1 /* 2 * QEMU SEV support 3 * 4 * Copyright Advanced Micro Devices 2016-2018 5 * 6 * Author: 7 * Brijesh Singh <brijesh.singh@amd.com> 8 * 9 * This work is licensed under the terms of the GNU GPL, version 2 or later. 10 * See the COPYING file in the top-level directory. 11 * 12 */ 13 14 #include "qemu/osdep.h" 15 16 #include <linux/kvm.h> 17 #include <linux/kvm_para.h> 18 #include <linux/psp-sev.h> 19 20 #include <sys/ioctl.h> 21 22 #include "qapi/error.h" 23 #include "qom/object_interfaces.h" 24 #include "qemu/base64.h" 25 #include "qemu/module.h" 26 #include "qemu/uuid.h" 27 #include "qemu/error-report.h" 28 #include "crypto/hash.h" 29 #include "exec/target_page.h" 30 #include "system/kvm.h" 31 #include "kvm/kvm_i386.h" 32 #include "sev.h" 33 #include "system/system.h" 34 #include "system/runstate.h" 35 #include "trace.h" 36 #include "migration/blocker.h" 37 #include "qom/object.h" 38 #include "monitor/monitor.h" 39 #include "monitor/hmp-target.h" 40 #include "qapi/qapi-commands-misc-i386.h" 41 #include "confidential-guest.h" 42 #include "hw/i386/pc.h" 43 #include "system/address-spaces.h" 44 #include "hw/i386/e820_memory_layout.h" 45 #include "qemu/queue.h" 46 #include "qemu/cutils.h" 47 48 OBJECT_DECLARE_TYPE(SevCommonState, SevCommonStateClass, SEV_COMMON) 49 OBJECT_DECLARE_TYPE(SevGuestState, SevCommonStateClass, SEV_GUEST) 50 OBJECT_DECLARE_TYPE(SevSnpGuestState, SevCommonStateClass, SEV_SNP_GUEST) 51 52 /* hard code sha256 digest size */ 53 #define HASH_SIZE 32 54 55 /* Hard coded GPA that KVM uses for the VMSA */ 56 #define KVM_VMSA_GPA 0xFFFFFFFFF000 57 58 /* Convert between SEV-ES VMSA and SegmentCache flags/attributes */ 59 #define FLAGS_VMSA_TO_SEGCACHE(flags) \ 60 ((((flags) & 0xff00) << 12) | (((flags) & 0xff) << 8)) 61 #define FLAGS_SEGCACHE_TO_VMSA(flags) \ 62 ((((flags) & 0xff00) >> 8) | (((flags) & 0xf00000) >> 12)) 63 64 typedef struct QEMU_PACKED SevHashTableEntry { 65 QemuUUID guid; 66 uint16_t len; 67 uint8_t hash[HASH_SIZE]; 68 } SevHashTableEntry; 69 70 typedef struct QEMU_PACKED SevHashTable { 71 QemuUUID guid; 72 uint16_t len; 73 SevHashTableEntry cmdline; 74 SevHashTableEntry initrd; 75 SevHashTableEntry kernel; 76 } SevHashTable; 77 78 /* 79 * Data encrypted by sev_encrypt_flash() must be padded to a multiple of 80 * 16 bytes. 81 */ 82 typedef struct QEMU_PACKED PaddedSevHashTable { 83 SevHashTable ht; 84 uint8_t padding[ROUND_UP(sizeof(SevHashTable), 16) - sizeof(SevHashTable)]; 85 } PaddedSevHashTable; 86 87 QEMU_BUILD_BUG_ON(sizeof(PaddedSevHashTable) % 16 != 0); 88 89 #define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e" 90 typedef struct __attribute__((__packed__)) SevInfoBlock { 91 /* SEV-ES Reset Vector Address */ 92 uint32_t reset_addr; 93 } SevInfoBlock; 94 95 #define SEV_HASH_TABLE_RV_GUID "7255371f-3a3b-4b04-927b-1da6efa8d454" 96 typedef struct QEMU_PACKED SevHashTableDescriptor { 97 /* SEV hash table area guest address */ 98 uint32_t base; 99 /* SEV hash table area size (in bytes) */ 100 uint32_t size; 101 } SevHashTableDescriptor; 102 103 typedef struct SevLaunchVmsa { 104 QTAILQ_ENTRY(SevLaunchVmsa) next; 105 106 uint16_t cpu_index; 107 uint64_t gpa; 108 struct sev_es_save_area vmsa; 109 } SevLaunchVmsa; 110 111 struct SevCommonState { 112 X86ConfidentialGuest parent_obj; 113 114 int kvm_type; 115 116 /* configuration parameters */ 117 char *sev_device; 118 uint32_t cbitpos; 119 uint32_t reduced_phys_bits; 120 bool kernel_hashes; 121 uint64_t sev_features; 122 uint64_t supported_sev_features; 123 124 /* runtime state */ 125 uint8_t api_major; 126 uint8_t api_minor; 127 uint8_t build_id; 128 int sev_fd; 129 SevState state; 130 131 QTAILQ_HEAD(, SevLaunchVmsa) launch_vmsa; 132 }; 133 134 struct SevCommonStateClass { 135 X86ConfidentialGuestClass parent_class; 136 137 /* public */ 138 bool (*build_kernel_loader_hashes)(SevCommonState *sev_common, 139 SevHashTableDescriptor *area, 140 SevKernelLoaderContext *ctx, 141 Error **errp); 142 int (*launch_start)(SevCommonState *sev_common); 143 void (*launch_finish)(SevCommonState *sev_common); 144 int (*launch_update_data)(SevCommonState *sev_common, hwaddr gpa, 145 uint8_t *ptr, size_t len, Error **errp); 146 int (*kvm_init)(ConfidentialGuestSupport *cgs, Error **errp); 147 }; 148 149 /** 150 * SevGuestState: 151 * 152 * The SevGuestState object is used for creating and managing a SEV 153 * guest. 154 * 155 * # $QEMU \ 156 * -object sev-guest,id=sev0 \ 157 * -machine ...,memory-encryption=sev0 158 */ 159 struct SevGuestState { 160 SevCommonState parent_obj; 161 gchar *measurement; 162 163 /* configuration parameters */ 164 uint32_t handle; 165 uint32_t policy; 166 char *dh_cert_file; 167 char *session_file; 168 OnOffAuto legacy_vm_type; 169 }; 170 171 struct SevSnpGuestState { 172 SevCommonState parent_obj; 173 174 /* configuration parameters */ 175 char *guest_visible_workarounds; 176 char *id_block_base64; 177 uint8_t *id_block; 178 char *id_auth_base64; 179 uint8_t *id_auth; 180 char *host_data; 181 182 struct kvm_sev_snp_launch_start kvm_start_conf; 183 struct kvm_sev_snp_launch_finish kvm_finish_conf; 184 185 uint32_t kernel_hashes_offset; 186 PaddedSevHashTable *kernel_hashes_data; 187 }; 188 189 #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ 190 #define DEFAULT_SEV_DEVICE "/dev/sev" 191 #define DEFAULT_SEV_SNP_POLICY 0x30000 192 193 typedef struct SevLaunchUpdateData { 194 QTAILQ_ENTRY(SevLaunchUpdateData) next; 195 hwaddr gpa; 196 void *hva; 197 size_t len; 198 int type; 199 } SevLaunchUpdateData; 200 201 static QTAILQ_HEAD(, SevLaunchUpdateData) launch_update; 202 203 static Error *sev_mig_blocker; 204 205 static const char *const sev_fw_errlist[] = { 206 [SEV_RET_SUCCESS] = "", 207 [SEV_RET_INVALID_PLATFORM_STATE] = "Platform state is invalid", 208 [SEV_RET_INVALID_GUEST_STATE] = "Guest state is invalid", 209 [SEV_RET_INAVLID_CONFIG] = "Platform configuration is invalid", 210 [SEV_RET_INVALID_LEN] = "Buffer too small", 211 [SEV_RET_ALREADY_OWNED] = "Platform is already owned", 212 [SEV_RET_INVALID_CERTIFICATE] = "Certificate is invalid", 213 [SEV_RET_POLICY_FAILURE] = "Policy is not allowed", 214 [SEV_RET_INACTIVE] = "Guest is not active", 215 [SEV_RET_INVALID_ADDRESS] = "Invalid address", 216 [SEV_RET_BAD_SIGNATURE] = "Bad signature", 217 [SEV_RET_BAD_MEASUREMENT] = "Bad measurement", 218 [SEV_RET_ASID_OWNED] = "ASID is already owned", 219 [SEV_RET_INVALID_ASID] = "Invalid ASID", 220 [SEV_RET_WBINVD_REQUIRED] = "WBINVD is required", 221 [SEV_RET_DFFLUSH_REQUIRED] = "DF_FLUSH is required", 222 [SEV_RET_INVALID_GUEST] = "Guest handle is invalid", 223 [SEV_RET_INVALID_COMMAND] = "Invalid command", 224 [SEV_RET_ACTIVE] = "Guest is active", 225 [SEV_RET_HWSEV_RET_PLATFORM] = "Hardware error", 226 [SEV_RET_HWSEV_RET_UNSAFE] = "Hardware unsafe", 227 [SEV_RET_UNSUPPORTED] = "Feature not supported", 228 [SEV_RET_INVALID_PARAM] = "Invalid parameter", 229 [SEV_RET_RESOURCE_LIMIT] = "Required firmware resource depleted", 230 [SEV_RET_SECURE_DATA_INVALID] = "Part-specific integrity check failure", 231 }; 232 233 #define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) 234 235 #define SNP_CPUID_FUNCTION_MAXCOUNT 64 236 #define SNP_CPUID_FUNCTION_UNKNOWN 0xFFFFFFFF 237 238 typedef struct { 239 uint32_t eax_in; 240 uint32_t ecx_in; 241 uint64_t xcr0_in; 242 uint64_t xss_in; 243 uint32_t eax; 244 uint32_t ebx; 245 uint32_t ecx; 246 uint32_t edx; 247 uint64_t reserved; 248 } __attribute__((packed)) SnpCpuidFunc; 249 250 typedef struct { 251 uint32_t count; 252 uint32_t reserved1; 253 uint64_t reserved2; 254 SnpCpuidFunc entries[SNP_CPUID_FUNCTION_MAXCOUNT]; 255 } __attribute__((packed)) SnpCpuidInfo; 256 257 static int 258 sev_ioctl(int fd, int cmd, void *data, int *error) 259 { 260 int r; 261 struct kvm_sev_cmd input; 262 263 memset(&input, 0x0, sizeof(input)); 264 265 input.id = cmd; 266 input.sev_fd = fd; 267 input.data = (uintptr_t)data; 268 269 r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &input); 270 271 if (error) { 272 *error = input.error; 273 } 274 275 return r; 276 } 277 278 static int 279 sev_platform_ioctl(int fd, int cmd, void *data, int *error) 280 { 281 int r; 282 struct sev_issue_cmd arg; 283 284 arg.cmd = cmd; 285 arg.data = (unsigned long)data; 286 r = ioctl(fd, SEV_ISSUE_CMD, &arg); 287 if (error) { 288 *error = arg.error; 289 } 290 291 return r; 292 } 293 294 static const char * 295 fw_error_to_str(int code) 296 { 297 if (code < 0 || code >= SEV_FW_MAX_ERROR) { 298 return "unknown error"; 299 } 300 301 return sev_fw_errlist[code]; 302 } 303 304 static bool 305 sev_check_state(const SevCommonState *sev_common, SevState state) 306 { 307 assert(sev_common); 308 return sev_common->state == state ? true : false; 309 } 310 311 static void 312 sev_set_guest_state(SevCommonState *sev_common, SevState new_state) 313 { 314 assert(new_state < SEV_STATE__MAX); 315 assert(sev_common); 316 317 trace_kvm_sev_change_state(SevState_str(sev_common->state), 318 SevState_str(new_state)); 319 sev_common->state = new_state; 320 } 321 322 static void 323 sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size, 324 size_t max_size) 325 { 326 int r; 327 struct kvm_enc_region range; 328 ram_addr_t offset; 329 MemoryRegion *mr; 330 331 /* 332 * The RAM device presents a memory region that should be treated 333 * as IO region and should not be pinned. 334 */ 335 mr = memory_region_from_host(host, &offset); 336 if (mr && memory_region_is_ram_device(mr)) { 337 return; 338 } 339 340 range.addr = (uintptr_t)host; 341 range.size = max_size; 342 343 trace_kvm_memcrypt_register_region(host, max_size); 344 r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_REG_REGION, &range); 345 if (r) { 346 error_report("%s: failed to register region (%p+%#zx) error '%s'", 347 __func__, host, max_size, strerror(errno)); 348 exit(1); 349 } 350 } 351 352 static void 353 sev_ram_block_removed(RAMBlockNotifier *n, void *host, size_t size, 354 size_t max_size) 355 { 356 int r; 357 struct kvm_enc_region range; 358 ram_addr_t offset; 359 MemoryRegion *mr; 360 361 /* 362 * The RAM device presents a memory region that should be treated 363 * as IO region and should not have been pinned. 364 */ 365 mr = memory_region_from_host(host, &offset); 366 if (mr && memory_region_is_ram_device(mr)) { 367 return; 368 } 369 370 range.addr = (uintptr_t)host; 371 range.size = max_size; 372 373 trace_kvm_memcrypt_unregister_region(host, max_size); 374 r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_UNREG_REGION, &range); 375 if (r) { 376 error_report("%s: failed to unregister region (%p+%#zx)", 377 __func__, host, max_size); 378 } 379 } 380 381 static struct RAMBlockNotifier sev_ram_notifier = { 382 .ram_block_added = sev_ram_block_added, 383 .ram_block_removed = sev_ram_block_removed, 384 }; 385 386 static void sev_apply_cpu_context(CPUState *cpu) 387 { 388 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 389 X86CPU *x86; 390 CPUX86State *env; 391 struct SevLaunchVmsa *launch_vmsa; 392 393 /* See if an initial VMSA has been provided for this CPU */ 394 QTAILQ_FOREACH(launch_vmsa, &sev_common->launch_vmsa, next) 395 { 396 if (cpu->cpu_index == launch_vmsa->cpu_index) { 397 x86 = X86_CPU(cpu); 398 env = &x86->env; 399 400 /* 401 * Ideally we would provide the VMSA directly to kvm which would 402 * ensure that the resulting initial VMSA measurement which is 403 * calculated during KVM_SEV_LAUNCH_UPDATE_VMSA is calculated from 404 * exactly what we provide here. Currently this is not possible so 405 * we need to copy the parts of the VMSA structure that we currently 406 * support into the CPU state. 407 */ 408 cpu_load_efer(env, launch_vmsa->vmsa.efer); 409 cpu_x86_update_cr4(env, launch_vmsa->vmsa.cr4); 410 cpu_x86_update_cr0(env, launch_vmsa->vmsa.cr0); 411 cpu_x86_update_cr3(env, launch_vmsa->vmsa.cr3); 412 env->xcr0 = launch_vmsa->vmsa.xcr0; 413 env->pat = launch_vmsa->vmsa.g_pat; 414 415 cpu_x86_load_seg_cache( 416 env, R_CS, launch_vmsa->vmsa.cs.selector, 417 launch_vmsa->vmsa.cs.base, launch_vmsa->vmsa.cs.limit, 418 FLAGS_VMSA_TO_SEGCACHE(launch_vmsa->vmsa.cs.attrib)); 419 cpu_x86_load_seg_cache( 420 env, R_DS, launch_vmsa->vmsa.ds.selector, 421 launch_vmsa->vmsa.ds.base, launch_vmsa->vmsa.ds.limit, 422 FLAGS_VMSA_TO_SEGCACHE(launch_vmsa->vmsa.ds.attrib)); 423 cpu_x86_load_seg_cache( 424 env, R_ES, launch_vmsa->vmsa.es.selector, 425 launch_vmsa->vmsa.es.base, launch_vmsa->vmsa.es.limit, 426 FLAGS_VMSA_TO_SEGCACHE(launch_vmsa->vmsa.es.attrib)); 427 cpu_x86_load_seg_cache( 428 env, R_FS, launch_vmsa->vmsa.fs.selector, 429 launch_vmsa->vmsa.fs.base, launch_vmsa->vmsa.fs.limit, 430 FLAGS_VMSA_TO_SEGCACHE(launch_vmsa->vmsa.fs.attrib)); 431 cpu_x86_load_seg_cache( 432 env, R_GS, launch_vmsa->vmsa.gs.selector, 433 launch_vmsa->vmsa.gs.base, launch_vmsa->vmsa.gs.limit, 434 FLAGS_VMSA_TO_SEGCACHE(launch_vmsa->vmsa.gs.attrib)); 435 cpu_x86_load_seg_cache( 436 env, R_SS, launch_vmsa->vmsa.ss.selector, 437 launch_vmsa->vmsa.ss.base, launch_vmsa->vmsa.ss.limit, 438 FLAGS_VMSA_TO_SEGCACHE(launch_vmsa->vmsa.ss.attrib)); 439 440 env->gdt.base = launch_vmsa->vmsa.gdtr.base; 441 env->gdt.limit = launch_vmsa->vmsa.gdtr.limit; 442 env->gdt.flags = 443 FLAGS_VMSA_TO_SEGCACHE(launch_vmsa->vmsa.gdtr.attrib); 444 env->idt.base = launch_vmsa->vmsa.idtr.base; 445 env->idt.limit = launch_vmsa->vmsa.idtr.limit; 446 env->idt.flags = 447 FLAGS_VMSA_TO_SEGCACHE(launch_vmsa->vmsa.idtr.attrib); 448 449 cpu_x86_load_seg_cache( 450 env, R_LDTR, launch_vmsa->vmsa.ldtr.selector, 451 launch_vmsa->vmsa.ldtr.base, launch_vmsa->vmsa.ldtr.limit, 452 FLAGS_VMSA_TO_SEGCACHE(launch_vmsa->vmsa.ldtr.attrib)); 453 cpu_x86_load_seg_cache( 454 env, R_TR, launch_vmsa->vmsa.tr.selector, 455 launch_vmsa->vmsa.ldtr.base, launch_vmsa->vmsa.tr.limit, 456 FLAGS_VMSA_TO_SEGCACHE(launch_vmsa->vmsa.tr.attrib)); 457 458 env->dr[6] = launch_vmsa->vmsa.dr6; 459 env->dr[7] = launch_vmsa->vmsa.dr7; 460 461 env->regs[R_EAX] = launch_vmsa->vmsa.rax; 462 env->regs[R_ECX] = launch_vmsa->vmsa.rcx; 463 env->regs[R_EDX] = launch_vmsa->vmsa.rdx; 464 env->regs[R_EBX] = launch_vmsa->vmsa.rbx; 465 env->regs[R_ESP] = launch_vmsa->vmsa.rsp; 466 env->regs[R_EBP] = launch_vmsa->vmsa.rbp; 467 env->regs[R_ESI] = launch_vmsa->vmsa.rsi; 468 env->regs[R_EDI] = launch_vmsa->vmsa.rdi; 469 #ifdef TARGET_X86_64 470 env->regs[R_R8] = launch_vmsa->vmsa.r8; 471 env->regs[R_R9] = launch_vmsa->vmsa.r9; 472 env->regs[R_R10] = launch_vmsa->vmsa.r10; 473 env->regs[R_R11] = launch_vmsa->vmsa.r11; 474 env->regs[R_R12] = launch_vmsa->vmsa.r12; 475 env->regs[R_R13] = launch_vmsa->vmsa.r13; 476 env->regs[R_R14] = launch_vmsa->vmsa.r14; 477 env->regs[R_R15] = launch_vmsa->vmsa.r15; 478 #endif 479 env->eip = launch_vmsa->vmsa.rip; 480 env->eflags = launch_vmsa->vmsa.rflags; 481 482 cpu_set_fpuc(env, launch_vmsa->vmsa.x87_fcw); 483 env->mxcsr = launch_vmsa->vmsa.mxcsr; 484 485 break; 486 } 487 } 488 } 489 490 static int check_sev_features(SevCommonState *sev_common, uint64_t sev_features, 491 Error **errp) 492 { 493 /* 494 * Ensure SEV_FEATURES is configured for correct SEV hardware and that 495 * the requested features are supported. If SEV-SNP is enabled then 496 * that feature must be enabled, otherwise it must be cleared. 497 */ 498 if (sev_snp_enabled() && !(sev_features & SVM_SEV_FEAT_SNP_ACTIVE)) { 499 error_setg( 500 errp, 501 "%s: SEV_SNP is enabled but is not enabled in VMSA sev_features", 502 __func__); 503 return -1; 504 } else if (!sev_snp_enabled() && 505 (sev_features & SVM_SEV_FEAT_SNP_ACTIVE)) { 506 error_setg( 507 errp, 508 "%s: SEV_SNP is not enabled but is enabled in VMSA sev_features", 509 __func__); 510 return -1; 511 } 512 if (sev_features & ~sev_common->supported_sev_features) { 513 error_setg(errp, 514 "%s: VMSA contains unsupported sev_features: %lX, " 515 "supported features: %lX", 516 __func__, sev_features, sev_common->supported_sev_features); 517 return -1; 518 } 519 return 0; 520 } 521 522 static int check_vmsa_supported(SevCommonState *sev_common, hwaddr gpa, 523 const struct sev_es_save_area *vmsa, 524 Error **errp) 525 { 526 struct sev_es_save_area vmsa_check; 527 528 /* 529 * KVM always populates the VMSA at a fixed GPA which cannot be modified 530 * from userspace. Specifying a different GPA will not prevent the guest 531 * from starting but will cause the launch measurement to be different 532 * from expected. Therefore check that the provided GPA matches the KVM 533 * hardcoded value. 534 */ 535 if (gpa != KVM_VMSA_GPA) { 536 error_setg(errp, 537 "%s: The VMSA GPA must be %lX but is specified as %lX", 538 __func__, KVM_VMSA_GPA, gpa); 539 return -1; 540 } 541 542 /* 543 * Clear all supported fields so we can then check the entire structure 544 * is zero. 545 */ 546 memcpy(&vmsa_check, vmsa, sizeof(struct sev_es_save_area)); 547 memset(&vmsa_check.es, 0, sizeof(vmsa_check.es)); 548 memset(&vmsa_check.cs, 0, sizeof(vmsa_check.cs)); 549 memset(&vmsa_check.ss, 0, sizeof(vmsa_check.ss)); 550 memset(&vmsa_check.ds, 0, sizeof(vmsa_check.ds)); 551 memset(&vmsa_check.fs, 0, sizeof(vmsa_check.fs)); 552 memset(&vmsa_check.gs, 0, sizeof(vmsa_check.gs)); 553 memset(&vmsa_check.gdtr, 0, sizeof(vmsa_check.gdtr)); 554 memset(&vmsa_check.idtr, 0, sizeof(vmsa_check.idtr)); 555 memset(&vmsa_check.ldtr, 0, sizeof(vmsa_check.ldtr)); 556 memset(&vmsa_check.tr, 0, sizeof(vmsa_check.tr)); 557 vmsa_check.efer = 0; 558 vmsa_check.cr0 = 0; 559 vmsa_check.cr3 = 0; 560 vmsa_check.cr4 = 0; 561 vmsa_check.xcr0 = 0; 562 vmsa_check.dr6 = 0; 563 vmsa_check.dr7 = 0; 564 vmsa_check.rax = 0; 565 vmsa_check.rcx = 0; 566 vmsa_check.rdx = 0; 567 vmsa_check.rbx = 0; 568 vmsa_check.rsp = 0; 569 vmsa_check.rbp = 0; 570 vmsa_check.rsi = 0; 571 vmsa_check.rdi = 0; 572 vmsa_check.r8 = 0; 573 vmsa_check.r9 = 0; 574 vmsa_check.r10 = 0; 575 vmsa_check.r11 = 0; 576 vmsa_check.r12 = 0; 577 vmsa_check.r13 = 0; 578 vmsa_check.r14 = 0; 579 vmsa_check.r15 = 0; 580 vmsa_check.rip = 0; 581 vmsa_check.rflags = 0; 582 583 vmsa_check.g_pat = 0; 584 vmsa_check.xcr0 = 0; 585 586 vmsa_check.x87_fcw = 0; 587 vmsa_check.mxcsr = 0; 588 589 if (check_sev_features(sev_common, vmsa_check.sev_features, errp) < 0) { 590 return -1; 591 } 592 vmsa_check.sev_features = 0; 593 594 if (!buffer_is_zero(&vmsa_check, sizeof(vmsa_check))) { 595 error_setg(errp, 596 "%s: The VMSA contains fields that are not " 597 "synchronized with KVM. Continuing would result in " 598 "either unpredictable guest behavior, or a " 599 "mismatched launch measurement.", 600 __func__); 601 return -1; 602 } 603 return 0; 604 } 605 606 static int sev_set_cpu_context(uint16_t cpu_index, const void *ctx, 607 uint32_t ctx_len, hwaddr gpa, Error **errp) 608 { 609 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 610 SevLaunchVmsa *launch_vmsa; 611 CPUState *cpu; 612 bool exists = false; 613 614 /* 615 * Setting the CPU context is only supported for SEV-ES and SEV-SNP. The 616 * context buffer will contain a sev_es_save_area from the Linux kernel 617 * which is defined by "Table B-4. VMSA Layout, State Save Area for SEV-ES" 618 * in the AMD64 APM, Volume 2. 619 */ 620 621 if (!sev_es_enabled()) { 622 error_setg(errp, "SEV: unable to set CPU context: Not supported"); 623 return -1; 624 } 625 626 if (ctx_len < sizeof(struct sev_es_save_area)) { 627 error_setg(errp, "SEV: unable to set CPU context: " 628 "Invalid context provided"); 629 return -1; 630 } 631 632 cpu = qemu_get_cpu(cpu_index); 633 if (!cpu) { 634 error_setg(errp, "SEV: unable to set CPU context for out of bounds " 635 "CPU index %d", cpu_index); 636 return -1; 637 } 638 639 /* 640 * If the context of this VP has already been set then replace it with the 641 * new context. 642 */ 643 QTAILQ_FOREACH(launch_vmsa, &sev_common->launch_vmsa, next) 644 { 645 if (cpu_index == launch_vmsa->cpu_index) { 646 launch_vmsa->gpa = gpa; 647 memcpy(&launch_vmsa->vmsa, ctx, sizeof(launch_vmsa->vmsa)); 648 exists = true; 649 break; 650 } 651 } 652 653 if (!exists) { 654 /* New VP context */ 655 launch_vmsa = g_new0(SevLaunchVmsa, 1); 656 memcpy(&launch_vmsa->vmsa, ctx, sizeof(launch_vmsa->vmsa)); 657 launch_vmsa->cpu_index = cpu_index; 658 launch_vmsa->gpa = gpa; 659 QTAILQ_INSERT_TAIL(&sev_common->launch_vmsa, launch_vmsa, next); 660 } 661 662 /* Synchronise the VMSA with the current CPU state */ 663 sev_apply_cpu_context(cpu); 664 665 return 0; 666 } 667 668 bool 669 sev_enabled(void) 670 { 671 ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; 672 673 return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_COMMON); 674 } 675 676 bool 677 sev_snp_enabled(void) 678 { 679 ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; 680 681 return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_SNP_GUEST); 682 } 683 684 bool 685 sev_es_enabled(void) 686 { 687 ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; 688 689 return sev_snp_enabled() || 690 (sev_enabled() && SEV_GUEST(cgs)->policy & SEV_POLICY_ES); 691 } 692 693 uint32_t 694 sev_get_cbit_position(void) 695 { 696 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 697 698 return sev_common ? sev_common->cbitpos : 0; 699 } 700 701 uint32_t 702 sev_get_reduced_phys_bits(void) 703 { 704 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 705 706 return sev_common ? sev_common->reduced_phys_bits : 0; 707 } 708 709 static SevInfo *sev_get_info(void) 710 { 711 SevInfo *info; 712 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 713 714 info = g_new0(SevInfo, 1); 715 info->enabled = sev_enabled(); 716 717 if (info->enabled) { 718 info->api_major = sev_common->api_major; 719 info->api_minor = sev_common->api_minor; 720 info->build_id = sev_common->build_id; 721 info->state = sev_common->state; 722 723 if (sev_snp_enabled()) { 724 info->sev_type = SEV_GUEST_TYPE_SEV_SNP; 725 info->u.sev_snp.snp_policy = 726 object_property_get_uint(OBJECT(sev_common), "policy", NULL); 727 } else { 728 info->sev_type = SEV_GUEST_TYPE_SEV; 729 info->u.sev.handle = SEV_GUEST(sev_common)->handle; 730 info->u.sev.policy = 731 (uint32_t)object_property_get_uint(OBJECT(sev_common), 732 "policy", NULL); 733 } 734 } 735 736 return info; 737 } 738 739 SevInfo *qmp_query_sev(Error **errp) 740 { 741 SevInfo *info; 742 743 info = sev_get_info(); 744 if (!info) { 745 error_setg(errp, "SEV feature is not available"); 746 return NULL; 747 } 748 749 return info; 750 } 751 752 void hmp_info_sev(Monitor *mon, const QDict *qdict) 753 { 754 SevInfo *info = sev_get_info(); 755 756 if (!info || !info->enabled) { 757 monitor_printf(mon, "SEV is not enabled\n"); 758 goto out; 759 } 760 761 monitor_printf(mon, "SEV type: %s\n", SevGuestType_str(info->sev_type)); 762 monitor_printf(mon, "state: %s\n", SevState_str(info->state)); 763 monitor_printf(mon, "build: %d\n", info->build_id); 764 monitor_printf(mon, "api version: %d.%d\n", info->api_major, 765 info->api_minor); 766 767 if (sev_snp_enabled()) { 768 monitor_printf(mon, "debug: %s\n", 769 info->u.sev_snp.snp_policy & SEV_SNP_POLICY_DBG ? "on" 770 : "off"); 771 monitor_printf(mon, "SMT allowed: %s\n", 772 info->u.sev_snp.snp_policy & SEV_SNP_POLICY_SMT ? "on" 773 : "off"); 774 } else { 775 monitor_printf(mon, "handle: %d\n", info->u.sev.handle); 776 monitor_printf(mon, "debug: %s\n", 777 info->u.sev.policy & SEV_POLICY_NODBG ? "off" : "on"); 778 monitor_printf(mon, "key-sharing: %s\n", 779 info->u.sev.policy & SEV_POLICY_NOKS ? "off" : "on"); 780 } 781 782 out: 783 qapi_free_SevInfo(info); 784 } 785 786 static int 787 sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len, guchar **cert_chain, 788 size_t *cert_chain_len, Error **errp) 789 { 790 guchar *pdh_data = NULL; 791 guchar *cert_chain_data = NULL; 792 struct sev_user_data_pdh_cert_export export = {}; 793 int err, r; 794 795 /* query the certificate length */ 796 r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err); 797 if (r < 0) { 798 if (err != SEV_RET_INVALID_LEN) { 799 error_setg(errp, "SEV: Failed to export PDH cert" 800 " ret=%d fw_err=%d (%s)", 801 r, err, fw_error_to_str(err)); 802 return 1; 803 } 804 } 805 806 pdh_data = g_new(guchar, export.pdh_cert_len); 807 cert_chain_data = g_new(guchar, export.cert_chain_len); 808 export.pdh_cert_address = (unsigned long)pdh_data; 809 export.cert_chain_address = (unsigned long)cert_chain_data; 810 811 r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err); 812 if (r < 0) { 813 error_setg(errp, "SEV: Failed to export PDH cert ret=%d fw_err=%d (%s)", 814 r, err, fw_error_to_str(err)); 815 goto e_free; 816 } 817 818 *pdh = pdh_data; 819 *pdh_len = export.pdh_cert_len; 820 *cert_chain = cert_chain_data; 821 *cert_chain_len = export.cert_chain_len; 822 return 0; 823 824 e_free: 825 g_free(pdh_data); 826 g_free(cert_chain_data); 827 return 1; 828 } 829 830 static int sev_get_cpu0_id(int fd, guchar **id, size_t *id_len, Error **errp) 831 { 832 guchar *id_data; 833 struct sev_user_data_get_id2 get_id2 = {}; 834 int err, r; 835 836 /* query the ID length */ 837 r = sev_platform_ioctl(fd, SEV_GET_ID2, &get_id2, &err); 838 if (r < 0 && err != SEV_RET_INVALID_LEN) { 839 error_setg(errp, "SEV: Failed to get ID ret=%d fw_err=%d (%s)", 840 r, err, fw_error_to_str(err)); 841 return 1; 842 } 843 844 id_data = g_new(guchar, get_id2.length); 845 get_id2.address = (unsigned long)id_data; 846 847 r = sev_platform_ioctl(fd, SEV_GET_ID2, &get_id2, &err); 848 if (r < 0) { 849 error_setg(errp, "SEV: Failed to get ID ret=%d fw_err=%d (%s)", 850 r, err, fw_error_to_str(err)); 851 goto err; 852 } 853 854 *id = id_data; 855 *id_len = get_id2.length; 856 return 0; 857 858 err: 859 g_free(id_data); 860 return 1; 861 } 862 863 static SevCapability *sev_get_capabilities(Error **errp) 864 { 865 SevCapability *cap = NULL; 866 guchar *pdh_data = NULL; 867 guchar *cert_chain_data = NULL; 868 guchar *cpu0_id_data = NULL; 869 size_t pdh_len = 0, cert_chain_len = 0, cpu0_id_len = 0; 870 uint32_t ebx; 871 int fd; 872 SevCommonState *sev_common; 873 char *sev_device; 874 875 if (!kvm_enabled()) { 876 error_setg(errp, "KVM not enabled"); 877 return NULL; 878 } 879 if (kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, NULL) < 0) { 880 error_setg(errp, "SEV is not enabled in KVM"); 881 return NULL; 882 } 883 884 sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 885 if (sev_common) { 886 sev_device = object_property_get_str(OBJECT(sev_common), "sev-device", 887 &error_abort); 888 } else { 889 sev_device = g_strdup(DEFAULT_SEV_DEVICE); 890 } 891 892 fd = open(sev_device, O_RDWR); 893 if (fd < 0) { 894 error_setg_errno(errp, errno, "SEV: Failed to open %s", 895 sev_device); 896 g_free(sev_device); 897 return NULL; 898 } 899 g_free(sev_device); 900 901 if (sev_get_pdh_info(fd, &pdh_data, &pdh_len, 902 &cert_chain_data, &cert_chain_len, errp)) { 903 goto out; 904 } 905 906 if (sev_get_cpu0_id(fd, &cpu0_id_data, &cpu0_id_len, errp)) { 907 goto out; 908 } 909 910 cap = g_new0(SevCapability, 1); 911 cap->pdh = g_base64_encode(pdh_data, pdh_len); 912 cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len); 913 cap->cpu0_id = g_base64_encode(cpu0_id_data, cpu0_id_len); 914 915 host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); 916 cap->cbitpos = ebx & 0x3f; 917 918 /* 919 * When SEV feature is enabled, we loose one bit in guest physical 920 * addressing. 921 */ 922 cap->reduced_phys_bits = 1; 923 924 out: 925 g_free(cpu0_id_data); 926 g_free(pdh_data); 927 g_free(cert_chain_data); 928 close(fd); 929 return cap; 930 } 931 932 SevCapability *qmp_query_sev_capabilities(Error **errp) 933 { 934 return sev_get_capabilities(errp); 935 } 936 937 static OvmfSevMetadata *ovmf_sev_metadata_table; 938 939 #define OVMF_SEV_META_DATA_GUID "dc886566-984a-4798-A75e-5585a7bf67cc" 940 typedef struct __attribute__((__packed__)) OvmfSevMetadataOffset { 941 uint32_t offset; 942 } OvmfSevMetadataOffset; 943 944 OvmfSevMetadata *pc_system_get_ovmf_sev_metadata_ptr(void) 945 { 946 return ovmf_sev_metadata_table; 947 } 948 949 void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size) 950 { 951 OvmfSevMetadata *metadata; 952 OvmfSevMetadataOffset *data; 953 954 if (!pc_system_ovmf_table_find(OVMF_SEV_META_DATA_GUID, (uint8_t **)&data, 955 NULL)) { 956 return; 957 } 958 959 metadata = (OvmfSevMetadata *)(flash_ptr + flash_size - data->offset); 960 if (memcmp(metadata->signature, "ASEV", 4) != 0 || 961 metadata->len < sizeof(OvmfSevMetadata) || 962 metadata->len > flash_size - data->offset) { 963 return; 964 } 965 966 ovmf_sev_metadata_table = g_memdup2(metadata, metadata->len); 967 } 968 969 static SevAttestationReport *sev_get_attestation_report(const char *mnonce, 970 Error **errp) 971 { 972 struct kvm_sev_attestation_report input = {}; 973 SevAttestationReport *report = NULL; 974 SevCommonState *sev_common; 975 g_autofree guchar *data = NULL; 976 g_autofree guchar *buf = NULL; 977 gsize len; 978 int err = 0, ret; 979 980 if (!sev_enabled()) { 981 error_setg(errp, "SEV is not enabled"); 982 return NULL; 983 } 984 985 /* lets decode the mnonce string */ 986 buf = g_base64_decode(mnonce, &len); 987 if (!buf) { 988 error_setg(errp, "SEV: failed to decode mnonce input"); 989 return NULL; 990 } 991 992 /* verify the input mnonce length */ 993 if (len != sizeof(input.mnonce)) { 994 error_setg(errp, "SEV: mnonce must be %zu bytes (got %" G_GSIZE_FORMAT ")", 995 sizeof(input.mnonce), len); 996 return NULL; 997 } 998 999 sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 1000 1001 /* Query the report length */ 1002 ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, 1003 &input, &err); 1004 if (ret < 0) { 1005 if (err != SEV_RET_INVALID_LEN) { 1006 error_setg(errp, "SEV: Failed to query the attestation report" 1007 " length ret=%d fw_err=%d (%s)", 1008 ret, err, fw_error_to_str(err)); 1009 return NULL; 1010 } 1011 } 1012 1013 data = g_malloc(input.len); 1014 input.uaddr = (unsigned long)data; 1015 memcpy(input.mnonce, buf, sizeof(input.mnonce)); 1016 1017 /* Query the report */ 1018 ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, 1019 &input, &err); 1020 if (ret) { 1021 error_setg_errno(errp, errno, "SEV: Failed to get attestation report" 1022 " ret=%d fw_err=%d (%s)", ret, err, fw_error_to_str(err)); 1023 return NULL; 1024 } 1025 1026 report = g_new0(SevAttestationReport, 1); 1027 report->data = g_base64_encode(data, input.len); 1028 1029 trace_kvm_sev_attestation_report(mnonce, report->data); 1030 1031 return report; 1032 } 1033 1034 SevAttestationReport *qmp_query_sev_attestation_report(const char *mnonce, 1035 Error **errp) 1036 { 1037 return sev_get_attestation_report(mnonce, errp); 1038 } 1039 1040 static int 1041 sev_read_file_base64(const char *filename, guchar **data, gsize *len) 1042 { 1043 gsize sz; 1044 g_autofree gchar *base64 = NULL; 1045 GError *error = NULL; 1046 1047 if (!g_file_get_contents(filename, &base64, &sz, &error)) { 1048 error_report("SEV: Failed to read '%s' (%s)", filename, error->message); 1049 g_error_free(error); 1050 return -1; 1051 } 1052 1053 *data = g_base64_decode(base64, len); 1054 return 0; 1055 } 1056 1057 static int 1058 sev_snp_launch_start(SevCommonState *sev_common) 1059 { 1060 int fw_error, rc; 1061 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(sev_common); 1062 struct kvm_sev_snp_launch_start *start = &sev_snp_guest->kvm_start_conf; 1063 1064 trace_kvm_sev_snp_launch_start(start->policy, 1065 sev_snp_guest->guest_visible_workarounds); 1066 1067 if (!kvm_enable_hypercall(BIT_ULL(KVM_HC_MAP_GPA_RANGE))) { 1068 return 1; 1069 } 1070 1071 rc = sev_ioctl(sev_common->sev_fd, KVM_SEV_SNP_LAUNCH_START, 1072 start, &fw_error); 1073 if (rc < 0) { 1074 error_report("%s: SNP_LAUNCH_START ret=%d fw_error=%d '%s'", 1075 __func__, rc, fw_error, fw_error_to_str(fw_error)); 1076 return 1; 1077 } 1078 1079 QTAILQ_INIT(&launch_update); 1080 1081 sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_UPDATE); 1082 1083 return 0; 1084 } 1085 1086 static int 1087 sev_launch_start(SevCommonState *sev_common) 1088 { 1089 gsize sz; 1090 int ret = 1; 1091 int fw_error, rc; 1092 SevGuestState *sev_guest = SEV_GUEST(sev_common); 1093 struct kvm_sev_launch_start start = { 1094 .handle = sev_guest->handle, .policy = sev_guest->policy 1095 }; 1096 guchar *session = NULL, *dh_cert = NULL; 1097 1098 if (sev_guest->session_file) { 1099 if (sev_read_file_base64(sev_guest->session_file, &session, &sz) < 0) { 1100 goto out; 1101 } 1102 start.session_uaddr = (unsigned long)session; 1103 start.session_len = sz; 1104 } 1105 1106 if (sev_guest->dh_cert_file) { 1107 if (sev_read_file_base64(sev_guest->dh_cert_file, &dh_cert, &sz) < 0) { 1108 goto out; 1109 } 1110 start.dh_uaddr = (unsigned long)dh_cert; 1111 start.dh_len = sz; 1112 } 1113 1114 trace_kvm_sev_launch_start(start.policy, session, dh_cert); 1115 rc = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_START, &start, &fw_error); 1116 if (rc < 0) { 1117 error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'", 1118 __func__, ret, fw_error, fw_error_to_str(fw_error)); 1119 goto out; 1120 } 1121 1122 sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_UPDATE); 1123 sev_guest->handle = start.handle; 1124 ret = 0; 1125 1126 out: 1127 g_free(session); 1128 g_free(dh_cert); 1129 return ret; 1130 } 1131 1132 static void 1133 sev_snp_cpuid_report_mismatches(SnpCpuidInfo *old, 1134 SnpCpuidInfo *new) 1135 { 1136 size_t i; 1137 1138 if (old->count != new->count) { 1139 error_report("SEV-SNP: CPUID validation failed due to count mismatch, " 1140 "provided: %d, expected: %d", old->count, new->count); 1141 return; 1142 } 1143 1144 for (i = 0; i < old->count; i++) { 1145 SnpCpuidFunc *old_func, *new_func; 1146 1147 old_func = &old->entries[i]; 1148 new_func = &new->entries[i]; 1149 1150 if (memcmp(old_func, new_func, sizeof(SnpCpuidFunc))) { 1151 error_report("SEV-SNP: CPUID validation failed for function 0x%x, index: 0x%x, " 1152 "provided: eax:0x%08x, ebx: 0x%08x, ecx: 0x%08x, edx: 0x%08x, " 1153 "expected: eax:0x%08x, ebx: 0x%08x, ecx: 0x%08x, edx: 0x%08x", 1154 old_func->eax_in, old_func->ecx_in, 1155 old_func->eax, old_func->ebx, old_func->ecx, old_func->edx, 1156 new_func->eax, new_func->ebx, new_func->ecx, new_func->edx); 1157 } 1158 } 1159 } 1160 1161 static const char * 1162 snp_page_type_to_str(int type) 1163 { 1164 switch (type) { 1165 case KVM_SEV_SNP_PAGE_TYPE_NORMAL: return "Normal"; 1166 case KVM_SEV_SNP_PAGE_TYPE_ZERO: return "Zero"; 1167 case KVM_SEV_SNP_PAGE_TYPE_UNMEASURED: return "Unmeasured"; 1168 case KVM_SEV_SNP_PAGE_TYPE_SECRETS: return "Secrets"; 1169 case KVM_SEV_SNP_PAGE_TYPE_CPUID: return "Cpuid"; 1170 default: return "unknown"; 1171 } 1172 } 1173 1174 static int 1175 sev_snp_launch_update(SevSnpGuestState *sev_snp_guest, 1176 SevLaunchUpdateData *data) 1177 { 1178 int ret, fw_error; 1179 SnpCpuidInfo snp_cpuid_info; 1180 struct kvm_sev_snp_launch_update update = {0}; 1181 1182 if (!data->hva || !data->len) { 1183 error_report("SNP_LAUNCH_UPDATE called with invalid address" 1184 "/ length: %p / %zx", 1185 data->hva, data->len); 1186 return 1; 1187 } 1188 1189 if (data->type == KVM_SEV_SNP_PAGE_TYPE_CPUID) { 1190 /* Save a copy for comparison in case the LAUNCH_UPDATE fails */ 1191 memcpy(&snp_cpuid_info, data->hva, sizeof(snp_cpuid_info)); 1192 } 1193 1194 update.uaddr = (__u64)(unsigned long)data->hva; 1195 update.gfn_start = data->gpa >> TARGET_PAGE_BITS; 1196 update.len = data->len; 1197 update.type = data->type; 1198 1199 /* 1200 * KVM_SEV_SNP_LAUNCH_UPDATE requires that GPA ranges have the private 1201 * memory attribute set in advance. 1202 */ 1203 ret = kvm_set_memory_attributes_private(data->gpa, data->len); 1204 if (ret) { 1205 error_report("SEV-SNP: failed to configure initial" 1206 "private guest memory"); 1207 goto out; 1208 } 1209 1210 while (update.len || ret == -EAGAIN) { 1211 trace_kvm_sev_snp_launch_update(update.uaddr, update.gfn_start << 1212 TARGET_PAGE_BITS, update.len, 1213 snp_page_type_to_str(update.type)); 1214 1215 ret = sev_ioctl(SEV_COMMON(sev_snp_guest)->sev_fd, 1216 KVM_SEV_SNP_LAUNCH_UPDATE, 1217 &update, &fw_error); 1218 if (ret && ret != -EAGAIN) { 1219 error_report("SNP_LAUNCH_UPDATE ret=%d fw_error=%d '%s'", 1220 ret, fw_error, fw_error_to_str(fw_error)); 1221 1222 if (data->type == KVM_SEV_SNP_PAGE_TYPE_CPUID) { 1223 sev_snp_cpuid_report_mismatches(&snp_cpuid_info, data->hva); 1224 error_report("SEV-SNP: failed update CPUID page"); 1225 } 1226 break; 1227 } 1228 } 1229 1230 out: 1231 if (!ret && update.gfn_start << TARGET_PAGE_BITS != data->gpa + data->len) { 1232 error_report("SEV-SNP: expected update of GPA range %" 1233 HWADDR_PRIx "-%" HWADDR_PRIx "," 1234 "got GPA range %" HWADDR_PRIx "-%llx", 1235 data->gpa, data->gpa + data->len, data->gpa, 1236 update.gfn_start << TARGET_PAGE_BITS); 1237 ret = -EIO; 1238 } 1239 1240 return ret; 1241 } 1242 1243 static uint32_t 1244 sev_snp_adjust_cpuid_features(X86ConfidentialGuest *cg, uint32_t feature, uint32_t index, 1245 int reg, uint32_t value) 1246 { 1247 switch (feature) { 1248 case 1: 1249 if (reg == R_ECX) { 1250 return value & ~CPUID_EXT_TSC_DEADLINE_TIMER; 1251 } 1252 break; 1253 case 7: 1254 if (index == 0 && reg == R_EBX) { 1255 return value & ~CPUID_7_0_EBX_TSC_ADJUST; 1256 } 1257 if (index == 0 && reg == R_EDX) { 1258 return value & ~(CPUID_7_0_EDX_SPEC_CTRL | 1259 CPUID_7_0_EDX_STIBP | 1260 CPUID_7_0_EDX_FLUSH_L1D | 1261 CPUID_7_0_EDX_ARCH_CAPABILITIES | 1262 CPUID_7_0_EDX_CORE_CAPABILITY | 1263 CPUID_7_0_EDX_SPEC_CTRL_SSBD); 1264 } 1265 break; 1266 case 0x80000008: 1267 if (reg == R_EBX) { 1268 return value & ~CPUID_8000_0008_EBX_VIRT_SSBD; 1269 } 1270 break; 1271 } 1272 return value; 1273 } 1274 1275 static int sev_launch_update_data(SevCommonState *sev_common, hwaddr gpa, 1276 uint8_t *addr, size_t len, Error **errp) 1277 { 1278 int ret, fw_error; 1279 struct kvm_sev_launch_update_data update; 1280 1281 if (!addr || !len) { 1282 return 1; 1283 } 1284 1285 update.uaddr = (uintptr_t)addr; 1286 update.len = len; 1287 trace_kvm_sev_launch_update_data(addr, len); 1288 ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, 1289 &update, &fw_error); 1290 if (ret) { 1291 error_setg(errp, "%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", __func__, 1292 ret, fw_error, fw_error_to_str(fw_error)); 1293 } 1294 1295 return ret; 1296 } 1297 1298 static int 1299 sev_launch_update_vmsa(SevGuestState *sev_guest) 1300 { 1301 int ret, fw_error; 1302 CPUState *cpu; 1303 1304 /* 1305 * The initial CPU state is measured as part of KVM_SEV_LAUNCH_UPDATE_VMSA. 1306 * Synchronise the CPU state to any provided launch VMSA structures. 1307 */ 1308 CPU_FOREACH(cpu) { 1309 sev_apply_cpu_context(cpu); 1310 } 1311 1312 1313 ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_UPDATE_VMSA, 1314 NULL, &fw_error); 1315 if (ret) { 1316 error_report("%s: LAUNCH_UPDATE_VMSA ret=%d fw_error=%d '%s'", 1317 __func__, ret, fw_error, fw_error_to_str(fw_error)); 1318 } 1319 1320 return ret; 1321 } 1322 1323 static void 1324 sev_launch_get_measure(Notifier *notifier, void *unused) 1325 { 1326 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 1327 SevGuestState *sev_guest = SEV_GUEST(sev_common); 1328 int ret, error; 1329 g_autofree guchar *data = NULL; 1330 struct kvm_sev_launch_measure measurement = {}; 1331 1332 if (!sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { 1333 return; 1334 } 1335 1336 if (sev_es_enabled()) { 1337 /* measure all the VM save areas before getting launch_measure */ 1338 ret = sev_launch_update_vmsa(sev_guest); 1339 if (ret) { 1340 exit(1); 1341 } 1342 kvm_mark_guest_state_protected(); 1343 } 1344 1345 /* query the measurement blob length */ 1346 ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_MEASURE, 1347 &measurement, &error); 1348 if (!measurement.len) { 1349 error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", 1350 __func__, ret, error, fw_error_to_str(errno)); 1351 return; 1352 } 1353 1354 data = g_new0(guchar, measurement.len); 1355 measurement.uaddr = (unsigned long)data; 1356 1357 /* get the measurement blob */ 1358 ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_MEASURE, 1359 &measurement, &error); 1360 if (ret) { 1361 error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", 1362 __func__, ret, error, fw_error_to_str(errno)); 1363 return; 1364 } 1365 1366 sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_SECRET); 1367 1368 /* encode the measurement value and emit the event */ 1369 sev_guest->measurement = g_base64_encode(data, measurement.len); 1370 trace_kvm_sev_launch_measurement(sev_guest->measurement); 1371 } 1372 1373 static char *sev_get_launch_measurement(void) 1374 { 1375 ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; 1376 SevGuestState *sev_guest = 1377 (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUEST); 1378 1379 if (sev_guest && 1380 SEV_COMMON(sev_guest)->state >= SEV_STATE_LAUNCH_SECRET) { 1381 return g_strdup(sev_guest->measurement); 1382 } 1383 1384 return NULL; 1385 } 1386 1387 SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Error **errp) 1388 { 1389 char *data; 1390 SevLaunchMeasureInfo *info; 1391 1392 data = sev_get_launch_measurement(); 1393 if (!data) { 1394 error_setg(errp, "SEV launch measurement is not available"); 1395 return NULL; 1396 } 1397 1398 info = g_malloc0(sizeof(*info)); 1399 info->data = data; 1400 1401 return info; 1402 } 1403 1404 static Notifier sev_machine_done_notify = { 1405 .notify = sev_launch_get_measure, 1406 }; 1407 1408 static void 1409 sev_launch_finish(SevCommonState *sev_common) 1410 { 1411 int ret, error; 1412 1413 trace_kvm_sev_launch_finish(); 1414 ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, 1415 &error); 1416 if (ret) { 1417 error_report("%s: LAUNCH_FINISH ret=%d fw_error=%d '%s'", 1418 __func__, ret, error, fw_error_to_str(error)); 1419 exit(1); 1420 } 1421 1422 sev_set_guest_state(sev_common, SEV_STATE_RUNNING); 1423 1424 /* add migration blocker */ 1425 error_setg(&sev_mig_blocker, 1426 "SEV: Migration is not implemented"); 1427 migrate_add_blocker(&sev_mig_blocker, &error_fatal); 1428 } 1429 1430 static int snp_launch_update_data(uint64_t gpa, void *hva, size_t len, 1431 int type, Error **errp) 1432 { 1433 SevLaunchUpdateData *data; 1434 1435 data = g_new0(SevLaunchUpdateData, 1); 1436 data->gpa = gpa; 1437 data->hva = hva; 1438 data->len = len; 1439 data->type = type; 1440 1441 QTAILQ_INSERT_TAIL(&launch_update, data, next); 1442 1443 return 0; 1444 } 1445 1446 static int sev_snp_launch_update_data(SevCommonState *sev_common, hwaddr gpa, 1447 uint8_t *ptr, size_t len, Error **errp) 1448 { 1449 return snp_launch_update_data(gpa, ptr, len, 1450 KVM_SEV_SNP_PAGE_TYPE_NORMAL, errp); 1451 } 1452 1453 static int 1454 sev_snp_cpuid_info_fill(SnpCpuidInfo *snp_cpuid_info, 1455 const KvmCpuidInfo *kvm_cpuid_info, Error **errp) 1456 { 1457 size_t i; 1458 1459 if (kvm_cpuid_info->cpuid.nent > SNP_CPUID_FUNCTION_MAXCOUNT) { 1460 error_setg(errp, "SEV-SNP: CPUID entry count (%d) exceeds max (%d)", 1461 kvm_cpuid_info->cpuid.nent, SNP_CPUID_FUNCTION_MAXCOUNT); 1462 return -1; 1463 } 1464 1465 memset(snp_cpuid_info, 0, sizeof(*snp_cpuid_info)); 1466 1467 for (i = 0; i < kvm_cpuid_info->cpuid.nent; i++) { 1468 const struct kvm_cpuid_entry2 *kvm_cpuid_entry; 1469 SnpCpuidFunc *snp_cpuid_entry; 1470 1471 kvm_cpuid_entry = &kvm_cpuid_info->entries[i]; 1472 snp_cpuid_entry = &snp_cpuid_info->entries[i]; 1473 1474 snp_cpuid_entry->eax_in = kvm_cpuid_entry->function; 1475 if (kvm_cpuid_entry->flags == KVM_CPUID_FLAG_SIGNIFCANT_INDEX) { 1476 snp_cpuid_entry->ecx_in = kvm_cpuid_entry->index; 1477 } 1478 snp_cpuid_entry->eax = kvm_cpuid_entry->eax; 1479 snp_cpuid_entry->ebx = kvm_cpuid_entry->ebx; 1480 snp_cpuid_entry->ecx = kvm_cpuid_entry->ecx; 1481 snp_cpuid_entry->edx = kvm_cpuid_entry->edx; 1482 1483 /* 1484 * Guest kernels will calculate EBX themselves using the 0xD 1485 * subfunctions corresponding to the individual XSAVE areas, so only 1486 * encode the base XSAVE size in the initial leaves, corresponding 1487 * to the initial XCR0=1 state. 1488 */ 1489 if (snp_cpuid_entry->eax_in == 0xD && 1490 (snp_cpuid_entry->ecx_in == 0x0 || snp_cpuid_entry->ecx_in == 0x1)) { 1491 snp_cpuid_entry->ebx = 0x240; 1492 snp_cpuid_entry->xcr0_in = 1; 1493 snp_cpuid_entry->xss_in = 0; 1494 } 1495 } 1496 1497 snp_cpuid_info->count = i; 1498 1499 return 0; 1500 } 1501 1502 static int snp_launch_update_cpuid(uint32_t cpuid_addr, void *hva, 1503 size_t cpuid_len, Error **errp) 1504 { 1505 KvmCpuidInfo kvm_cpuid_info = {0}; 1506 SnpCpuidInfo snp_cpuid_info; 1507 CPUState *cs = first_cpu; 1508 int ret; 1509 uint32_t i = 0; 1510 1511 assert(sizeof(snp_cpuid_info) <= cpuid_len); 1512 1513 /* get the cpuid list from KVM */ 1514 do { 1515 kvm_cpuid_info.cpuid.nent = ++i; 1516 ret = kvm_vcpu_ioctl(cs, KVM_GET_CPUID2, &kvm_cpuid_info); 1517 } while (ret == -E2BIG); 1518 1519 if (ret) { 1520 error_setg(errp, "SEV-SNP: unable to query CPUID values for CPU: '%s'", 1521 strerror(-ret)); 1522 return -1; 1523 } 1524 1525 ret = sev_snp_cpuid_info_fill(&snp_cpuid_info, &kvm_cpuid_info, errp); 1526 if (ret < 0) { 1527 return -1; 1528 } 1529 1530 memcpy(hva, &snp_cpuid_info, sizeof(snp_cpuid_info)); 1531 1532 return snp_launch_update_data(cpuid_addr, hva, cpuid_len, 1533 KVM_SEV_SNP_PAGE_TYPE_CPUID, errp); 1534 } 1535 1536 static int snp_launch_update_kernel_hashes(SevSnpGuestState *sev_snp, 1537 uint32_t addr, void *hva, 1538 uint32_t len, Error **errp) 1539 { 1540 int type = KVM_SEV_SNP_PAGE_TYPE_ZERO; 1541 if (sev_snp->parent_obj.kernel_hashes) { 1542 assert(sev_snp->kernel_hashes_data); 1543 assert((sev_snp->kernel_hashes_offset + 1544 sizeof(*sev_snp->kernel_hashes_data)) <= len); 1545 memset(hva, 0, len); 1546 memcpy(hva + sev_snp->kernel_hashes_offset, sev_snp->kernel_hashes_data, 1547 sizeof(*sev_snp->kernel_hashes_data)); 1548 type = KVM_SEV_SNP_PAGE_TYPE_NORMAL; 1549 } 1550 return snp_launch_update_data(addr, hva, len, type, errp); 1551 } 1552 1553 static int 1554 snp_metadata_desc_to_page_type(int desc_type) 1555 { 1556 switch (desc_type) { 1557 /* Add the umeasured prevalidated pages as a zero page */ 1558 case SEV_DESC_TYPE_SNP_SEC_MEM: return KVM_SEV_SNP_PAGE_TYPE_ZERO; 1559 case SEV_DESC_TYPE_SNP_SECRETS: return KVM_SEV_SNP_PAGE_TYPE_SECRETS; 1560 case SEV_DESC_TYPE_CPUID: return KVM_SEV_SNP_PAGE_TYPE_CPUID; 1561 default: 1562 return KVM_SEV_SNP_PAGE_TYPE_ZERO; 1563 } 1564 } 1565 1566 static void 1567 snp_populate_metadata_pages(SevSnpGuestState *sev_snp, 1568 OvmfSevMetadata *metadata) 1569 { 1570 OvmfSevMetadataDesc *desc; 1571 int type, ret, i; 1572 void *hva; 1573 MemoryRegion *mr = NULL; 1574 1575 for (i = 0; i < metadata->num_desc; i++) { 1576 desc = &metadata->descs[i]; 1577 1578 type = snp_metadata_desc_to_page_type(desc->type); 1579 1580 hva = gpa2hva(&mr, desc->base, desc->len, NULL); 1581 if (!hva) { 1582 error_report("%s: Failed to get HVA for GPA 0x%x sz 0x%x", 1583 __func__, desc->base, desc->len); 1584 exit(1); 1585 } 1586 1587 if (type == KVM_SEV_SNP_PAGE_TYPE_CPUID) { 1588 ret = snp_launch_update_cpuid(desc->base, hva, desc->len, 1589 &error_fatal); 1590 } else if (desc->type == SEV_DESC_TYPE_SNP_KERNEL_HASHES) { 1591 ret = snp_launch_update_kernel_hashes(sev_snp, desc->base, hva, 1592 desc->len, &error_fatal); 1593 } else { 1594 ret = snp_launch_update_data(desc->base, hva, desc->len, type, 1595 &error_fatal); 1596 } 1597 1598 if (ret) { 1599 error_report("%s: Failed to add metadata page gpa 0x%x+%x type %d", 1600 __func__, desc->base, desc->len, desc->type); 1601 exit(1); 1602 } 1603 } 1604 } 1605 1606 static void 1607 sev_snp_launch_finish(SevCommonState *sev_common) 1608 { 1609 int ret, error; 1610 Error *local_err = NULL; 1611 OvmfSevMetadata *metadata; 1612 SevLaunchUpdateData *data; 1613 SevSnpGuestState *sev_snp = SEV_SNP_GUEST(sev_common); 1614 struct kvm_sev_snp_launch_finish *finish = &sev_snp->kvm_finish_conf; 1615 1616 /* 1617 * Populate all the metadata pages if not using an IGVM file. In the case 1618 * where an IGVM file is provided it will be used to configure the metadata 1619 * pages directly. 1620 */ 1621 if (!X86_MACHINE(qdev_get_machine())->igvm) { 1622 /* 1623 * To boot the SNP guest, the hypervisor is required to populate the 1624 * CPUID and Secrets page before finalizing the launch flow. The 1625 * location of the secrets and CPUID page is available through the 1626 * OVMF metadata GUID. 1627 */ 1628 metadata = pc_system_get_ovmf_sev_metadata_ptr(); 1629 if (metadata == NULL) { 1630 error_report("%s: Failed to locate SEV metadata header", __func__); 1631 exit(1); 1632 } 1633 1634 /* Populate all the metadata pages */ 1635 snp_populate_metadata_pages(sev_snp, metadata); 1636 } 1637 1638 QTAILQ_FOREACH(data, &launch_update, next) { 1639 ret = sev_snp_launch_update(sev_snp, data); 1640 if (ret) { 1641 exit(1); 1642 } 1643 } 1644 1645 trace_kvm_sev_snp_launch_finish(sev_snp->id_block_base64, sev_snp->id_auth_base64, 1646 sev_snp->host_data); 1647 ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_SNP_LAUNCH_FINISH, 1648 finish, &error); 1649 if (ret) { 1650 error_report("SNP_LAUNCH_FINISH ret=%d fw_error=%d '%s'", 1651 ret, error, fw_error_to_str(error)); 1652 exit(1); 1653 } 1654 1655 kvm_mark_guest_state_protected(); 1656 sev_set_guest_state(sev_common, SEV_STATE_RUNNING); 1657 1658 /* add migration blocker */ 1659 error_setg(&sev_mig_blocker, 1660 "SEV-SNP: Migration is not implemented"); 1661 ret = migrate_add_blocker(&sev_mig_blocker, &local_err); 1662 if (local_err) { 1663 error_report_err(local_err); 1664 error_free(sev_mig_blocker); 1665 exit(1); 1666 } 1667 } 1668 1669 1670 static void 1671 sev_vm_state_change(void *opaque, bool running, RunState state) 1672 { 1673 SevCommonState *sev_common = opaque; 1674 SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(opaque); 1675 1676 if (running) { 1677 if (!sev_check_state(sev_common, SEV_STATE_RUNNING)) { 1678 klass->launch_finish(sev_common); 1679 } 1680 } 1681 } 1682 1683 /* 1684 * This helper is to examine sev-guest properties and determine if any options 1685 * have been set which rely on the newer KVM_SEV_INIT2 interface and associated 1686 * KVM VM types. 1687 */ 1688 static bool sev_init2_required(SevGuestState *sev_guest) 1689 { 1690 /* Currently no KVM_SEV_INIT2-specific options are exposed via QEMU */ 1691 return false; 1692 } 1693 1694 static int sev_kvm_type(X86ConfidentialGuest *cg) 1695 { 1696 SevCommonState *sev_common = SEV_COMMON(cg); 1697 SevGuestState *sev_guest = SEV_GUEST(sev_common); 1698 int kvm_type; 1699 1700 if (sev_common->kvm_type != -1) { 1701 goto out; 1702 } 1703 1704 /* These are the only cases where legacy VM types can be used. */ 1705 if (sev_guest->legacy_vm_type == ON_OFF_AUTO_ON || 1706 (sev_guest->legacy_vm_type == ON_OFF_AUTO_AUTO && 1707 !sev_init2_required(sev_guest))) { 1708 sev_common->kvm_type = KVM_X86_DEFAULT_VM; 1709 goto out; 1710 } 1711 1712 /* 1713 * Newer VM types are required, either explicitly via legacy-vm-type=on, or 1714 * implicitly via legacy-vm-type=auto along with additional sev-guest 1715 * properties that require the newer VM types. 1716 */ 1717 kvm_type = (sev_guest->policy & SEV_POLICY_ES) ? 1718 KVM_X86_SEV_ES_VM : KVM_X86_SEV_VM; 1719 if (!kvm_is_vm_type_supported(kvm_type)) { 1720 if (sev_guest->legacy_vm_type == ON_OFF_AUTO_AUTO) { 1721 error_report("SEV: host kernel does not support requested %s VM type, which is required " 1722 "for the set of options specified. To allow use of the legacy " 1723 "KVM_X86_DEFAULT_VM VM type, please disable any options that are not " 1724 "compatible with the legacy VM type, or upgrade your kernel.", 1725 kvm_type == KVM_X86_SEV_VM ? "KVM_X86_SEV_VM" : "KVM_X86_SEV_ES_VM"); 1726 } else { 1727 error_report("SEV: host kernel does not support requested %s VM type. To allow use of " 1728 "the legacy KVM_X86_DEFAULT_VM VM type, the 'legacy-vm-type' argument " 1729 "must be set to 'on' or 'auto' for the sev-guest object.", 1730 kvm_type == KVM_X86_SEV_VM ? "KVM_X86_SEV_VM" : "KVM_X86_SEV_ES_VM"); 1731 } 1732 1733 return -1; 1734 } 1735 1736 sev_common->kvm_type = kvm_type; 1737 out: 1738 return sev_common->kvm_type; 1739 } 1740 1741 static int sev_snp_kvm_type(X86ConfidentialGuest *cg) 1742 { 1743 return KVM_X86_SNP_VM; 1744 } 1745 1746 static int sev_init_supported_features(ConfidentialGuestSupport *cgs, 1747 SevCommonState *sev_common, Error **errp) 1748 { 1749 X86ConfidentialGuestClass *x86_klass = 1750 X86_CONFIDENTIAL_GUEST_GET_CLASS(cgs); 1751 /* 1752 * Older kernels do not support query or setting of sev_features. In this 1753 * case the set of supported features must be zero to match the settings 1754 * in the kernel. 1755 */ 1756 if (x86_klass->kvm_type(X86_CONFIDENTIAL_GUEST(sev_common)) == 1757 KVM_X86_DEFAULT_VM) { 1758 sev_common->supported_sev_features = 0; 1759 return 0; 1760 } 1761 1762 /* Query KVM for the supported set of sev_features */ 1763 struct kvm_device_attr attr = { 1764 .group = KVM_X86_GRP_SEV, 1765 .attr = KVM_X86_SEV_VMSA_FEATURES, 1766 .addr = (unsigned long)&sev_common->supported_sev_features, 1767 }; 1768 if (kvm_ioctl(kvm_state, KVM_GET_DEVICE_ATTR, &attr) < 0) { 1769 error_setg(errp, "%s: failed to query supported sev_features", 1770 __func__); 1771 return -1; 1772 } 1773 if (sev_snp_enabled()) { 1774 sev_common->supported_sev_features |= SVM_SEV_FEAT_SNP_ACTIVE; 1775 } 1776 return 0; 1777 } 1778 1779 static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) 1780 { 1781 char *devname; 1782 int ret, fw_error, cmd; 1783 uint32_t ebx; 1784 uint32_t host_cbitpos; 1785 struct sev_user_data_status status = {}; 1786 SevCommonState *sev_common = SEV_COMMON(cgs); 1787 SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(cgs); 1788 X86ConfidentialGuestClass *x86_klass = 1789 X86_CONFIDENTIAL_GUEST_GET_CLASS(cgs); 1790 1791 sev_common->state = SEV_STATE_UNINIT; 1792 1793 host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); 1794 host_cbitpos = ebx & 0x3f; 1795 1796 /* 1797 * The cbitpos value will be placed in bit positions 5:0 of the EBX 1798 * register of CPUID 0x8000001F. No need to verify the range as the 1799 * comparison against the host value accomplishes that. 1800 */ 1801 if (host_cbitpos != sev_common->cbitpos) { 1802 error_setg(errp, "%s: cbitpos check failed, host '%d' requested '%d'", 1803 __func__, host_cbitpos, sev_common->cbitpos); 1804 return -1; 1805 } 1806 1807 /* 1808 * The reduced-phys-bits value will be placed in bit positions 11:6 of 1809 * the EBX register of CPUID 0x8000001F, so verify the supplied value 1810 * is in the range of 1 to 63. 1811 */ 1812 if (sev_common->reduced_phys_bits < 1 || 1813 sev_common->reduced_phys_bits > 63) { 1814 error_setg(errp, "%s: reduced_phys_bits check failed," 1815 " it should be in the range of 1 to 63, requested '%d'", 1816 __func__, sev_common->reduced_phys_bits); 1817 return -1; 1818 } 1819 1820 devname = object_property_get_str(OBJECT(sev_common), "sev-device", NULL); 1821 sev_common->sev_fd = open(devname, O_RDWR); 1822 if (sev_common->sev_fd < 0) { 1823 error_setg(errp, "%s: Failed to open %s '%s'", __func__, 1824 devname, strerror(errno)); 1825 g_free(devname); 1826 return -1; 1827 } 1828 g_free(devname); 1829 1830 ret = sev_platform_ioctl(sev_common->sev_fd, SEV_PLATFORM_STATUS, &status, 1831 &fw_error); 1832 if (ret) { 1833 error_setg(errp, "%s: failed to get platform status ret=%d " 1834 "fw_error='%d: %s'", __func__, ret, fw_error, 1835 fw_error_to_str(fw_error)); 1836 return -1; 1837 } 1838 sev_common->build_id = status.build; 1839 sev_common->api_major = status.api_major; 1840 sev_common->api_minor = status.api_minor; 1841 1842 if (sev_es_enabled()) { 1843 if (!kvm_kernel_irqchip_allowed()) { 1844 error_setg(errp, "%s: SEV-ES guests require in-kernel irqchip" 1845 "support", __func__); 1846 return -1; 1847 } 1848 } 1849 1850 if (sev_es_enabled() && !sev_snp_enabled()) { 1851 if (!(status.flags & SEV_STATUS_FLAGS_CONFIG_ES)) { 1852 error_setg(errp, "%s: guest policy requires SEV-ES, but " 1853 "host SEV-ES support unavailable", 1854 __func__); 1855 return -1; 1856 } 1857 } 1858 1859 if (sev_init_supported_features(cgs, sev_common, errp) < 0) { 1860 return -1; 1861 } 1862 1863 trace_kvm_sev_init(); 1864 switch (x86_klass->kvm_type(X86_CONFIDENTIAL_GUEST(sev_common))) { 1865 case KVM_X86_DEFAULT_VM: 1866 cmd = sev_es_enabled() ? KVM_SEV_ES_INIT : KVM_SEV_INIT; 1867 1868 ret = sev_ioctl(sev_common->sev_fd, cmd, NULL, &fw_error); 1869 break; 1870 case KVM_X86_SEV_VM: 1871 case KVM_X86_SEV_ES_VM: 1872 case KVM_X86_SNP_VM: { 1873 struct kvm_sev_init args = { 0 }; 1874 MachineState *machine = MACHINE(qdev_get_machine()); 1875 X86MachineState *x86machine = X86_MACHINE(qdev_get_machine()); 1876 1877 /* 1878 * If configuration is provided via an IGVM file then the IGVM file 1879 * might contain configuration of the initial vcpu context. For SEV 1880 * the vcpu context includes the sev_features which should be applied 1881 * to the vcpu. 1882 * 1883 * KVM does not synchronize sev_features from CPU state. Instead it 1884 * requires sev_features to be provided as part of this initialization 1885 * call which is subsequently automatically applied to the VMSA of 1886 * each vcpu. 1887 * 1888 * The IGVM file is normally processed after initialization. Therefore 1889 * we need to pre-process it here to extract sev_features in order to 1890 * provide it to KVM_SEV_INIT2. Each cgs_* function that is called by 1891 * the IGVM processor detects this pre-process by observing the state 1892 * as SEV_STATE_UNINIT. 1893 */ 1894 if (x86machine->igvm) { 1895 if (IGVM_CFG_GET_CLASS(x86machine->igvm) 1896 ->process(x86machine->igvm, machine->cgs, true, errp) == 1897 -1) { 1898 return -1; 1899 } 1900 /* 1901 * KVM maintains a bitmask of allowed sev_features. This does not 1902 * include SVM_SEV_FEAT_SNP_ACTIVE which is set accordingly by KVM 1903 * itself. Therefore we need to clear this flag. 1904 */ 1905 args.vmsa_features = sev_common->sev_features & 1906 ~SVM_SEV_FEAT_SNP_ACTIVE; 1907 } 1908 1909 ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_INIT2, &args, &fw_error); 1910 break; 1911 } 1912 default: 1913 error_setg(errp, "%s: host kernel does not support the requested SEV configuration.", 1914 __func__); 1915 return -1; 1916 } 1917 1918 if (ret) { 1919 error_setg(errp, "%s: failed to initialize ret=%d fw_error=%d '%s'", 1920 __func__, ret, fw_error, fw_error_to_str(fw_error)); 1921 return -1; 1922 } 1923 1924 ret = klass->launch_start(sev_common); 1925 1926 if (ret) { 1927 error_setg(errp, "%s: failed to create encryption context", __func__); 1928 return -1; 1929 } 1930 1931 if (klass->kvm_init && klass->kvm_init(cgs, errp)) { 1932 return -1; 1933 } 1934 1935 qemu_add_vm_change_state_handler(sev_vm_state_change, sev_common); 1936 1937 cgs->ready = true; 1938 1939 return 0; 1940 } 1941 1942 static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) 1943 { 1944 int ret; 1945 1946 /* 1947 * SEV/SEV-ES rely on pinned memory to back guest RAM so discarding 1948 * isn't actually possible. With SNP, only guest_memfd pages are used 1949 * for private guest memory, so discarding of shared memory is still 1950 * possible.. 1951 */ 1952 ret = ram_block_discard_disable(true); 1953 if (ret) { 1954 error_setg(errp, "%s: cannot disable RAM discard", __func__); 1955 return -1; 1956 } 1957 1958 /* 1959 * SEV uses these notifiers to register/pin pages prior to guest use, 1960 * but SNP relies on guest_memfd for private pages, which has its 1961 * own internal mechanisms for registering/pinning private memory. 1962 */ 1963 ram_block_notifier_add(&sev_ram_notifier); 1964 1965 /* 1966 * The machine done notify event is used for SEV guests to get the 1967 * measurement of the encrypted images. When SEV-SNP is enabled, the 1968 * measurement is part of the guest attestation process where it can 1969 * be collected without any reliance on the VMM. So skip registering 1970 * the notifier for SNP in favor of using guest attestation instead. 1971 */ 1972 qemu_add_machine_init_done_notifier(&sev_machine_done_notify); 1973 1974 return 0; 1975 } 1976 1977 static int sev_snp_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) 1978 { 1979 MachineState *ms = MACHINE(qdev_get_machine()); 1980 X86MachineState *x86ms = X86_MACHINE(ms); 1981 1982 if (x86ms->smm == ON_OFF_AUTO_AUTO) { 1983 x86ms->smm = ON_OFF_AUTO_OFF; 1984 } else if (x86ms->smm == ON_OFF_AUTO_ON) { 1985 error_setg(errp, "SEV-SNP does not support SMM."); 1986 return -1; 1987 } 1988 1989 return 0; 1990 } 1991 1992 int 1993 sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp) 1994 { 1995 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 1996 SevCommonStateClass *klass; 1997 1998 if (!sev_common) { 1999 return 0; 2000 } 2001 klass = SEV_COMMON_GET_CLASS(sev_common); 2002 2003 /* if SEV is in update state then encrypt the data else do nothing */ 2004 if (sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { 2005 int ret; 2006 2007 ret = klass->launch_update_data(sev_common, gpa, ptr, len, errp); 2008 if (ret < 0) { 2009 return ret; 2010 } 2011 } 2012 2013 return 0; 2014 } 2015 2016 int sev_inject_launch_secret(const char *packet_hdr, const char *secret, 2017 uint64_t gpa, Error **errp) 2018 { 2019 ERRP_GUARD(); 2020 struct kvm_sev_launch_secret input; 2021 g_autofree guchar *data = NULL, *hdr = NULL; 2022 int error, ret = 1; 2023 void *hva; 2024 gsize hdr_sz = 0, data_sz = 0; 2025 MemoryRegion *mr = NULL; 2026 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 2027 2028 if (!sev_common) { 2029 error_setg(errp, "SEV not enabled for guest"); 2030 return 1; 2031 } 2032 2033 /* secret can be injected only in this state */ 2034 if (!sev_check_state(sev_common, SEV_STATE_LAUNCH_SECRET)) { 2035 error_setg(errp, "SEV: Not in correct state. (LSECRET) %x", 2036 sev_common->state); 2037 return 1; 2038 } 2039 2040 hdr = g_base64_decode(packet_hdr, &hdr_sz); 2041 if (!hdr || !hdr_sz) { 2042 error_setg(errp, "SEV: Failed to decode sequence header"); 2043 return 1; 2044 } 2045 2046 data = g_base64_decode(secret, &data_sz); 2047 if (!data || !data_sz) { 2048 error_setg(errp, "SEV: Failed to decode data"); 2049 return 1; 2050 } 2051 2052 hva = gpa2hva(&mr, gpa, data_sz, errp); 2053 if (!hva) { 2054 error_prepend(errp, "SEV: Failed to calculate guest address: "); 2055 return 1; 2056 } 2057 2058 input.hdr_uaddr = (uint64_t)(unsigned long)hdr; 2059 input.hdr_len = hdr_sz; 2060 2061 input.trans_uaddr = (uint64_t)(unsigned long)data; 2062 input.trans_len = data_sz; 2063 2064 input.guest_uaddr = (uint64_t)(unsigned long)hva; 2065 input.guest_len = data_sz; 2066 2067 trace_kvm_sev_launch_secret(gpa, input.guest_uaddr, 2068 input.trans_uaddr, input.trans_len); 2069 2070 ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_SECRET, 2071 &input, &error); 2072 if (ret) { 2073 error_setg(errp, "SEV: failed to inject secret ret=%d fw_error=%d '%s'", 2074 ret, error, fw_error_to_str(error)); 2075 return ret; 2076 } 2077 2078 return 0; 2079 } 2080 2081 #define SEV_SECRET_GUID "4c2eb361-7d9b-4cc3-8081-127c90d3d294" 2082 struct sev_secret_area { 2083 uint32_t base; 2084 uint32_t size; 2085 }; 2086 2087 void qmp_sev_inject_launch_secret(const char *packet_hdr, 2088 const char *secret, 2089 bool has_gpa, uint64_t gpa, 2090 Error **errp) 2091 { 2092 if (!sev_enabled()) { 2093 error_setg(errp, "SEV not enabled for guest"); 2094 return; 2095 } 2096 if (!has_gpa) { 2097 uint8_t *data; 2098 struct sev_secret_area *area; 2099 2100 if (!pc_system_ovmf_table_find(SEV_SECRET_GUID, &data, NULL)) { 2101 error_setg(errp, "SEV: no secret area found in OVMF," 2102 " gpa must be specified."); 2103 return; 2104 } 2105 area = (struct sev_secret_area *)data; 2106 gpa = area->base; 2107 } 2108 2109 sev_inject_launch_secret(packet_hdr, secret, gpa, errp); 2110 } 2111 2112 static int 2113 sev_es_parse_reset_block(SevInfoBlock *info, uint32_t *addr) 2114 { 2115 if (!info->reset_addr) { 2116 error_report("SEV-ES reset address is zero"); 2117 return 1; 2118 } 2119 2120 *addr = info->reset_addr; 2121 2122 return 0; 2123 } 2124 2125 static int 2126 sev_es_find_reset_vector(void *flash_ptr, uint64_t flash_size, 2127 uint32_t *addr) 2128 { 2129 QemuUUID info_guid, *guid; 2130 SevInfoBlock *info; 2131 uint8_t *data; 2132 uint16_t *len; 2133 2134 /* 2135 * Initialize the address to zero. An address of zero with a successful 2136 * return code indicates that SEV-ES is not active. 2137 */ 2138 *addr = 0; 2139 2140 /* 2141 * Extract the AP reset vector for SEV-ES guests by locating the SEV GUID. 2142 * The SEV GUID is located on its own (original implementation) or within 2143 * the Firmware GUID Table (new implementation), either of which are 2144 * located 32 bytes from the end of the flash. 2145 * 2146 * Check the Firmware GUID Table first. 2147 */ 2148 if (pc_system_ovmf_table_find(SEV_INFO_BLOCK_GUID, &data, NULL)) { 2149 return sev_es_parse_reset_block((SevInfoBlock *)data, addr); 2150 } 2151 2152 /* 2153 * SEV info block not found in the Firmware GUID Table (or there isn't 2154 * a Firmware GUID Table), fall back to the original implementation. 2155 */ 2156 data = flash_ptr + flash_size - 0x20; 2157 2158 qemu_uuid_parse(SEV_INFO_BLOCK_GUID, &info_guid); 2159 info_guid = qemu_uuid_bswap(info_guid); /* GUIDs are LE */ 2160 2161 guid = (QemuUUID *)(data - sizeof(info_guid)); 2162 if (!qemu_uuid_is_equal(guid, &info_guid)) { 2163 error_report("SEV information block/Firmware GUID Table block not found in pflash rom"); 2164 return 1; 2165 } 2166 2167 len = (uint16_t *)((uint8_t *)guid - sizeof(*len)); 2168 info = (SevInfoBlock *)(data - le16_to_cpu(*len)); 2169 2170 return sev_es_parse_reset_block(info, addr); 2171 } 2172 2173 2174 static void seg_to_vmsa(const SegmentCache *cpu_seg, struct vmcb_seg *vmsa_seg) 2175 { 2176 vmsa_seg->selector = cpu_seg->selector; 2177 vmsa_seg->base = cpu_seg->base; 2178 vmsa_seg->limit = cpu_seg->limit; 2179 vmsa_seg->attrib = FLAGS_SEGCACHE_TO_VMSA(cpu_seg->flags); 2180 } 2181 2182 static void initialize_vmsa(const CPUState *cpu, struct sev_es_save_area *vmsa) 2183 { 2184 const X86CPU *x86 = X86_CPU(cpu); 2185 const CPUX86State *env = &x86->env; 2186 2187 /* 2188 * Initialize the SEV-ES save area from the current state of 2189 * the CPU. The entire state does not need to be copied, only the state 2190 * that is copied back to the CPUState in sev_apply_cpu_context. 2191 */ 2192 memset(vmsa, 0, sizeof(struct sev_es_save_area)); 2193 vmsa->efer = env->efer; 2194 vmsa->cr0 = env->cr[0]; 2195 vmsa->cr3 = env->cr[3]; 2196 vmsa->cr4 = env->cr[4]; 2197 vmsa->xcr0 = env->xcr0; 2198 vmsa->g_pat = env->pat; 2199 2200 seg_to_vmsa(&env->segs[R_CS], &vmsa->cs); 2201 seg_to_vmsa(&env->segs[R_DS], &vmsa->ds); 2202 seg_to_vmsa(&env->segs[R_ES], &vmsa->es); 2203 seg_to_vmsa(&env->segs[R_FS], &vmsa->fs); 2204 seg_to_vmsa(&env->segs[R_GS], &vmsa->gs); 2205 seg_to_vmsa(&env->segs[R_SS], &vmsa->ss); 2206 2207 seg_to_vmsa(&env->gdt, &vmsa->gdtr); 2208 seg_to_vmsa(&env->idt, &vmsa->idtr); 2209 seg_to_vmsa(&env->ldt, &vmsa->ldtr); 2210 seg_to_vmsa(&env->tr, &vmsa->tr); 2211 2212 vmsa->dr6 = env->dr[6]; 2213 vmsa->dr7 = env->dr[7]; 2214 2215 vmsa->rax = env->regs[R_EAX]; 2216 vmsa->rcx = env->regs[R_ECX]; 2217 vmsa->rdx = env->regs[R_EDX]; 2218 vmsa->rbx = env->regs[R_EBX]; 2219 vmsa->rsp = env->regs[R_ESP]; 2220 vmsa->rbp = env->regs[R_EBP]; 2221 vmsa->rsi = env->regs[R_ESI]; 2222 vmsa->rdi = env->regs[R_EDI]; 2223 2224 #ifdef TARGET_X86_64 2225 vmsa->r8 = env->regs[R_R8]; 2226 vmsa->r9 = env->regs[R_R9]; 2227 vmsa->r10 = env->regs[R_R10]; 2228 vmsa->r11 = env->regs[R_R11]; 2229 vmsa->r12 = env->regs[R_R12]; 2230 vmsa->r13 = env->regs[R_R13]; 2231 vmsa->r14 = env->regs[R_R14]; 2232 vmsa->r15 = env->regs[R_R15]; 2233 #endif 2234 2235 vmsa->rip = env->eip; 2236 vmsa->rflags = env->eflags; 2237 } 2238 2239 static void sev_es_set_ap_context(uint32_t reset_addr) 2240 { 2241 CPUState *cpu; 2242 struct sev_es_save_area vmsa; 2243 SegmentCache cs; 2244 2245 cs.selector = 0xf000; 2246 cs.base = reset_addr & 0xffff0000; 2247 cs.limit = 0xffff; 2248 cs.flags = DESC_P_MASK | DESC_S_MASK | DESC_CS_MASK | DESC_R_MASK | 2249 DESC_A_MASK; 2250 2251 CPU_FOREACH(cpu) { 2252 if (cpu->cpu_index == 0) { 2253 /* Do not update the BSP reset state */ 2254 continue; 2255 } 2256 initialize_vmsa(cpu, &vmsa); 2257 seg_to_vmsa(&cs, &vmsa.cs); 2258 vmsa.rip = reset_addr & 0x0000ffff; 2259 sev_set_cpu_context(cpu->cpu_index, &vmsa, 2260 sizeof(struct sev_es_save_area), 2261 0, &error_fatal); 2262 } 2263 } 2264 2265 void sev_es_set_reset_vector(CPUState *cpu) 2266 { 2267 if (sev_enabled()) { 2268 sev_apply_cpu_context(cpu); 2269 } 2270 } 2271 2272 int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size) 2273 { 2274 uint32_t addr; 2275 int ret; 2276 2277 if (!sev_es_enabled()) { 2278 return 0; 2279 } 2280 2281 addr = 0; 2282 ret = sev_es_find_reset_vector(flash_ptr, flash_size, 2283 &addr); 2284 if (ret) { 2285 return ret; 2286 } 2287 2288 /* 2289 * The reset vector is saved into a CPU context for each AP but not for 2290 * the BSP. This is applied during guest startup or when the CPU is reset. 2291 */ 2292 if (addr) { 2293 sev_es_set_ap_context(addr); 2294 } 2295 2296 return 0; 2297 } 2298 2299 static const QemuUUID sev_hash_table_header_guid = { 2300 .data = UUID_LE(0x9438d606, 0x4f22, 0x4cc9, 0xb4, 0x79, 0xa7, 0x93, 2301 0xd4, 0x11, 0xfd, 0x21) 2302 }; 2303 2304 static const QemuUUID sev_kernel_entry_guid = { 2305 .data = UUID_LE(0x4de79437, 0xabd2, 0x427f, 0xb8, 0x35, 0xd5, 0xb1, 2306 0x72, 0xd2, 0x04, 0x5b) 2307 }; 2308 static const QemuUUID sev_initrd_entry_guid = { 2309 .data = UUID_LE(0x44baf731, 0x3a2f, 0x4bd7, 0x9a, 0xf1, 0x41, 0xe2, 2310 0x91, 0x69, 0x78, 0x1d) 2311 }; 2312 static const QemuUUID sev_cmdline_entry_guid = { 2313 .data = UUID_LE(0x97d02dd8, 0xbd20, 0x4c94, 0xaa, 0x78, 0xe7, 0x71, 2314 0x4d, 0x36, 0xab, 0x2a) 2315 }; 2316 2317 static bool build_kernel_loader_hashes(PaddedSevHashTable *padded_ht, 2318 SevKernelLoaderContext *ctx, 2319 Error **errp) 2320 { 2321 SevHashTable *ht; 2322 uint8_t cmdline_hash[HASH_SIZE]; 2323 uint8_t initrd_hash[HASH_SIZE]; 2324 uint8_t kernel_hash[HASH_SIZE]; 2325 uint8_t *hashp; 2326 size_t hash_len = HASH_SIZE; 2327 2328 /* 2329 * Calculate hash of kernel command-line with the terminating null byte. If 2330 * the user doesn't supply a command-line via -append, the 1-byte "\0" will 2331 * be used. 2332 */ 2333 hashp = cmdline_hash; 2334 if (qcrypto_hash_bytes(QCRYPTO_HASH_ALGO_SHA256, ctx->cmdline_data, 2335 ctx->cmdline_size, &hashp, &hash_len, errp) < 0) { 2336 return false; 2337 } 2338 assert(hash_len == HASH_SIZE); 2339 2340 /* 2341 * Calculate hash of initrd. If the user doesn't supply an initrd via 2342 * -initrd, an empty buffer will be used (ctx->initrd_size == 0). 2343 */ 2344 hashp = initrd_hash; 2345 if (qcrypto_hash_bytes(QCRYPTO_HASH_ALGO_SHA256, ctx->initrd_data, 2346 ctx->initrd_size, &hashp, &hash_len, errp) < 0) { 2347 return false; 2348 } 2349 assert(hash_len == HASH_SIZE); 2350 2351 /* Calculate hash of the kernel */ 2352 hashp = kernel_hash; 2353 struct iovec iov[2] = { 2354 { .iov_base = ctx->setup_data, .iov_len = ctx->setup_size }, 2355 { .iov_base = ctx->kernel_data, .iov_len = ctx->kernel_size } 2356 }; 2357 if (qcrypto_hash_bytesv(QCRYPTO_HASH_ALGO_SHA256, iov, ARRAY_SIZE(iov), 2358 &hashp, &hash_len, errp) < 0) { 2359 return false; 2360 } 2361 assert(hash_len == HASH_SIZE); 2362 2363 ht = &padded_ht->ht; 2364 2365 ht->guid = sev_hash_table_header_guid; 2366 ht->len = sizeof(*ht); 2367 2368 ht->cmdline.guid = sev_cmdline_entry_guid; 2369 ht->cmdline.len = sizeof(ht->cmdline); 2370 memcpy(ht->cmdline.hash, cmdline_hash, sizeof(ht->cmdline.hash)); 2371 2372 ht->initrd.guid = sev_initrd_entry_guid; 2373 ht->initrd.len = sizeof(ht->initrd); 2374 memcpy(ht->initrd.hash, initrd_hash, sizeof(ht->initrd.hash)); 2375 2376 ht->kernel.guid = sev_kernel_entry_guid; 2377 ht->kernel.len = sizeof(ht->kernel); 2378 memcpy(ht->kernel.hash, kernel_hash, sizeof(ht->kernel.hash)); 2379 2380 /* zero the excess data so the measurement can be reliably calculated */ 2381 memset(padded_ht->padding, 0, sizeof(padded_ht->padding)); 2382 2383 return true; 2384 } 2385 2386 static bool sev_snp_build_kernel_loader_hashes(SevCommonState *sev_common, 2387 SevHashTableDescriptor *area, 2388 SevKernelLoaderContext *ctx, 2389 Error **errp) 2390 { 2391 /* 2392 * SNP: Populate the hashes table in an area that later in 2393 * snp_launch_update_kernel_hashes() will be copied to the guest memory 2394 * and encrypted. 2395 */ 2396 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(sev_common); 2397 sev_snp_guest->kernel_hashes_offset = area->base & ~TARGET_PAGE_MASK; 2398 sev_snp_guest->kernel_hashes_data = g_new0(PaddedSevHashTable, 1); 2399 return build_kernel_loader_hashes(sev_snp_guest->kernel_hashes_data, ctx, errp); 2400 } 2401 2402 static bool sev_build_kernel_loader_hashes(SevCommonState *sev_common, 2403 SevHashTableDescriptor *area, 2404 SevKernelLoaderContext *ctx, 2405 Error **errp) 2406 { 2407 PaddedSevHashTable *padded_ht; 2408 hwaddr mapped_len = sizeof(*padded_ht); 2409 MemTxAttrs attrs = { 0 }; 2410 bool ret = true; 2411 2412 /* 2413 * Populate the hashes table in the guest's memory at the OVMF-designated 2414 * area for the SEV hashes table 2415 */ 2416 padded_ht = address_space_map(&address_space_memory, area->base, 2417 &mapped_len, true, attrs); 2418 if (!padded_ht || mapped_len != sizeof(*padded_ht)) { 2419 error_setg(errp, "SEV: cannot map hashes table guest memory area"); 2420 return false; 2421 } 2422 2423 if (build_kernel_loader_hashes(padded_ht, ctx, errp)) { 2424 if (sev_encrypt_flash(area->base, (uint8_t *)padded_ht, 2425 sizeof(*padded_ht), errp) < 0) { 2426 ret = false; 2427 } 2428 } else { 2429 ret = false; 2430 } 2431 2432 address_space_unmap(&address_space_memory, padded_ht, 2433 mapped_len, true, mapped_len); 2434 2435 return ret; 2436 } 2437 2438 /* 2439 * Add the hashes of the linux kernel/initrd/cmdline to an encrypted guest page 2440 * which is included in SEV's initial memory measurement. 2441 */ 2442 bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) 2443 { 2444 uint8_t *data; 2445 SevHashTableDescriptor *area; 2446 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 2447 SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(sev_common); 2448 2449 /* 2450 * Only add the kernel hashes if the sev-guest configuration explicitly 2451 * stated kernel-hashes=on. 2452 */ 2453 if (!sev_common->kernel_hashes) { 2454 return false; 2455 } 2456 2457 if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) { 2458 error_setg(errp, "SEV: kernel specified but guest firmware " 2459 "has no hashes table GUID"); 2460 return false; 2461 } 2462 2463 area = (SevHashTableDescriptor *)data; 2464 if (!area->base || area->size < sizeof(PaddedSevHashTable)) { 2465 error_setg(errp, "SEV: guest firmware hashes table area is invalid " 2466 "(base=0x%x size=0x%x)", area->base, area->size); 2467 return false; 2468 } 2469 2470 return klass->build_kernel_loader_hashes(sev_common, area, ctx, errp); 2471 } 2472 2473 static char * 2474 sev_common_get_sev_device(Object *obj, Error **errp) 2475 { 2476 return g_strdup(SEV_COMMON(obj)->sev_device); 2477 } 2478 2479 static void 2480 sev_common_set_sev_device(Object *obj, const char *value, Error **errp) 2481 { 2482 SEV_COMMON(obj)->sev_device = g_strdup(value); 2483 } 2484 2485 static bool sev_common_get_kernel_hashes(Object *obj, Error **errp) 2486 { 2487 return SEV_COMMON(obj)->kernel_hashes; 2488 } 2489 2490 static void sev_common_set_kernel_hashes(Object *obj, bool value, Error **errp) 2491 { 2492 SEV_COMMON(obj)->kernel_hashes = value; 2493 } 2494 2495 static bool cgs_check_support(ConfidentialGuestPlatformType platform, 2496 uint16_t platform_version, uint8_t highest_vtl, 2497 uint64_t shared_gpa_boundary) 2498 { 2499 return (((platform == CGS_PLATFORM_SEV_SNP) && sev_snp_enabled()) || 2500 ((platform == CGS_PLATFORM_SEV_ES) && sev_es_enabled()) || 2501 ((platform == CGS_PLATFORM_SEV) && sev_enabled())); 2502 } 2503 2504 static int cgs_set_guest_state(hwaddr gpa, uint8_t *ptr, uint64_t len, 2505 ConfidentialGuestPageType memory_type, 2506 uint16_t cpu_index, Error **errp) 2507 { 2508 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 2509 SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(sev_common); 2510 2511 if (sev_common->state == SEV_STATE_UNINIT) { 2512 /* Pre-processing of IGVM file called from sev_common_kvm_init() */ 2513 if ((cpu_index == 0) && (memory_type == CGS_PAGE_TYPE_VMSA)) { 2514 const struct sev_es_save_area *sa = 2515 (const struct sev_es_save_area *)ptr; 2516 if (len < sizeof(*sa)) { 2517 error_setg(errp, "%s: invalid VMSA length encountered", 2518 __func__); 2519 return -1; 2520 } 2521 if (check_sev_features(sev_common, sa->sev_features, errp) < 0) { 2522 return -1; 2523 } 2524 sev_common->sev_features = sa->sev_features; 2525 } 2526 return 0; 2527 } 2528 2529 if (!sev_enabled()) { 2530 error_setg(errp, "%s: attempt to configure guest memory, but SEV " 2531 "is not enabled", __func__); 2532 return -1; 2533 } 2534 2535 switch (memory_type) { 2536 case CGS_PAGE_TYPE_NORMAL: 2537 case CGS_PAGE_TYPE_ZERO: 2538 return klass->launch_update_data(sev_common, gpa, ptr, len, errp); 2539 2540 case CGS_PAGE_TYPE_VMSA: 2541 if (!sev_es_enabled()) { 2542 error_setg(errp, 2543 "%s: attempt to configure initial VMSA, but SEV-ES " 2544 "is not supported", 2545 __func__); 2546 return -1; 2547 } 2548 if (check_vmsa_supported(sev_common, gpa, 2549 (const struct sev_es_save_area *)ptr, 2550 errp) < 0) { 2551 return -1; 2552 } 2553 return sev_set_cpu_context(cpu_index, ptr, len, gpa, errp); 2554 2555 case CGS_PAGE_TYPE_UNMEASURED: 2556 if (sev_snp_enabled()) { 2557 return snp_launch_update_data( 2558 gpa, ptr, len, KVM_SEV_SNP_PAGE_TYPE_UNMEASURED, errp); 2559 } 2560 /* No action required if not SEV-SNP */ 2561 return 0; 2562 2563 case CGS_PAGE_TYPE_SECRETS: 2564 if (!sev_snp_enabled()) { 2565 error_setg(errp, 2566 "%s: attempt to configure secrets page, but SEV-SNP " 2567 "is not supported", 2568 __func__); 2569 return -1; 2570 } 2571 return snp_launch_update_data(gpa, ptr, len, 2572 KVM_SEV_SNP_PAGE_TYPE_SECRETS, errp); 2573 2574 case CGS_PAGE_TYPE_REQUIRED_MEMORY: 2575 if (kvm_convert_memory(gpa, len, true) < 0) { 2576 error_setg( 2577 errp, 2578 "%s: failed to configure required memory. gpa: %lX, type: %d", 2579 __func__, gpa, memory_type); 2580 return -1; 2581 } 2582 return 0; 2583 2584 case CGS_PAGE_TYPE_CPUID: 2585 if (!sev_snp_enabled()) { 2586 error_setg(errp, 2587 "%s: attempt to configure CPUID page, but SEV-SNP " 2588 "is not supported", 2589 __func__); 2590 return -1; 2591 } 2592 return snp_launch_update_cpuid(gpa, ptr, len, errp); 2593 } 2594 error_setg(errp, "%s: failed to update guest. gpa: %lX, type: %d", __func__, 2595 gpa, memory_type); 2596 return -1; 2597 } 2598 2599 static int cgs_get_mem_map_entry(int index, 2600 ConfidentialGuestMemoryMapEntry *entry, 2601 Error **errp) 2602 { 2603 struct e820_entry *table; 2604 int num_entries; 2605 2606 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 2607 if (sev_common->state == SEV_STATE_UNINIT) { 2608 /* Pre-processing of IGVM file called from sev_common_kvm_init() */ 2609 return 1; 2610 } 2611 2612 num_entries = e820_get_table(&table); 2613 if ((index < 0) || (index >= num_entries)) { 2614 return 1; 2615 } 2616 entry->gpa = table[index].address; 2617 entry->size = table[index].length; 2618 switch (table[index].type) { 2619 case E820_RAM: 2620 entry->type = CGS_MEM_RAM; 2621 break; 2622 case E820_RESERVED: 2623 entry->type = CGS_MEM_RESERVED; 2624 break; 2625 case E820_ACPI: 2626 entry->type = CGS_MEM_ACPI; 2627 break; 2628 case E820_NVS: 2629 entry->type = CGS_MEM_NVS; 2630 break; 2631 case E820_UNUSABLE: 2632 entry->type = CGS_MEM_UNUSABLE; 2633 break; 2634 } 2635 return 0; 2636 } 2637 2638 static int cgs_set_guest_policy(ConfidentialGuestPolicyType policy_type, 2639 uint64_t policy, void *policy_data1, 2640 uint32_t policy_data1_size, void *policy_data2, 2641 uint32_t policy_data2_size, Error **errp) 2642 { 2643 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 2644 if (sev_common->state == SEV_STATE_UNINIT) { 2645 /* Pre-processing of IGVM file called from sev_common_kvm_init() */ 2646 return 0; 2647 } 2648 2649 if (policy_type != GUEST_POLICY_SEV) { 2650 error_setg(errp, "%s: Invalid guest policy type provided for SEV: %d", 2651 __func__, policy_type); 2652 return -1; 2653 } 2654 /* 2655 * SEV-SNP handles policy differently. The policy flags are defined in 2656 * kvm_start_conf.policy and an ID block and ID auth can be provided. 2657 */ 2658 if (sev_snp_enabled()) { 2659 SevSnpGuestState *sev_snp_guest = 2660 SEV_SNP_GUEST(MACHINE(qdev_get_machine())->cgs); 2661 struct kvm_sev_snp_launch_finish *finish = 2662 &sev_snp_guest->kvm_finish_conf; 2663 2664 /* 2665 * The policy consists of flags in 'policy' and optionally an ID block 2666 * and ID auth in policy_data1 and policy_data2 respectively. The ID 2667 * block and auth are optional so clear any previous ID block and auth 2668 * and set them if provided, but always set the policy flags. 2669 */ 2670 g_free(sev_snp_guest->id_block); 2671 g_free((guchar *)finish->id_block_uaddr); 2672 g_free(sev_snp_guest->id_auth); 2673 g_free((guchar *)finish->id_auth_uaddr); 2674 sev_snp_guest->id_block = NULL; 2675 finish->id_block_uaddr = 0; 2676 sev_snp_guest->id_auth = NULL; 2677 finish->id_auth_uaddr = 0; 2678 2679 if (policy_data1_size > 0) { 2680 struct sev_snp_id_authentication *id_auth = 2681 (struct sev_snp_id_authentication *)policy_data2; 2682 2683 if (policy_data1_size != KVM_SEV_SNP_ID_BLOCK_SIZE) { 2684 error_setg(errp, "%s: Invalid SEV-SNP ID block: incorrect size", 2685 __func__); 2686 return -1; 2687 } 2688 if (policy_data2_size != KVM_SEV_SNP_ID_AUTH_SIZE) { 2689 error_setg(errp, 2690 "%s: Invalid SEV-SNP ID auth block: incorrect size", 2691 __func__); 2692 return -1; 2693 } 2694 assert(policy_data1 != NULL); 2695 assert(policy_data2 != NULL); 2696 2697 finish->id_block_uaddr = 2698 (__u64)g_memdup2(policy_data1, KVM_SEV_SNP_ID_BLOCK_SIZE); 2699 finish->id_auth_uaddr = 2700 (__u64)g_memdup2(policy_data2, KVM_SEV_SNP_ID_AUTH_SIZE); 2701 2702 /* 2703 * Check if an author key has been provided and use that to flag 2704 * whether the author key is enabled. The first of the author key 2705 * must be non-zero to indicate the key type, which will currently 2706 * always be 2. 2707 */ 2708 sev_snp_guest->kvm_finish_conf.auth_key_en = 2709 id_auth->author_key[0] ? 1 : 0; 2710 finish->id_block_en = 1; 2711 } 2712 sev_snp_guest->kvm_start_conf.policy = policy; 2713 } else { 2714 SevGuestState *sev_guest = SEV_GUEST(MACHINE(qdev_get_machine())->cgs); 2715 /* Only the policy flags are supported for SEV and SEV-ES */ 2716 if ((policy_data1_size > 0) || (policy_data2_size > 0) || !sev_guest) { 2717 error_setg(errp, "%s: An ID block/ID auth block has been provided " 2718 "but SEV-SNP is not enabled", __func__); 2719 return -1; 2720 } 2721 sev_guest->policy = policy; 2722 } 2723 return 0; 2724 } 2725 2726 static void 2727 sev_common_class_init(ObjectClass *oc, const void *data) 2728 { 2729 ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc); 2730 2731 klass->kvm_init = sev_common_kvm_init; 2732 2733 object_class_property_add_str(oc, "sev-device", 2734 sev_common_get_sev_device, 2735 sev_common_set_sev_device); 2736 object_class_property_set_description(oc, "sev-device", 2737 "SEV device to use"); 2738 object_class_property_add_bool(oc, "kernel-hashes", 2739 sev_common_get_kernel_hashes, 2740 sev_common_set_kernel_hashes); 2741 object_class_property_set_description(oc, "kernel-hashes", 2742 "add kernel hashes to guest firmware for measured Linux boot"); 2743 } 2744 2745 static void 2746 sev_common_instance_init(Object *obj) 2747 { 2748 SevCommonState *sev_common = SEV_COMMON(obj); 2749 ConfidentialGuestSupportClass *cgs = 2750 CONFIDENTIAL_GUEST_SUPPORT_GET_CLASS(obj); 2751 2752 sev_common->kvm_type = -1; 2753 2754 sev_common->sev_device = g_strdup(DEFAULT_SEV_DEVICE); 2755 2756 object_property_add_uint32_ptr(obj, "cbitpos", &sev_common->cbitpos, 2757 OBJ_PROP_FLAG_READWRITE); 2758 object_property_add_uint32_ptr(obj, "reduced-phys-bits", 2759 &sev_common->reduced_phys_bits, 2760 OBJ_PROP_FLAG_READWRITE); 2761 cgs->check_support = cgs_check_support; 2762 cgs->set_guest_state = cgs_set_guest_state; 2763 cgs->get_mem_map_entry = cgs_get_mem_map_entry; 2764 cgs->set_guest_policy = cgs_set_guest_policy; 2765 2766 QTAILQ_INIT(&sev_common->launch_vmsa); 2767 } 2768 2769 /* sev guest info common to sev/sev-es/sev-snp */ 2770 static const TypeInfo sev_common_info = { 2771 .parent = TYPE_X86_CONFIDENTIAL_GUEST, 2772 .name = TYPE_SEV_COMMON, 2773 .instance_size = sizeof(SevCommonState), 2774 .instance_init = sev_common_instance_init, 2775 .class_size = sizeof(SevCommonStateClass), 2776 .class_init = sev_common_class_init, 2777 .abstract = true, 2778 .interfaces = (const InterfaceInfo[]) { 2779 { TYPE_USER_CREATABLE }, 2780 { } 2781 } 2782 }; 2783 2784 static char * 2785 sev_guest_get_dh_cert_file(Object *obj, Error **errp) 2786 { 2787 return g_strdup(SEV_GUEST(obj)->dh_cert_file); 2788 } 2789 2790 static void 2791 sev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp) 2792 { 2793 SEV_GUEST(obj)->dh_cert_file = g_strdup(value); 2794 } 2795 2796 static char * 2797 sev_guest_get_session_file(Object *obj, Error **errp) 2798 { 2799 SevGuestState *sev_guest = SEV_GUEST(obj); 2800 2801 return sev_guest->session_file ? g_strdup(sev_guest->session_file) : NULL; 2802 } 2803 2804 static void 2805 sev_guest_set_session_file(Object *obj, const char *value, Error **errp) 2806 { 2807 SEV_GUEST(obj)->session_file = g_strdup(value); 2808 } 2809 2810 static void sev_guest_get_legacy_vm_type(Object *obj, Visitor *v, 2811 const char *name, void *opaque, 2812 Error **errp) 2813 { 2814 SevGuestState *sev_guest = SEV_GUEST(obj); 2815 OnOffAuto legacy_vm_type = sev_guest->legacy_vm_type; 2816 2817 visit_type_OnOffAuto(v, name, &legacy_vm_type, errp); 2818 } 2819 2820 static void sev_guest_set_legacy_vm_type(Object *obj, Visitor *v, 2821 const char *name, void *opaque, 2822 Error **errp) 2823 { 2824 SevGuestState *sev_guest = SEV_GUEST(obj); 2825 2826 visit_type_OnOffAuto(v, name, &sev_guest->legacy_vm_type, errp); 2827 } 2828 2829 static void 2830 sev_guest_class_init(ObjectClass *oc, const void *data) 2831 { 2832 SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); 2833 X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); 2834 2835 klass->build_kernel_loader_hashes = sev_build_kernel_loader_hashes; 2836 klass->launch_start = sev_launch_start; 2837 klass->launch_finish = sev_launch_finish; 2838 klass->launch_update_data = sev_launch_update_data; 2839 klass->kvm_init = sev_kvm_init; 2840 x86_klass->kvm_type = sev_kvm_type; 2841 2842 object_class_property_add_str(oc, "dh-cert-file", 2843 sev_guest_get_dh_cert_file, 2844 sev_guest_set_dh_cert_file); 2845 object_class_property_set_description(oc, "dh-cert-file", 2846 "guest owners DH certificate (encoded with base64)"); 2847 object_class_property_add_str(oc, "session-file", 2848 sev_guest_get_session_file, 2849 sev_guest_set_session_file); 2850 object_class_property_set_description(oc, "session-file", 2851 "guest owners session parameters (encoded with base64)"); 2852 object_class_property_add(oc, "legacy-vm-type", "OnOffAuto", 2853 sev_guest_get_legacy_vm_type, 2854 sev_guest_set_legacy_vm_type, NULL, NULL); 2855 object_class_property_set_description(oc, "legacy-vm-type", 2856 "use legacy VM type to maintain measurement compatibility with older QEMU or kernel versions."); 2857 } 2858 2859 static void 2860 sev_guest_instance_init(Object *obj) 2861 { 2862 SevGuestState *sev_guest = SEV_GUEST(obj); 2863 2864 sev_guest->policy = DEFAULT_GUEST_POLICY; 2865 object_property_add_uint32_ptr(obj, "handle", &sev_guest->handle, 2866 OBJ_PROP_FLAG_READWRITE); 2867 object_property_add_uint32_ptr(obj, "policy", &sev_guest->policy, 2868 OBJ_PROP_FLAG_READWRITE); 2869 object_apply_compat_props(obj); 2870 2871 sev_guest->legacy_vm_type = ON_OFF_AUTO_AUTO; 2872 } 2873 2874 /* guest info specific sev/sev-es */ 2875 static const TypeInfo sev_guest_info = { 2876 .parent = TYPE_SEV_COMMON, 2877 .name = TYPE_SEV_GUEST, 2878 .instance_size = sizeof(SevGuestState), 2879 .instance_init = sev_guest_instance_init, 2880 .class_init = sev_guest_class_init, 2881 }; 2882 2883 static void 2884 sev_snp_guest_get_policy(Object *obj, Visitor *v, const char *name, 2885 void *opaque, Error **errp) 2886 { 2887 visit_type_uint64(v, name, 2888 (uint64_t *)&SEV_SNP_GUEST(obj)->kvm_start_conf.policy, 2889 errp); 2890 } 2891 2892 static void 2893 sev_snp_guest_set_policy(Object *obj, Visitor *v, const char *name, 2894 void *opaque, Error **errp) 2895 { 2896 visit_type_uint64(v, name, 2897 (uint64_t *)&SEV_SNP_GUEST(obj)->kvm_start_conf.policy, 2898 errp); 2899 } 2900 2901 static char * 2902 sev_snp_guest_get_guest_visible_workarounds(Object *obj, Error **errp) 2903 { 2904 return g_strdup(SEV_SNP_GUEST(obj)->guest_visible_workarounds); 2905 } 2906 2907 static void 2908 sev_snp_guest_set_guest_visible_workarounds(Object *obj, const char *value, 2909 Error **errp) 2910 { 2911 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 2912 struct kvm_sev_snp_launch_start *start = &sev_snp_guest->kvm_start_conf; 2913 g_autofree guchar *blob; 2914 gsize len; 2915 2916 g_free(sev_snp_guest->guest_visible_workarounds); 2917 2918 /* store the base64 str so we don't need to re-encode in getter */ 2919 sev_snp_guest->guest_visible_workarounds = g_strdup(value); 2920 2921 blob = qbase64_decode(sev_snp_guest->guest_visible_workarounds, 2922 -1, &len, errp); 2923 if (!blob) { 2924 return; 2925 } 2926 2927 if (len != sizeof(start->gosvw)) { 2928 error_setg(errp, "parameter length of %" G_GSIZE_FORMAT 2929 " exceeds max of %zu", 2930 len, sizeof(start->gosvw)); 2931 return; 2932 } 2933 2934 memcpy(start->gosvw, blob, len); 2935 } 2936 2937 static char * 2938 sev_snp_guest_get_id_block(Object *obj, Error **errp) 2939 { 2940 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 2941 2942 return g_strdup(sev_snp_guest->id_block_base64); 2943 } 2944 2945 static void 2946 sev_snp_guest_set_id_block(Object *obj, const char *value, Error **errp) 2947 { 2948 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 2949 struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; 2950 gsize len; 2951 2952 finish->id_block_en = 0; 2953 g_free(sev_snp_guest->id_block); 2954 g_free(sev_snp_guest->id_block_base64); 2955 2956 /* store the base64 str so we don't need to re-encode in getter */ 2957 sev_snp_guest->id_block_base64 = g_strdup(value); 2958 sev_snp_guest->id_block = 2959 qbase64_decode(sev_snp_guest->id_block_base64, -1, &len, errp); 2960 2961 if (!sev_snp_guest->id_block) { 2962 return; 2963 } 2964 2965 if (len != KVM_SEV_SNP_ID_BLOCK_SIZE) { 2966 error_setg(errp, "parameter length of %" G_GSIZE_FORMAT 2967 " not equal to %u", 2968 len, KVM_SEV_SNP_ID_BLOCK_SIZE); 2969 return; 2970 } 2971 2972 finish->id_block_en = 1; 2973 finish->id_block_uaddr = (uintptr_t)sev_snp_guest->id_block; 2974 } 2975 2976 static char * 2977 sev_snp_guest_get_id_auth(Object *obj, Error **errp) 2978 { 2979 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 2980 2981 return g_strdup(sev_snp_guest->id_auth_base64); 2982 } 2983 2984 static void 2985 sev_snp_guest_set_id_auth(Object *obj, const char *value, Error **errp) 2986 { 2987 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 2988 struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; 2989 gsize len; 2990 2991 finish->id_auth_uaddr = 0; 2992 g_free(sev_snp_guest->id_auth); 2993 g_free(sev_snp_guest->id_auth_base64); 2994 2995 /* store the base64 str so we don't need to re-encode in getter */ 2996 sev_snp_guest->id_auth_base64 = g_strdup(value); 2997 sev_snp_guest->id_auth = 2998 qbase64_decode(sev_snp_guest->id_auth_base64, -1, &len, errp); 2999 3000 if (!sev_snp_guest->id_auth) { 3001 return; 3002 } 3003 3004 if (len > KVM_SEV_SNP_ID_AUTH_SIZE) { 3005 error_setg(errp, "parameter length:ID_AUTH %" G_GSIZE_FORMAT 3006 " exceeds max of %u", 3007 len, KVM_SEV_SNP_ID_AUTH_SIZE); 3008 return; 3009 } 3010 3011 finish->id_auth_uaddr = (uintptr_t)sev_snp_guest->id_auth; 3012 } 3013 3014 static bool 3015 sev_snp_guest_get_author_key_enabled(Object *obj, Error **errp) 3016 { 3017 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 3018 3019 return !!sev_snp_guest->kvm_finish_conf.auth_key_en; 3020 } 3021 3022 static void 3023 sev_snp_guest_set_author_key_enabled(Object *obj, bool value, Error **errp) 3024 { 3025 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 3026 3027 sev_snp_guest->kvm_finish_conf.auth_key_en = value; 3028 } 3029 3030 static bool 3031 sev_snp_guest_get_vcek_disabled(Object *obj, Error **errp) 3032 { 3033 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 3034 3035 return !!sev_snp_guest->kvm_finish_conf.vcek_disabled; 3036 } 3037 3038 static void 3039 sev_snp_guest_set_vcek_disabled(Object *obj, bool value, Error **errp) 3040 { 3041 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 3042 3043 sev_snp_guest->kvm_finish_conf.vcek_disabled = value; 3044 } 3045 3046 static char * 3047 sev_snp_guest_get_host_data(Object *obj, Error **errp) 3048 { 3049 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 3050 3051 return g_strdup(sev_snp_guest->host_data); 3052 } 3053 3054 static void 3055 sev_snp_guest_set_host_data(Object *obj, const char *value, Error **errp) 3056 { 3057 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 3058 struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; 3059 g_autofree guchar *blob; 3060 gsize len; 3061 3062 g_free(sev_snp_guest->host_data); 3063 3064 /* store the base64 str so we don't need to re-encode in getter */ 3065 sev_snp_guest->host_data = g_strdup(value); 3066 3067 blob = qbase64_decode(sev_snp_guest->host_data, -1, &len, errp); 3068 3069 if (!blob) { 3070 return; 3071 } 3072 3073 if (len != sizeof(finish->host_data)) { 3074 error_setg(errp, "parameter length of %" G_GSIZE_FORMAT 3075 " not equal to %zu", 3076 len, sizeof(finish->host_data)); 3077 return; 3078 } 3079 3080 memcpy(finish->host_data, blob, len); 3081 } 3082 3083 static void 3084 sev_snp_guest_class_init(ObjectClass *oc, const void *data) 3085 { 3086 SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); 3087 X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); 3088 3089 klass->build_kernel_loader_hashes = sev_snp_build_kernel_loader_hashes; 3090 klass->launch_start = sev_snp_launch_start; 3091 klass->launch_finish = sev_snp_launch_finish; 3092 klass->launch_update_data = sev_snp_launch_update_data; 3093 klass->kvm_init = sev_snp_kvm_init; 3094 x86_klass->adjust_cpuid_features = sev_snp_adjust_cpuid_features; 3095 x86_klass->kvm_type = sev_snp_kvm_type; 3096 3097 object_class_property_add(oc, "policy", "uint64", 3098 sev_snp_guest_get_policy, 3099 sev_snp_guest_set_policy, NULL, NULL); 3100 object_class_property_add_str(oc, "guest-visible-workarounds", 3101 sev_snp_guest_get_guest_visible_workarounds, 3102 sev_snp_guest_set_guest_visible_workarounds); 3103 object_class_property_add_str(oc, "id-block", 3104 sev_snp_guest_get_id_block, 3105 sev_snp_guest_set_id_block); 3106 object_class_property_add_str(oc, "id-auth", 3107 sev_snp_guest_get_id_auth, 3108 sev_snp_guest_set_id_auth); 3109 object_class_property_add_bool(oc, "author-key-enabled", 3110 sev_snp_guest_get_author_key_enabled, 3111 sev_snp_guest_set_author_key_enabled); 3112 object_class_property_add_bool(oc, "vcek-disabled", 3113 sev_snp_guest_get_vcek_disabled, 3114 sev_snp_guest_set_vcek_disabled); 3115 object_class_property_add_str(oc, "host-data", 3116 sev_snp_guest_get_host_data, 3117 sev_snp_guest_set_host_data); 3118 } 3119 3120 static void 3121 sev_snp_guest_instance_init(Object *obj) 3122 { 3123 ConfidentialGuestSupport *cgs = CONFIDENTIAL_GUEST_SUPPORT(obj); 3124 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 3125 3126 cgs->require_guest_memfd = true; 3127 3128 /* default init/start/finish params for kvm */ 3129 sev_snp_guest->kvm_start_conf.policy = DEFAULT_SEV_SNP_POLICY; 3130 } 3131 3132 /* guest info specific to sev-snp */ 3133 static const TypeInfo sev_snp_guest_info = { 3134 .parent = TYPE_SEV_COMMON, 3135 .name = TYPE_SEV_SNP_GUEST, 3136 .instance_size = sizeof(SevSnpGuestState), 3137 .class_init = sev_snp_guest_class_init, 3138 .instance_init = sev_snp_guest_instance_init, 3139 }; 3140 3141 static void 3142 sev_register_types(void) 3143 { 3144 type_register_static(&sev_common_info); 3145 type_register_static(&sev_guest_info); 3146 type_register_static(&sev_snp_guest_info); 3147 } 3148 3149 type_init(sev_register_types); 3150