xref: /openbmc/qemu/target/i386/sev.h (revision b92b39af4219df4250f121f64d215506909c7404) 
1 /*
2  * QEMU Secure Encrypted Virutualization (SEV) support
3  *
4  * Copyright: Advanced Micro Devices, 2016-2018
5  *
6  * Authors:
7  *  Brijesh Singh <brijesh.singh@amd.com>
8  *
9  * This work is licensed under the terms of the GNU GPL, version 2 or later.
10  * See the COPYING file in the top-level directory.
11  *
12  */
13 
14 #ifndef I386_SEV_H
15 #define I386_SEV_H
16 
17 #ifndef CONFIG_USER_ONLY
18 #include CONFIG_DEVICES /* CONFIG_SEV */
19 #endif
20 
21 #if !defined(CONFIG_SEV) || defined(CONFIG_USER_ONLY)
22 #define sev_enabled() 0
23 #define sev_es_enabled() 0
24 #define sev_snp_enabled() 0
25 #else
26 bool sev_enabled(void);
27 bool sev_es_enabled(void);
28 bool sev_snp_enabled(void);
29 #endif
30 
31 #if !defined(CONFIG_USER_ONLY)
32 
33 #define TYPE_SEV_COMMON "sev-common"
34 #define TYPE_SEV_GUEST "sev-guest"
35 #define TYPE_SEV_SNP_GUEST "sev-snp-guest"
36 
37 #define SEV_POLICY_NODBG        0x1
38 #define SEV_POLICY_NOKS         0x2
39 #define SEV_POLICY_ES           0x4
40 #define SEV_POLICY_NOSEND       0x8
41 #define SEV_POLICY_DOMAIN       0x10
42 #define SEV_POLICY_SEV          0x20
43 
44 #define SEV_SNP_POLICY_SMT      0x10000
45 #define SEV_SNP_POLICY_DBG      0x80000
46 
47 #define SVM_SEV_FEAT_SNP_ACTIVE 1
48 
49 typedef struct SevKernelLoaderContext {
50     char *setup_data;
51     size_t setup_size;
52     char *kernel_data;
53     size_t kernel_size;
54     char *initrd_data;
55     size_t initrd_size;
56     char *cmdline_data;
57     size_t cmdline_size;
58 } SevKernelLoaderContext;
59 
60 /* Save area definition for SEV-ES and SEV-SNP guests */
61 struct QEMU_PACKED sev_es_save_area {
62     struct vmcb_seg es;
63     struct vmcb_seg cs;
64     struct vmcb_seg ss;
65     struct vmcb_seg ds;
66     struct vmcb_seg fs;
67     struct vmcb_seg gs;
68     struct vmcb_seg gdtr;
69     struct vmcb_seg ldtr;
70     struct vmcb_seg idtr;
71     struct vmcb_seg tr;
72     uint64_t vmpl0_ssp;
73     uint64_t vmpl1_ssp;
74     uint64_t vmpl2_ssp;
75     uint64_t vmpl3_ssp;
76     uint64_t u_cet;
77     uint8_t reserved_0xc8[2];
78     uint8_t vmpl;
79     uint8_t cpl;
80     uint8_t reserved_0xcc[4];
81     uint64_t efer;
82     uint8_t reserved_0xd8[104];
83     uint64_t xss;
84     uint64_t cr4;
85     uint64_t cr3;
86     uint64_t cr0;
87     uint64_t dr7;
88     uint64_t dr6;
89     uint64_t rflags;
90     uint64_t rip;
91     uint64_t dr0;
92     uint64_t dr1;
93     uint64_t dr2;
94     uint64_t dr3;
95     uint64_t dr0_addr_mask;
96     uint64_t dr1_addr_mask;
97     uint64_t dr2_addr_mask;
98     uint64_t dr3_addr_mask;
99     uint8_t reserved_0x1c0[24];
100     uint64_t rsp;
101     uint64_t s_cet;
102     uint64_t ssp;
103     uint64_t isst_addr;
104     uint64_t rax;
105     uint64_t star;
106     uint64_t lstar;
107     uint64_t cstar;
108     uint64_t sfmask;
109     uint64_t kernel_gs_base;
110     uint64_t sysenter_cs;
111     uint64_t sysenter_esp;
112     uint64_t sysenter_eip;
113     uint64_t cr2;
114     uint8_t reserved_0x248[32];
115     uint64_t g_pat;
116     uint64_t dbgctl;
117     uint64_t br_from;
118     uint64_t br_to;
119     uint64_t last_excp_from;
120     uint64_t last_excp_to;
121     uint8_t reserved_0x298[80];
122     uint32_t pkru;
123     uint32_t tsc_aux;
124     uint8_t reserved_0x2f0[24];
125     uint64_t rcx;
126     uint64_t rdx;
127     uint64_t rbx;
128     uint64_t reserved_0x320; /* rsp already available at 0x01d8 */
129     uint64_t rbp;
130     uint64_t rsi;
131     uint64_t rdi;
132     uint64_t r8;
133     uint64_t r9;
134     uint64_t r10;
135     uint64_t r11;
136     uint64_t r12;
137     uint64_t r13;
138     uint64_t r14;
139     uint64_t r15;
140     uint8_t reserved_0x380[16];
141     uint64_t guest_exit_info_1;
142     uint64_t guest_exit_info_2;
143     uint64_t guest_exit_int_info;
144     uint64_t guest_nrip;
145     uint64_t sev_features;
146     uint64_t vintr_ctrl;
147     uint64_t guest_exit_code;
148     uint64_t virtual_tom;
149     uint64_t tlb_id;
150     uint64_t pcpu_id;
151     uint64_t event_inj;
152     uint64_t xcr0;
153     uint8_t reserved_0x3f0[16];
154 
155     /* Floating point area */
156     uint64_t x87_dp;
157     uint32_t mxcsr;
158     uint16_t x87_ftw;
159     uint16_t x87_fsw;
160     uint16_t x87_fcw;
161     uint16_t x87_fop;
162     uint16_t x87_ds;
163     uint16_t x87_cs;
164     uint64_t x87_rip;
165     uint8_t fpreg_x87[80];
166     uint8_t fpreg_xmm[256];
167     uint8_t fpreg_ymm[256];
168 };
169 
170 struct QEMU_PACKED sev_snp_id_authentication {
171     uint32_t id_key_alg;
172     uint32_t auth_key_algo;
173     uint8_t reserved[56];
174     uint8_t id_block_sig[512];
175     uint8_t id_key[1028];
176     uint8_t reserved2[60];
177     uint8_t id_key_sig[512];
178     uint8_t author_key[1028];
179     uint8_t reserved3[892];
180 };
181 
182 bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp);
183 
184 int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp);
185 int sev_inject_launch_secret(const char *hdr, const char *secret,
186                              uint64_t gpa, Error **errp);
187 
188 int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size);
189 void sev_es_set_reset_vector(CPUState *cpu);
190 
191 void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size);
192 
193 #endif /* !CONFIG_USER_ONLY */
194 
195 uint32_t sev_get_cbit_position(void);
196 uint32_t sev_get_reduced_phys_bits(void);
197 
198 #endif
199