Revision tags: v9.2.0, v9.1.2, v9.1.1, v9.1.0 |
|
#
3665dd6b |
| 28-Jun-2024 |
Richard Henderson <richard.henderson@linaro.org> |
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* configure: detect --cpu=mipsisa64r6 * target/i386: decode address before going back to translate.c * meson: allow configuri
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* configure: detect --cpu=mipsisa64r6 * target/i386: decode address before going back to translate.c * meson: allow configuring the x86-64 baseline * meson: remove dead optimization option * exec: small changes to allow compilation with C++ in Android emulator * fix SEV compilation on 32-bit systems
# -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmZ+8mEUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroMVmAf+PjJBpMYNFb2qxJDw5jI7hITsrtm4 # v5TKo9x7E3pna5guae5ODFencYhBITQznHFa3gO9w09QN7Gq/rKjuBBST9VISslU # dW3HtxY9A1eHQtNqHuD7jBWWo9N0hhNiLRa6xz/VDTjEJSxhjSdK2bRW9Yz9hZAe # 8bbEEC9us21RdFTS+eijOMo9SPyASUlqIq4RbQpbAVuzzOMeXnfOuX9VSTcBy9o2 # 7cKMg7zjL8WQugJKynyl5lny7m1Ji55LD2UrYMF6Mik3Wz5kwgHcUITJ+ZHd/9hR # a+MI7o/jyCPdmX9pBvJCxyerCVYBu0ugLqYKpAcsqU6111FLrnGgDvHf/g== # =LdYd # -----END PGP SIGNATURE----- # gpg: Signature made Fri 28 Jun 2024 10:26:57 AM PDT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (23 commits) target/i386/sev: Fix printf formats target/i386/sev: Use size_t for object sizes target/i386: SEV: store pointer to decoded id_auth in SevSnpGuest target/i386: SEV: rename sev_snp_guest->id_auth target/i386: SEV: store pointer to decoded id_block in SevSnpGuest target/i386: SEV: rename sev_snp_guest->id_block target/i386: remove unused enum target/i386: give CC_OP_POPCNT low bits corresponding to MO_TL target/i386: use cpu_cc_dst for CC_OP_POPCNT target/i386: fix CC_OP dump include: move typeof_strip_qual to compiler.h, use it in QAPI_LIST_LENGTH() exec: don't use void* in pointer arithmetic in headers exec: avoid using C++ keywords in function parameters block: rename former bdrv_file_open callbacks block: remove separate bdrv_file_open callback block: do not check bdrv_file_open block: make assertion more generic meson: remove dead optimization option meson: allow configuring the x86-64 baseline Revert "host/i386: assume presence of SSE2" ...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
#
cb61b174 |
| 26-Jun-2024 |
Richard Henderson <richard.henderson@linaro.org> |
target/i386/sev: Use size_t for object sizes
This code was using both uint32_t and uint64_t for len. Consistently use size_t instead.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
target/i386/sev: Use size_t for object sizes
This code was using both uint32_t and uint64_t for len. Consistently use size_t instead.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Link: https://lore.kernel.org/r/20240626194950.1725800-3-richard.henderson@linaro.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
#
f1572ab9 |
| 05-Jun-2024 |
Richard Henderson <richard.henderson@linaro.org> |
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* virtio-blk: remove SCSI passthrough functionality * require x86-64-v2 baseline ISA * SEV-SNP host support * fix xsave.flat
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* virtio-blk: remove SCSI passthrough functionality * require x86-64-v2 baseline ISA * SEV-SNP host support * fix xsave.flat with TCG * fixes for CPUID checks done by TCG
# -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmZgKVYUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroPKYgf/QkWrNXdjjD3yAsv5LbJFVTVyCYW3 # b4Iax29kEDy8k9wbzfLxOfIk9jXIjmbOMO5ZN9LFiHK6VJxbXslsMh6hm50M3xKe # 49X1Rvf9YuVA7KZX+dWkEuqLYI6Tlgj3HaCilYWfXrjyo6hY3CxzkPV/ChmaeYlV # Ad4Y8biifoUuuEK8OTeTlcDWLhOHlFXylG3AXqULsUsXp0XhWJ9juXQ60eATv/W4 # eCEH7CSmRhYFu2/rV+IrWFYMnskLRTk1OC1/m6yXGPKOzgnOcthuvQfiUgPkbR/d # llY6Ni5Aaf7+XX3S7Avcyvoq8jXzaaMzOrzL98rxYGDR1sYBYO+4h4ZToA== # =qQeP # -----END PGP SIGNATURE----- # gpg: Signature made Wed 05 Jun 2024 02:01:10 AM PDT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (46 commits) hw/i386: Add support for loading BIOS using guest_memfd hw/i386/sev: Use guest_memfd for legacy ROMs memory: Introduce memory_region_init_ram_guest_memfd() i386/sev: Allow measured direct kernel boot on SNP i386/sev: Reorder struct declarations i386/sev: Extract build_kernel_loader_hashes i386/sev: Enable KVM_HC_MAP_GPA_RANGE hcall for SNP guests i386/kvm: Add KVM_EXIT_HYPERCALL handling for KVM_HC_MAP_GPA_RANGE i386/sev: Invoke launch_updata_data() for SNP class i386/sev: Invoke launch_updata_data() for SEV class hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled i386/sev: Add support for SNP CPUID validation i386/sev: Add support for populating OVMF metadata pages hw/i386/sev: Add function to get SEV metadata from OVMF header i386/sev: Set CPU state to protected once SNP guest payload is finalized i386/sev: Add handling to encrypt/finalize guest launch data i386/sev: Add the SNP launch start context i386/sev: Update query-sev QAPI format to handle SEV-SNP i386/sev: Add a class method to determine KVM VM type for SNP guests i386/sev: Don't return launch measurements for SEV-SNP guests ...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
#
9f3a6999 |
| 30-May-2024 |
Brijesh Singh <brijesh.singh@amd.com> |
i386/sev: Add handling to encrypt/finalize guest launch data
Process any queued up launch data and encrypt/measure it into the SNP guest instance prior to initial guest launch.
This also updates th
i386/sev: Add handling to encrypt/finalize guest launch data
Process any queued up launch data and encrypt/measure it into the SNP guest instance prior to initial guest launch.
This also updates the KVM_SEV_SNP_LAUNCH_UPDATE call to handle partial update responses.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Co-developed-by: Michael Roth <michael.roth@amd.com> Signed-off-by: Michael Roth <michael.roth@amd.com> Co-developed-by: Pankaj Gupta <pankaj.gupta@amd.com> Signed-off-by: Pankaj Gupta <pankaj.gupta@amd.com> Message-ID: <20240530111643.1091816-17-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
#
d3107f88 |
| 30-May-2024 |
Brijesh Singh <brijesh.singh@amd.com> |
i386/sev: Add the SNP launch start context
The SNP_LAUNCH_START is called first to create a cryptographic launch context within the firmware.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Si
i386/sev: Add the SNP launch start context
The SNP_LAUNCH_START is called first to create a cryptographic launch context within the firmware.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Michael Roth <michael.roth@amd.com> Co-developed-by: Pankaj Gupta <pankaj.gupta@amd.com> Signed-off-by: Pankaj Gupta <pankaj.gupta@amd.com> Message-ID: <20240530111643.1091816-16-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
Revision tags: v8.0.0, v7.2.0, v7.0.0, v6.2.0, v6.1.0 |
|
#
8c345b3e |
| 02-Jun-2021 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/thuth-gitlab/tags/pull-request-2021-06-02' into staging
* Update the references to some doc files (use *.rst instead of *.txt) * Bump minimum versions of some r
Merge remote-tracking branch 'remotes/thuth-gitlab/tags/pull-request-2021-06-02' into staging
* Update the references to some doc files (use *.rst instead of *.txt) * Bump minimum versions of some requirements after removing CentOS 7 support
# gpg: Signature made Wed 02 Jun 2021 08:12:18 BST # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* remotes/thuth-gitlab/tags/pull-request-2021-06-02: configure: bump min required CLang to 6.0 / XCode 10.0 configure: bump min required GCC to 7.5.0 configure: bump min required glib version to 2.56 tests/docker: drop CentOS 7 container tests/vm: convert centos VM recipe to CentOS 8 crypto: drop used conditional check crypto: bump min gnutls to 3.5.18, dropping RHEL-7 support crypto: bump min gcrypt to 1.8.0, dropping RHEL-7 support crypto: drop back compatibility typedefs for nettle crypto: bump min nettle to 3.4, dropping RHEL-7 support patchew: move quick build job from CentOS 7 to CentOS 8 container block/ssh: Bump minimum libssh version to 0.8.7 docs: fix references to docs/devel/s390-dasd-ipl.rst docs: fix references to docs/specs/tpm.rst docs: fix references to docs/devel/build-system.rst docs: fix references to docs/devel/atomics.rst docs: fix references to docs/devel/tracing.rst
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
d0fb9657 |
| 17-May-2021 |
Stefano Garzarella <sgarzare@redhat.com> |
docs: fix references to docs/devel/tracing.rst
Commit e50caf4a5c ("tracing: convert documentation to rST") converted docs/devel/tracing.txt to docs/devel/tracing.rst.
We still have several referenc
docs: fix references to docs/devel/tracing.rst
Commit e50caf4a5c ("tracing: convert documentation to rST") converted docs/devel/tracing.txt to docs/devel/tracing.rst.
We still have several references to the old file, so let's fix them with the following command:
sed -i s/tracing.txt/tracing.rst/ $(git grep -l docs/devel/tracing.txt)
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210517151702.109066-2-sgarzare@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
#
dd2db39d |
| 01-Jun-2021 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/ehabkost-gl/tags/x86-next-pull-request' into staging
x86 queue, 2021-06-01
Features: * Add CPU model versions supporting 'xsaves' (Vitaly Kuznetsov) * Support
Merge remote-tracking branch 'remotes/ehabkost-gl/tags/x86-next-pull-request' into staging
x86 queue, 2021-06-01
Features: * Add CPU model versions supporting 'xsaves' (Vitaly Kuznetsov) * Support AVX512 ZMM regs dump (Robert Hoo)
Bug fixes: * Use better matching family/model/stepping for generic CPUs (Daniel P. Berrangé)
Cleanups: * Hyper-V feature initialization cleanup (Vitaly Kuznetsov) * SEV firmware error list touchups (Connor Kuehl) * Constify CPUCaches and X86CPUDefinition (Philippe Mathieu-Daudé) * Document when features can be added to kvm_default_props (Eduardo Habkost)
# gpg: Signature made Tue 01 Jun 2021 19:08:33 BST # gpg: using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6 # gpg: issuer "ehabkost@redhat.com" # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full] # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost-gl/tags/x86-next-pull-request: (24 commits) sev: add missing firmware error conditions sev: use explicit indices for mapping firmware error codes to strings target/i386/sev: add support to query the attestation report i386: use global kvm_state in hyperv_enabled() check i386: prefer system KVM_GET_SUPPORTED_HV_CPUID ioctl over vCPU's one i386: adjust the expected KVM_GET_SUPPORTED_HV_CPUID array size i386: switch hyperv_expand_features() to using error_setg() i386: move eVMCS enablement to hyperv_init_vcpu() i386: split hyperv_handle_properties() into hyperv_expand_features()/hyperv_fill_cpuids() i386: introduce hv_cpuid_cache i386: drop FEAT_HYPERV feature leaves i386: introduce hv_cpuid_get_host() i386: introduce hyperv_feature_supported() i386: stop using env->features[] for filling Hyper-V CPUIDs i386: always fill Hyper-V CPUID feature leaves from X86CPU data i386: invert hyperv_spinlock_attempts setting logic with hv_passthrough i386: keep hyperv_vendor string up-to-date i386: use better matching family/model/stepping for 'max' CPU i386: use better matching family/model/stepping for 'qemu64' CPU i386/cpu_dump: support AVX512 ZMM regs dump ...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
3ea1a802 |
| 29-Apr-2021 |
Brijesh Singh <brijesh.singh@amd.com> |
target/i386/sev: add support to query the attestation report
The SEV FW >= 0.23 added a new command that can be used to query the attestation report containing the SHA-256 digest of the guest memory
target/i386/sev: add support to query the attestation report
The SEV FW >= 0.23 added a new command that can be used to query the attestation report containing the SHA-256 digest of the guest memory and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK.
Note, we already have a command (LAUNCH_MEASURE) that can be used to query the SHA-256 digest of the guest memory encrypted through the LAUNCH_UPDATE. The main difference between previous and this command is that the report is signed with the PEK and unlike the LAUNCH_MEASURE command the ATTESATION_REPORT command can be called while the guest is running.
Add a QMP interface "query-sev-attestation-report" that can be used to get the report encoded in base64.
Cc: James Bottomley <jejb@linux.ibm.com> Cc: Tom Lendacky <Thomas.Lendacky@amd.com> Cc: Eric Blake <eblake@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: kvm@vger.kernel.org Reviewed-by: James Bottomley <jejb@linux.ibm.com> Tested-by: James Bottomley <jejb@linux.ibm.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Connor Kuehl <ckuehl@redhat.com> Message-Id: <20210429170728.24322-1-brijesh.singh@amd.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
show more ...
|
#
75ee62ac |
| 17-Dec-2020 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/ehabkost-gl/tags/x86-next-pull-request' into staging
x86 queue, 2020-12-17
Features: * AVX512_FP16 feature (Cathy Zhang)
Cleanups: * accel code cleanup (Claud
Merge remote-tracking branch 'remotes/ehabkost-gl/tags/x86-next-pull-request' into staging
x86 queue, 2020-12-17
Features: * AVX512_FP16 feature (Cathy Zhang)
Cleanups: * accel code cleanup (Claudio Fontana) * hyperv initialization cleanup (Vitaly Kuznetsov)
# gpg: Signature made Thu 17 Dec 2020 18:44:45 GMT # gpg: using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6 # gpg: issuer "ehabkost@redhat.com" # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full] # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost-gl/tags/x86-next-pull-request: cpu: Remove unnecessary noop methods tcg: Make CPUClass.debug_excp_handler optional tcg: make CPUClass.cpu_exec_* optional tcg: cpu_exec_{enter,exit} helpers i386: tcg: remove inline from cpu_load_eflags i386: move TCG cpu class initialization to tcg/ x86/cpu: Add AVX512_FP16 cpu feature i386: move hyperv_limits initialization to x86_cpu_realizefn() i386: move hyperv_version_id initialization to x86_cpu_realizefn() i386: move hyperv_interface_id initialization to x86_cpu_realizefn() i386: move hyperv_vendor_id initialization to x86_cpu_realizefn() i386: move cpu dump out of helper.c into cpu-dump.c i386: move TCG accel files into tcg/ i386: hvf: remove stale MAINTAINERS entry for old hvf stubs i386: move hax accel files into hax/ i386: move whpx accel files into whpx/ i386: move kvm accel files into kvm/
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
a9dc68d9 |
| 12-Dec-2020 |
Claudio Fontana <cfontana@suse.de> |
i386: move kvm accel files into kvm/
Signed-off-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
i386: move kvm accel files into kvm/
Signed-off-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20201212155530.23098-2-cfontana@suse.de> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
show more ...
|
#
5bfbd817 |
| 14-Dec-2020 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-for-6.0-pull-request' into staging
Pull request trivial-patches 20201214
# gpg: Signature made Mon 14 Dec 2020 15:52:07 GMT # gpg:
Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-for-6.0-pull-request' into staging
Pull request trivial-patches 20201214
# gpg: Signature made Mon 14 Dec 2020 15:52:07 GMT # gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C # gpg: issuer "laurent@vivier.eu" # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full] # gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full] # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full] # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C
* remotes/vivier2/tags/trivial-branch-for-6.0-pull-request: configure / meson: Move check for linux/btrfs.h to meson.build configure / meson: Move check for sys/kcov.h to meson.build configure / meson: Move check for sys/signal.h to meson.build configure / meson: Move check for drm.h to meson.build configure / meson: Move check for pty.h to meson.build configure: Remove the obsolete check for ifaddrs.h blockdev: Fix a memleak in drive_backup_prepare() block/file-posix: fix a possible undefined behavior elf2dmp/pdb: Plug memleak in pdb_init_from_file elf2dmp/qemu_elf: Plug memleak in QEMU_Elf_init configure: Test if $make actually exists ads7846: moves from the hw/display folder to the hw/input folder. CODING_STYLE.rst: Be less strict about 80 character limit fsdev: open brace '{' following struct go on the same line hw/pci-host/pam: Replace magic number by PAM_REGIONS_COUNT definition hw/xen: Don't use '#' flag of printf format MAINTAINERS: update my email address qemu-options.hx: Fix minor issues in icount documentation target/i386: tracing: format length values as hex
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
Revision tags: v5.2.0 |
|
#
6f8ddc2a |
| 03-Nov-2020 |
Dov Murik <dovmurik@linux.vnet.ibm.com> |
target/i386: tracing: format length values as hex
Three trace events had a literal "0x" prefix but the 'len' values were formatted in decimal base. Keep the prefix and format the numbers as hex, as
target/i386: tracing: format length values as hex
Three trace events had a literal "0x" prefix but the 'len' values were formatted in decimal base. Keep the prefix and format the numbers as hex, as is usually the case for length of memory regions.
Signed-off-by: Dov Murik <dovmurik@linux.vnet.ibm.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20201103100745.160409-1-dovmurik@linux.vnet.ibm.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
show more ...
|
#
33744604 |
| 11-Dec-2020 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging
Machine queue, 2020-12-10
Some patches that were queued after 5.2 soft freeze.
# gpg: Signature made Thu
Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging
Machine queue, 2020-12-10
Some patches that were queued after 5.2 soft freeze.
# gpg: Signature made Thu 10 Dec 2020 22:41:29 GMT # gpg: using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6 # gpg: issuer "ehabkost@redhat.com" # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full] # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/machine-next-pull-request: i386/cpu: Make the Intel PT LIP feature configurable sev: add sev-inject-launch-secret qom: code hardening - have bound checking while looping with integer value
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
c7f7e697 |
| 27-Oct-2020 |
Tobin Feldman-Fitzthum <tobin@ibm.com> |
sev: add sev-inject-launch-secret
AMD SEV allows a guest owner to inject a secret blob into the memory of a virtual machine. The secret is encrypted with the SEV Transport Encryption Key and integri
sev: add sev-inject-launch-secret
AMD SEV allows a guest owner to inject a secret blob into the memory of a virtual machine. The secret is encrypted with the SEV Transport Encryption Key and integrity is guaranteed with the Transport Integrity Key. Although QEMU facilitates the injection of the launch secret, it cannot access the secret.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Message-Id: <20201027170303.47550-1-tobin@linux.ibm.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
show more ...
|
Revision tags: v5.0.0, v4.2.0, v4.0.0, v4.0.0-rc1 |
|
#
d132baa0 |
| 25-Mar-2019 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging
Pull request
Compilation fixes and cleanups for QEMU 4.0.0.
# gpg: Signature made Mon 25 Mar 2019 15:58:28 GM
Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging
Pull request
Compilation fixes and cleanups for QEMU 4.0.0.
# gpg: Signature made Mon 25 Mar 2019 15:58:28 GMT # gpg: using RSA key 9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full] # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full] # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/tracing-pull-request: trace-events: Fix attribution of trace points to source trace-events: Delete unused trace points scripts/cleanup-trace-events: Update for current practice trace-events: Shorten file names in comments trace-events: Consistently point to docs/devel/tracing.txt trace: avoid SystemTap dtrace(1) warnings on empty files trace: handle tracefs path truncation
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
Revision tags: v4.0.0-rc0 |
|
#
500016e5 |
| 14-Mar-2019 |
Markus Armbruster <armbru@redhat.com> |
trace-events: Shorten file names in comments
We spell out sub/dir/ in sub/dir/trace-events' comments pointing to source files. That's because when trace-events got split up, the comments were moved
trace-events: Shorten file names in comments
We spell out sub/dir/ in sub/dir/trace-events' comments pointing to source files. That's because when trace-events got split up, the comments were moved verbatim.
Delete the sub/dir/ part from these comments. Gets rid of several misspellings.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190314180929.27722-3-armbru@redhat.com Message-Id: <20190314180929.27722-3-armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
show more ...
|
Revision tags: v3.1.0, v3.1.0-rc5, v3.1.0-rc4, v3.1.0-rc3, v3.1.0-rc2, v3.1.0-rc1, v3.1.0-rc0, libfdt-20181002, ppc-for-3.1-20180925, ppc-for-3.1-20180907, ppc-for-3.1-20180821, v3.0.0, v3.0.0-rc4, v2.12.1, ppc-for-3.0-20180801, v3.0.0-rc3, v3.0.0-rc2, v3.0.0-rc1, ppc-for-3.0-20180716, v3.0.0-rc0, ppc-for-3.0-20180709, ppc-for-3.0-20180703, v2.11.2, ppc-for-3.0-20180622, ppc-for-3.0-20180618, ppc-for-3.0-20180612, ppc-for-2.13-20180504, ppc-for-2.13-20180427, v2.12.0, v2.12.0-rc4, v2.12.0-rc3, ppc-for-2.12-20180410, v2.12.0-rc2, v2.12.0-rc1, v2.12.0-rc0, ppc-for-2.12-20180319 |
|
#
5bdd3743 |
| 15-Mar-2018 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream-sev' into staging
* Migrate MSR_SMI_COUNT (Liran) * Update kernel headers (Gerd, myself) * SEV support (Brijesh)
I have not tested no
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream-sev' into staging
* Migrate MSR_SMI_COUNT (Liran) * Update kernel headers (Gerd, myself) * SEV support (Brijesh)
I have not tested non-x86 compilation, but I reordered the SEV patches so that all non-x86-specific changes go first to catch any possible issues (which weren't there anyway :)).
# gpg: Signature made Tue 13 Mar 2018 16:37:06 GMT # gpg: using RSA key BFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream-sev: (22 commits) sev/i386: add sev_get_capabilities() sev/i386: qmp: add query-sev-capabilities command sev/i386: qmp: add query-sev-launch-measure command sev/i386: hmp: add 'info sev' command cpu/i386: populate CPUID 0x8000_001F when SEV is active sev/i386: add migration blocker sev/i386: finalize the SEV guest launch flow sev/i386: add support to LAUNCH_MEASURE command target/i386: encrypt bios rom sev/i386: add command to encrypt guest memory region sev/i386: add command to create launch memory encryption context sev/i386: register the guest memory range which may contain encrypted data sev/i386: add command to initialize the memory encryption context include: add psp-sev.h header file sev/i386: qmp: add query-sev command target/i386: add Secure Encrypted Virtualization (SEV) object kvm: introduce memory encryption APIs kvm: add memory encryption context docs: add AMD Secure Encrypted Virtualization (SEV) machine: add memory-encryption option ...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
Revision tags: ppc-for-2.12-20180315 |
|
#
5dd0df7e |
| 08-Mar-2018 |
Brijesh Singh <brijesh.singh@amd.com> |
sev/i386: finalize the SEV guest launch flow
SEV launch flow requires us to issue LAUNCH_FINISH command before guest is ready to run.
Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <
sev/i386: finalize the SEV guest launch flow
SEV launch flow requires us to issue LAUNCH_FINISH command before guest is ready to run.
Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
#
c6c89c97 |
| 08-Mar-2018 |
Brijesh Singh <brijesh.singh@amd.com> |
sev/i386: add support to LAUNCH_MEASURE command
During machine creation we encrypted the guest bios image, the LAUNCH_MEASURE command can be used to retrieve the measurement of the encrypted memory
sev/i386: add support to LAUNCH_MEASURE command
During machine creation we encrypted the guest bios image, the LAUNCH_MEASURE command can be used to retrieve the measurement of the encrypted memory region. This measurement is a signature of the memory contents that can be sent to the guest owner as an attestation that the memory was encrypted correctly by the firmware. VM management tools like libvirt can query the measurement using query-sev-launch-measure QMP command.
Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
#
b738d630 |
| 08-Mar-2018 |
Brijesh Singh <brijesh.singh@amd.com> |
sev/i386: add command to encrypt guest memory region
The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory region using the VM Encryption Key created using LAUNCH_START.
Cc: Paol
sev/i386: add command to encrypt guest memory region
The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory region using the VM Encryption Key created using LAUNCH_START.
Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
#
620fd55c |
| 08-Mar-2018 |
Brijesh Singh <brijesh.singh@amd.com> |
sev/i386: add command to create launch memory encryption context
The KVM_SEV_LAUNCH_START command creates a new VM encryption key (VEK). The encryption key created with the command will be used for
sev/i386: add command to create launch memory encryption context
The KVM_SEV_LAUNCH_START command creates a new VM encryption key (VEK). The encryption key created with the command will be used for encrypting the bootstrap images (such as guest bios).
Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
#
2b308e44 |
| 08-Mar-2018 |
Brijesh Singh <brijesh.singh@amd.com> |
sev/i386: register the guest memory range which may contain encrypted data
When SEV is enabled, the hardware encryption engine uses a tweak such that the two identical plaintext at different locatio
sev/i386: register the guest memory range which may contain encrypted data
When SEV is enabled, the hardware encryption engine uses a tweak such that the two identical plaintext at different location will have a different ciphertexts. So swapping or moving a ciphertexts of two guest pages will not result in plaintexts being swapped. Hence relocating a physical backing pages of the SEV guest will require some additional steps in KVM driver. The KVM_MEMORY_ENCRYPT_{UN,}REG_REGION ioctl can be used to register/unregister the guest memory region which may contain the encrypted data. KVM driver will internally handle the relocating physical backing pages of registered memory regions.
Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
#
d8575c6c |
| 08-Mar-2018 |
Brijesh Singh <brijesh.singh@amd.com> |
sev/i386: add command to initialize the memory encryption context
When memory encryption is enabled, KVM_SEV_INIT command is used to initialize the platform. The command loads the SEV related persis
sev/i386: add command to initialize the memory encryption context
When memory encryption is enabled, KVM_SEV_INIT command is used to initialize the platform. The command loads the SEV related persistent data from non-volatile storage and initializes the platform context. This command should be first issued before invoking any other guest commands provided by the SEV firmware.
Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
Revision tags: ppc-for-2.12-20180306, ppc-for-2.12-20180302, ppc-for-2.12-20180216, v2.11.1, ppc-for-2.12-20180212, ppc-for-2.12-20180129, ppc-for-2.12-20180121, ppc-for-2.12-20180119, ppc-for-2.12-20180117, ppc-for-2.12-20180111, ppc-for-2.12-20180108, ppc-for-2.12-20180103, ppc-for-2.12-20171219, v2.10.2, ppc-for-2.12-20171215, v2.11.0, v2.11.0-rc5, v2.11.0-rc4, ppc-for-2.11-20171205, ppc-for-2.11-20171204, v2.11.0-rc3, ppc-for-2.11-20171127, ppc-for-2.11-20171122, v2.11.0-rc2, ppc-for-2.11-20171120, v2.11.0-rc1, ppc-for-2.11-20171114, ppc-for-2.11-20171108, v2.11.0-rc0, ppc-for-2.11-20171017, v2.10.1, ppc-for-2.11-20170927, ppc-for-2.11-20170915, ppc-for-2.11-20170908, v2.9.1, v2.10.0, v2.10.0-rc4, ppc-for-2.10-20170823, ppc-for-2.10-20170822, v2.10.0-rc3, ppc-for-2.10-20170809, v2.10.0-rc2, v2.10.0-rc1 |
|
#
25dd0e77 |
| 31-Jul-2017 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-fetch' into staging
trivial patches for 2017-07-31
# gpg: Signature made Mon 31 Jul 2017 11:18:57 BST # gpg: using RSA
Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-fetch' into staging
trivial patches for 2017-07-31
# gpg: Signature made Mon 31 Jul 2017 11:18:57 BST # gpg: using RSA key 0x701B4F6B1A693E59 # gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" # gpg: aka "Michael Tokarev <mjt@corpit.ru>" # gpg: aka "Michael Tokarev <mjt@debian.org>" # Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 # Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931 4B22 701B 4F6B 1A69 3E59
* remotes/mjt/tags/trivial-patches-fetch: (25 commits) docs: fix broken paths to docs/specs/ivshmem-spec.txt docs: fix broken paths to docs/config/ich9-ehci-uhci.cfg docs: fix broken paths to docs/devel/tracing.txt docs: fix broken paths to docs/devel/atomics.txt docs: fix broken paths to docs/devel/qapi-code-gen.txt docs: fix broken paths to docs/interop/qcow2.txt docs: fix broken paths to docs/interop dir thunk: assert nb_fields is valid syscall: check inotify() and eventfd() return value syscall: fix use of uninitialized values syscall: fix dereference of undefined pointer linux-user/sh4: fix incorrect memory write m68k/translate: fix incorrect copy/paste net/eth: fix incorrect check of iov_to_buf() return value ui/vnc: fix leak of SocketAddress ** qcow2: fix null pointer dereference ivshmem: fix incorrect error handling in ivshmem_recv_msg() loader: check get_image_size() return value tests: add missing dependency to build QTEST_QEMU_BINARY qemu-system-tricore: segfault when entering "x 0" on the monitor ...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|