RDWR);
838 if (sev->sev_fd < 0) {
839 error_setg(errp, "%s: Failed to open %s '%s'", __func__,
840 devname, strerror(errno));
841 g_free(devname);
842 goto err;
843 }
844 g_free(devname);
845
846 ret = sev_platform_ioctl(sev->sev_fd, SEV_PLATFORM_STATUS, &status,
847 &fw_error);
848 if (ret) {
849 error_setg(errp, "%s: failed to get platform status ret=%d "
850 "fw_error='%d: %s'", __func__, ret, fw_error,
851 fw_error_to_str(fw_error));
852 goto err;
853 }
854 sev->build_id = status.build;
855 sev->api_major = status.api_major;
856 sev->api_minor = status.api_minor;
857
858 if (sev_es_enabled()) {
859 if (!kvm_kernel_irqchip_allowed()) {
860 error_report("%s: SEV-ES guests require in-kernel irqchip support",
861 __func__);
862 goto err;
863 }
864
865 if (!(status.flags & SEV_STATUS_FLAGS_CONFIG_ES)) {
866 error_report("%s: guest policy requires SEV-ES, but "
867 "host SEV-ES support unavailable",
868 __func__);
869 goto err;
870 }
871 cmd = KVM_SEV_ES_INIT;
872 } else {
873 cmd = KVM_SEV_INIT;
874 }
875
876 trace_kvm_sev_init();
877 ret = sev_ioctl(sev->sev_fd, cmd, NULL, &fw_error);
878 if (ret) {
879 error_setg(errp, "%s: failed to initialize ret=%d fw_error=%d '%s'",
880 __func__, ret, fw_error, fw_error_to_str(fw_error));
881 goto err;
882 }
883
884 ret = sev_launch_start(sev);
885 if (ret) {
886 error_setg(errp, "%s: failed to create encryption context", __func__);
887 goto err;
888 }
889
890 ram_block_notifier_add(&sev_ram_notifier);
891 qemu_add_machine_init_done_notifier(&sev_machine_done_notify);
892 qemu_add_vm_change_state_handler(sev_vm_state_change, sev);
893
894 cgs->ready = true;
895
896 return 0;
897 err:
898 sev_guest = NULL;
899 ram_block_discard_disable(false);
900 return -1;
901 }
902
903 int
904 sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp)
905 {
906 if (!sev_guest) {
907 return 0;
908 }
909
910 /* if SEV is in update state then encrypt the data else do nothing */
911 if (sev_check_state(sev_guest, SEV_STATE_LAUNCH_UPDATE)) {
912 int ret = sev_launch_update_data(sev_guest, ptr, len);
913 if (ret < 0) {
914 error_setg(errp, "failed to encrypt pflash rom");
915 return ret;
916 }
917 }
918
919 return 0;
920 }
921
922 int sev_inject_launch_secret(const char *packet_hdr, const char *secret,
923 uint64_t gpa, Error **errp)
924 {
925 struct kvm_sev_launch_secret input;
926 g_autofree guchar *data = NULL, *hdr = NULL;
927 int error, ret = 1;
928 void *hva;
929 gsize hdr_sz = 0, data_sz = 0;
930 MemoryRegion *mr = NULL;
931
932 if (!sev_guest) {
933 error_setg(errp, "SEV: SEV not enabled.");
934 return 1;
935 }
936
937 /* secret can be injected only in this state */
938 if (!sev_check_state(sev_guest, SEV_STATE_LAUNCH_SECRET)) {
939 error_setg(errp, "SEV: Not in correct state. (LSECRET) %x",
940 sev_guest->state);
941 return 1;
942 }
943
944 hdr = g_base64_decode(packet_hdr, &hdr_sz);
945 if (!hdr || !hdr_sz) {
946 error_setg(errp, "SEV: Failed to decode sequence header");
947 return 1;
948 }
949
950 data = g_base64_decode(secret, &data_sz);
951 if (!data || !data_sz) {
952 error_setg(errp, "SEV: Failed to decode data");
953 return 1;
954 }
955
956 hva = gpa2hva(&mr, gpa, data_sz, errp);
957 if (!hva) {
958 error_prepend(errp, "SEV: Failed to calculate guest address: ");
959 return 1;
960 }
961
962 input.hdr_uaddr = (uint64_t)(unsigned long)hdr;
963 input.hdr_len = hdr_sz;
964
965 input.trans_uaddr = (uint64_t)(unsigned long)data;
966 input.trans_len = data_sz;
967
968 input.guest_uaddr = (uint64_t)(unsigned long)hva;
969 input.guest_len = data_sz;
970
971 trace_kvm_sev_launch_secret(gpa, input.guest_uaddr,
972 input.trans_uaddr, input.trans_len);
973
974 ret = sev_ioctl(sev_guest->sev_fd, KVM_SEV_LAUNCH_SECRET,
975 &input, &error);
976 if (ret) {
977 error_setg(errp, "SEV: failed to inject secret ret=%d fw_error=%d '%s'",
978 ret, error, fw_error_to_str(error));
979 return ret;
980 }
981
982 return 0;
983 }
984
985 static int
986 sev_es_parse_reset_block(SevInfoBlock *info, uint32_t *addr)
987 {
988 if (!info->reset_addr) {
989 error_report("SEV-ES reset address is zero");
990 return 1;
991 }
992
993 *addr = info->reset_addr;
994
995 return 0;
996 }
997
998 static int
999 sev_es_find_reset_vector(void *flash_ptr, uint64_t flash_size,
1000 uint32_t *addr)
1001 {
1002 QemuUUID info_guid, *guid;
1003 SevInfoBlock *info;
1004 uint8_t *data;
1005 uint16_t *len;
1006
1007 /*
1008 * Initialize the address to zero. An address of zero with a successful
1009 * return code indicates that SEV-ES is not active.
1010 */
1011 *addr = 0;
1012
1013 /*
1014 * Extract the AP reset vector for SEV-ES guests by locating the SEV GUID.
1015 * The SEV GUID is located on its own (original implementation) or within
1016 * the Firmware GUID Table (new implementation), either of which are
1017 * located 32 bytes from the end of the flash.
1018 *
1019 * Check the Firmware GUID Table first.
1020 */
1021 if (pc_system_ovmf_table_find(SEV_INFO_BLOCK_GUID, &data, NULL)) {
1022 return sev_es_parse_reset_block((SevInfoBlock *)data, addr);
1023 }
1024
1025 /*
1026 * SEV info block not found in the Firmware GUID Table (or there isn't
1027 * a Firmware GUID Table), fall back to the original implementation.
1028 */
1029 data = flash_ptr + flash_size - 0x20;
1030
1031 qemu_uuid_parse(SEV_INFO_BLOCK_GUID, &info_guid);
1032 info_guid = qemu_uuid_bswap(info_guid); /* GUIDs are LE */
1033
1034 guid = (QemuUUID *)(data - sizeof(info_guid));
1035 if (!qemu_uuid_is_equal(guid, &info_guid)) {
1036 error_report("SEV information block/Firmware GUID Table block not found in pflash rom");
1037 return 1;
1038 }
1039
1040 len = (uint16_t *)((uint8_t *)guid - sizeof(*len));
1041 info = (SevInfoBlock *)(data - le16_to_cpu(*len));
1042
1043 return sev_es_parse_reset_block(info, addr);
1044 }
1045
1046 void sev_es_set_reset_vector(CPUState *cpu)
1047 {
1048 X86CPU *x86;
1049 CPUX86State *env;
1050
1051 /* Only update if we have valid reset information */
1052 if (!sev_guest || !sev_guest->reset_data_valid) {
1053 return;
1054 }
1055
1056 /* Do not update the BSP reset state */
1057 if (cpu->cpu_index == 0) {
1058 return;
1059 }
1060
1061 x86 = X86_CPU(cpu);
1062 env = &x86->env;
1063
1064 cpu_x86_load_seg_cache(env, R_CS, 0xf000, sev_guest->reset_cs, 0xffff,
1065 DESC_P_MASK | DESC_S_MASK | DESC_CS_MASK |
1066 DESC_R_MASK | DESC_A_MASK);
1067
1068 env->eip = sev_guest->reset_ip;
1069 }
1070
1071 int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size)
1072 {
1073 CPUState *cpu;
1074 uint32_t addr;
1075 int ret;
1076
1077 if (!sev_es_enabled()) {
1078 return 0;
1079 }
1080
1081 addr = 0;
1082 ret = sev_es_find_reset_vector(flash_ptr, flash_size,
1083 &addr);
1084 if (ret) {
1085 return ret;
1086 }
1087
1088 if (addr) {
1089 sev_guest->reset_cs = addr & 0xffff0000;
1090 sev_guest->reset_ip = addr & 0x0000ffff;
1091 sev_guest->reset_data_valid = true;
1092
1093 CPU_FOREACH(cpu) {
1094 sev_es_set_reset_vector(cpu);
1095 }
1096 }
1097
1098 return 0;
1099 }
1100
1101 static const QemuUUID sev_hash_table_header_guid = {
1102 .data = UUID_LE(0x9438d606, 0x4f22, 0x4cc9, 0xb4, 0x79, 0xa7, 0x93,
1103 0xd4, 0x11, 0xfd, 0x21)
1104 };
1105
1106 static const QemuUUID sev_kernel_entry_guid = {
1107 .data = UUID_LE(0x4de79437, 0xabd2, 0x427f, 0xb8, 0x35, 0xd5, 0xb1,
1108 0x72, 0xd2, 0x04, 0x5b)
1109 };
1110 static const QemuUUID sev_initrd_entry_guid = {
1111 .data = UUID_LE(0x44baf731, 0x3a2f, 0x4bd7, 0x9a, 0xf1, 0x41, 0xe2,
1112 0x91, 0x69, 0x78, 0x1d)
1113 };
1114 static const QemuUUID sev_cmdline_entry_guid = {
1115 .data = UUID_LE(0x97d02dd8, 0xbd20, 0x4c94, 0xaa, 0x78, 0xe7, 0x71,
1116 0x4d, 0x36, 0xab, 0x2a)
1117 };
1118
1119 /*
1120 * Add the hashes of the linux kernel/initrd/cmdline to an encrypted guest page
1121 * which is included in SEV's initial memory measurement.
1122 */
1123 bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
1124 {
1125 uint8_t *data;
1126 SevHashTableDescriptor *area;
1127 SevHashTable *ht;
1128 uint8_t cmdline_hash[HASH_SIZE];
1129 uint8_t initrd_hash[HASH_SIZE];
1130 uint8_t kernel_hash[HASH_SIZE];
1131 uint8_t *hashp;
1132 size_t hash_len = HASH_SIZE;
1133 int aligned_len;
1134
1135 if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) {
1136 error_setg(errp, "SEV: kernel specified but OVMF has no hash table guid");
1137 return false;
1138 }
1139 area = (SevHashTableDescriptor *)data;
1140
1141 /*
1142 * Calculate hash of kernel command-line with the terminating null byte. If
1143 * the user doesn't supply a command-line via -append, the 1-byte "\0" will
1144 * be used.
1145 */
1146 hashp = cmdline_hash;
1147 if (qcrypto_hash_bytes(QCRYPTO_HASH_ALG_SHA256, ctx->cmdline_data,
1148 ctx->cmdline_size, &hashp, &hash_len, errp) < 0) {
1149 return false;
1150 }
1151 assert(hash_len == HASH_SIZE);
1152
1153 /*
1154 * Calculate hash of initrd. If the user doesn't supply an initrd via
1155 * -initrd, an empty buffer will be used (ctx->initrd_size == 0).
1156 */
1157 hashp = initrd_hash;
1158 if (qcrypto_hash_bytes(QCRYPTO_HASH_ALG_SHA256, ctx->initrd_data,
1159 ctx->initrd_size, &hashp, &hash_len, errp) < 0) {
1160 return false;
1161 }
1162 assert(hash_len == HASH_SIZE);
1163
1164 /* Calculate hash of the kernel */
1165 hashp = kernel_hash;
1166 struct iovec iov[2] = {
1167 { .iov_base = ctx->setup_data, .iov_len = ctx->setup_size },
1168 { .iov_base = ctx->kernel_data, .iov_len = ctx->kernel_size }
1169 };
1170 if (qcrypto_hash_bytesv(QCRYPTO_HASH_ALG_SHA256, iov, ARRAY_SIZE(iov),
1171 &hashp, &hash_len, errp) < 0) {
1172 return false;
1173 }
1174 assert(hash_len == HASH_SIZE);
1175
1176 /*
1177 * Populate the hashes table in the guest's memory at the OVMF-designated
1178 * area for the SEV hashes table
1179 */
1180 ht = qemu_map_ram_ptr(NULL, area->base);
1181
1182 ht->guid = sev_hash_table_header_guid;
1183 ht->len = sizeof(*ht);
1184
1185 ht->cmdline.guid = sev_cmdline_entry_guid;
1186 ht->cmdline.len = sizeof(ht->cmdline);
1187 memcpy(ht->cmdline.hash, cmdline_hash, sizeof(ht->cmdline.hash));
1188
1189 ht->initrd.guid = sev_initrd_entry_guid;
1190 ht->initrd.len = sizeof(ht->initrd);
1191 memcpy(ht->initrd.hash, initrd_hash, sizeof(ht->initrd.hash));
1192
1193 ht->kernel.guid = sev_kernel_entry_guid;
1194 ht->kernel.len = sizeof(ht->kernel);
1195 memcpy(ht->kernel.hash, kernel_hash, sizeof(ht->kernel.hash));
1196
1197 /* When calling sev_encrypt_flash, the length has to be 16 byte aligned */
1198 aligned_len = ROUND_UP(ht->len, 16);
1199 if (aligned_len != ht->len) {
1200 /* zero the excess data so the measurement can be reliably calculated */
1201 memset(ht->padding, 0, aligned_len - ht->len);
1202 }
1203
1204 if (sev_encrypt_flash((uint8_t *)ht, aligned_len, errp) < 0) {
1205 return false;
1206 }
1207
1208 return true;
1209 }
1210
1211 static void
1212 sev_register_types(void)
1213 {
1214 type_register_static(&sev_guest_info);
1215 }
1216
1217 type_init(sev_register_types);
QEMU mirror