1 /* 2 * QEMU SEV support 3 * 4 * Copyright Advanced Micro Devices 2016-2018 5 * 6 * Author: 7 * Brijesh Singh <brijesh.singh@amd.com> 8 * 9 * This work is licensed under the terms of the GNU GPL, version 2 or later. 10 * See the COPYING file in the top-level directory. 11 * 12 */ 13 14 #include "qemu/osdep.h" 15 16 #include <linux/kvm.h> 17 #include <linux/psp-sev.h> 18 19 #include <sys/ioctl.h> 20 21 #include "qapi/error.h" 22 #include "qom/object_interfaces.h" 23 #include "qemu/base64.h" 24 #include "qemu/module.h" 25 #include "qemu/uuid.h" 26 #include "qemu/error-report.h" 27 #include "crypto/hash.h" 28 #include "sysemu/kvm.h" 29 #include "kvm/kvm_i386.h" 30 #include "sev.h" 31 #include "sysemu/sysemu.h" 32 #include "sysemu/runstate.h" 33 #include "trace.h" 34 #include "migration/blocker.h" 35 #include "qom/object.h" 36 #include "monitor/monitor.h" 37 #include "monitor/hmp-target.h" 38 #include "qapi/qapi-commands-misc-target.h" 39 #include "confidential-guest.h" 40 #include "hw/i386/pc.h" 41 #include "exec/address-spaces.h" 42 43 OBJECT_DECLARE_TYPE(SevCommonState, SevCommonStateClass, SEV_COMMON) 44 OBJECT_DECLARE_TYPE(SevGuestState, SevCommonStateClass, SEV_GUEST) 45 OBJECT_DECLARE_TYPE(SevSnpGuestState, SevCommonStateClass, SEV_SNP_GUEST) 46 47 struct SevCommonState { 48 X86ConfidentialGuest parent_obj; 49 50 int kvm_type; 51 52 /* configuration parameters */ 53 char *sev_device; 54 uint32_t cbitpos; 55 uint32_t reduced_phys_bits; 56 bool kernel_hashes; 57 58 /* runtime state */ 59 uint8_t api_major; 60 uint8_t api_minor; 61 uint8_t build_id; 62 int sev_fd; 63 SevState state; 64 65 uint32_t reset_cs; 66 uint32_t reset_ip; 67 bool reset_data_valid; 68 }; 69 70 struct SevCommonStateClass { 71 X86ConfidentialGuestClass parent_class; 72 73 /* public */ 74 int (*launch_start)(SevCommonState *sev_common); 75 void (*launch_finish)(SevCommonState *sev_common); 76 int (*kvm_init)(ConfidentialGuestSupport *cgs, Error **errp); 77 }; 78 79 /** 80 * SevGuestState: 81 * 82 * The SevGuestState object is used for creating and managing a SEV 83 * guest. 84 * 85 * # $QEMU \ 86 * -object sev-guest,id=sev0 \ 87 * -machine ...,memory-encryption=sev0 88 */ 89 struct SevGuestState { 90 SevCommonState parent_obj; 91 gchar *measurement; 92 93 /* configuration parameters */ 94 uint32_t handle; 95 uint32_t policy; 96 char *dh_cert_file; 97 char *session_file; 98 bool legacy_vm_type; 99 }; 100 101 struct SevSnpGuestState { 102 SevCommonState parent_obj; 103 104 /* configuration parameters */ 105 char *guest_visible_workarounds; 106 char *id_block; 107 char *id_auth; 108 char *host_data; 109 110 struct kvm_sev_snp_launch_start kvm_start_conf; 111 struct kvm_sev_snp_launch_finish kvm_finish_conf; 112 }; 113 114 #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ 115 #define DEFAULT_SEV_DEVICE "/dev/sev" 116 #define DEFAULT_SEV_SNP_POLICY 0x30000 117 118 #define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e" 119 typedef struct __attribute__((__packed__)) SevInfoBlock { 120 /* SEV-ES Reset Vector Address */ 121 uint32_t reset_addr; 122 } SevInfoBlock; 123 124 #define SEV_HASH_TABLE_RV_GUID "7255371f-3a3b-4b04-927b-1da6efa8d454" 125 typedef struct QEMU_PACKED SevHashTableDescriptor { 126 /* SEV hash table area guest address */ 127 uint32_t base; 128 /* SEV hash table area size (in bytes) */ 129 uint32_t size; 130 } SevHashTableDescriptor; 131 132 /* hard code sha256 digest size */ 133 #define HASH_SIZE 32 134 135 typedef struct QEMU_PACKED SevHashTableEntry { 136 QemuUUID guid; 137 uint16_t len; 138 uint8_t hash[HASH_SIZE]; 139 } SevHashTableEntry; 140 141 typedef struct QEMU_PACKED SevHashTable { 142 QemuUUID guid; 143 uint16_t len; 144 SevHashTableEntry cmdline; 145 SevHashTableEntry initrd; 146 SevHashTableEntry kernel; 147 } SevHashTable; 148 149 /* 150 * Data encrypted by sev_encrypt_flash() must be padded to a multiple of 151 * 16 bytes. 152 */ 153 typedef struct QEMU_PACKED PaddedSevHashTable { 154 SevHashTable ht; 155 uint8_t padding[ROUND_UP(sizeof(SevHashTable), 16) - sizeof(SevHashTable)]; 156 } PaddedSevHashTable; 157 158 QEMU_BUILD_BUG_ON(sizeof(PaddedSevHashTable) % 16 != 0); 159 160 static Error *sev_mig_blocker; 161 162 static const char *const sev_fw_errlist[] = { 163 [SEV_RET_SUCCESS] = "", 164 [SEV_RET_INVALID_PLATFORM_STATE] = "Platform state is invalid", 165 [SEV_RET_INVALID_GUEST_STATE] = "Guest state is invalid", 166 [SEV_RET_INAVLID_CONFIG] = "Platform configuration is invalid", 167 [SEV_RET_INVALID_LEN] = "Buffer too small", 168 [SEV_RET_ALREADY_OWNED] = "Platform is already owned", 169 [SEV_RET_INVALID_CERTIFICATE] = "Certificate is invalid", 170 [SEV_RET_POLICY_FAILURE] = "Policy is not allowed", 171 [SEV_RET_INACTIVE] = "Guest is not active", 172 [SEV_RET_INVALID_ADDRESS] = "Invalid address", 173 [SEV_RET_BAD_SIGNATURE] = "Bad signature", 174 [SEV_RET_BAD_MEASUREMENT] = "Bad measurement", 175 [SEV_RET_ASID_OWNED] = "ASID is already owned", 176 [SEV_RET_INVALID_ASID] = "Invalid ASID", 177 [SEV_RET_WBINVD_REQUIRED] = "WBINVD is required", 178 [SEV_RET_DFFLUSH_REQUIRED] = "DF_FLUSH is required", 179 [SEV_RET_INVALID_GUEST] = "Guest handle is invalid", 180 [SEV_RET_INVALID_COMMAND] = "Invalid command", 181 [SEV_RET_ACTIVE] = "Guest is active", 182 [SEV_RET_HWSEV_RET_PLATFORM] = "Hardware error", 183 [SEV_RET_HWSEV_RET_UNSAFE] = "Hardware unsafe", 184 [SEV_RET_UNSUPPORTED] = "Feature not supported", 185 [SEV_RET_INVALID_PARAM] = "Invalid parameter", 186 [SEV_RET_RESOURCE_LIMIT] = "Required firmware resource depleted", 187 [SEV_RET_SECURE_DATA_INVALID] = "Part-specific integrity check failure", 188 }; 189 190 #define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) 191 192 static int 193 sev_ioctl(int fd, int cmd, void *data, int *error) 194 { 195 int r; 196 struct kvm_sev_cmd input; 197 198 memset(&input, 0x0, sizeof(input)); 199 200 input.id = cmd; 201 input.sev_fd = fd; 202 input.data = (uintptr_t)data; 203 204 r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &input); 205 206 if (error) { 207 *error = input.error; 208 } 209 210 return r; 211 } 212 213 static int 214 sev_platform_ioctl(int fd, int cmd, void *data, int *error) 215 { 216 int r; 217 struct sev_issue_cmd arg; 218 219 arg.cmd = cmd; 220 arg.data = (unsigned long)data; 221 r = ioctl(fd, SEV_ISSUE_CMD, &arg); 222 if (error) { 223 *error = arg.error; 224 } 225 226 return r; 227 } 228 229 static const char * 230 fw_error_to_str(int code) 231 { 232 if (code < 0 || code >= SEV_FW_MAX_ERROR) { 233 return "unknown error"; 234 } 235 236 return sev_fw_errlist[code]; 237 } 238 239 static bool 240 sev_check_state(const SevCommonState *sev_common, SevState state) 241 { 242 assert(sev_common); 243 return sev_common->state == state ? true : false; 244 } 245 246 static void 247 sev_set_guest_state(SevCommonState *sev_common, SevState new_state) 248 { 249 assert(new_state < SEV_STATE__MAX); 250 assert(sev_common); 251 252 trace_kvm_sev_change_state(SevState_str(sev_common->state), 253 SevState_str(new_state)); 254 sev_common->state = new_state; 255 } 256 257 static void 258 sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size, 259 size_t max_size) 260 { 261 int r; 262 struct kvm_enc_region range; 263 ram_addr_t offset; 264 MemoryRegion *mr; 265 266 /* 267 * The RAM device presents a memory region that should be treated 268 * as IO region and should not be pinned. 269 */ 270 mr = memory_region_from_host(host, &offset); 271 if (mr && memory_region_is_ram_device(mr)) { 272 return; 273 } 274 275 range.addr = (uintptr_t)host; 276 range.size = max_size; 277 278 trace_kvm_memcrypt_register_region(host, max_size); 279 r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_REG_REGION, &range); 280 if (r) { 281 error_report("%s: failed to register region (%p+%#zx) error '%s'", 282 __func__, host, max_size, strerror(errno)); 283 exit(1); 284 } 285 } 286 287 static void 288 sev_ram_block_removed(RAMBlockNotifier *n, void *host, size_t size, 289 size_t max_size) 290 { 291 int r; 292 struct kvm_enc_region range; 293 ram_addr_t offset; 294 MemoryRegion *mr; 295 296 /* 297 * The RAM device presents a memory region that should be treated 298 * as IO region and should not have been pinned. 299 */ 300 mr = memory_region_from_host(host, &offset); 301 if (mr && memory_region_is_ram_device(mr)) { 302 return; 303 } 304 305 range.addr = (uintptr_t)host; 306 range.size = max_size; 307 308 trace_kvm_memcrypt_unregister_region(host, max_size); 309 r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_UNREG_REGION, &range); 310 if (r) { 311 error_report("%s: failed to unregister region (%p+%#zx)", 312 __func__, host, max_size); 313 } 314 } 315 316 static struct RAMBlockNotifier sev_ram_notifier = { 317 .ram_block_added = sev_ram_block_added, 318 .ram_block_removed = sev_ram_block_removed, 319 }; 320 321 bool 322 sev_enabled(void) 323 { 324 ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; 325 326 return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_COMMON); 327 } 328 329 bool 330 sev_snp_enabled(void) 331 { 332 ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; 333 334 return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_SNP_GUEST); 335 } 336 337 bool 338 sev_es_enabled(void) 339 { 340 ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; 341 342 return sev_snp_enabled() || 343 (sev_enabled() && SEV_GUEST(cgs)->policy & SEV_POLICY_ES); 344 } 345 346 uint32_t 347 sev_get_cbit_position(void) 348 { 349 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 350 351 return sev_common ? sev_common->cbitpos : 0; 352 } 353 354 uint32_t 355 sev_get_reduced_phys_bits(void) 356 { 357 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 358 359 return sev_common ? sev_common->reduced_phys_bits : 0; 360 } 361 362 static SevInfo *sev_get_info(void) 363 { 364 SevInfo *info; 365 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 366 367 info = g_new0(SevInfo, 1); 368 info->enabled = sev_enabled(); 369 370 if (info->enabled) { 371 info->api_major = sev_common->api_major; 372 info->api_minor = sev_common->api_minor; 373 info->build_id = sev_common->build_id; 374 info->state = sev_common->state; 375 376 if (sev_snp_enabled()) { 377 info->sev_type = SEV_GUEST_TYPE_SEV_SNP; 378 info->u.sev_snp.snp_policy = 379 object_property_get_uint(OBJECT(sev_common), "policy", NULL); 380 } else { 381 info->sev_type = SEV_GUEST_TYPE_SEV; 382 info->u.sev.handle = SEV_GUEST(sev_common)->handle; 383 info->u.sev.policy = 384 (uint32_t)object_property_get_uint(OBJECT(sev_common), 385 "policy", NULL); 386 } 387 } 388 389 return info; 390 } 391 392 SevInfo *qmp_query_sev(Error **errp) 393 { 394 SevInfo *info; 395 396 info = sev_get_info(); 397 if (!info) { 398 error_setg(errp, "SEV feature is not available"); 399 return NULL; 400 } 401 402 return info; 403 } 404 405 void hmp_info_sev(Monitor *mon, const QDict *qdict) 406 { 407 SevInfo *info = sev_get_info(); 408 409 if (!info || !info->enabled) { 410 monitor_printf(mon, "SEV is not enabled\n"); 411 goto out; 412 } 413 414 monitor_printf(mon, "SEV type: %s\n", SevGuestType_str(info->sev_type)); 415 monitor_printf(mon, "state: %s\n", SevState_str(info->state)); 416 monitor_printf(mon, "build: %d\n", info->build_id); 417 monitor_printf(mon, "api version: %d.%d\n", info->api_major, 418 info->api_minor); 419 420 if (sev_snp_enabled()) { 421 monitor_printf(mon, "debug: %s\n", 422 info->u.sev_snp.snp_policy & SEV_SNP_POLICY_DBG ? "on" 423 : "off"); 424 monitor_printf(mon, "SMT allowed: %s\n", 425 info->u.sev_snp.snp_policy & SEV_SNP_POLICY_SMT ? "on" 426 : "off"); 427 } else { 428 monitor_printf(mon, "handle: %d\n", info->u.sev.handle); 429 monitor_printf(mon, "debug: %s\n", 430 info->u.sev.policy & SEV_POLICY_NODBG ? "off" : "on"); 431 monitor_printf(mon, "key-sharing: %s\n", 432 info->u.sev.policy & SEV_POLICY_NOKS ? "off" : "on"); 433 } 434 435 out: 436 qapi_free_SevInfo(info); 437 } 438 439 static int 440 sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len, guchar **cert_chain, 441 size_t *cert_chain_len, Error **errp) 442 { 443 guchar *pdh_data = NULL; 444 guchar *cert_chain_data = NULL; 445 struct sev_user_data_pdh_cert_export export = {}; 446 int err, r; 447 448 /* query the certificate length */ 449 r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err); 450 if (r < 0) { 451 if (err != SEV_RET_INVALID_LEN) { 452 error_setg(errp, "SEV: Failed to export PDH cert" 453 " ret=%d fw_err=%d (%s)", 454 r, err, fw_error_to_str(err)); 455 return 1; 456 } 457 } 458 459 pdh_data = g_new(guchar, export.pdh_cert_len); 460 cert_chain_data = g_new(guchar, export.cert_chain_len); 461 export.pdh_cert_address = (unsigned long)pdh_data; 462 export.cert_chain_address = (unsigned long)cert_chain_data; 463 464 r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err); 465 if (r < 0) { 466 error_setg(errp, "SEV: Failed to export PDH cert ret=%d fw_err=%d (%s)", 467 r, err, fw_error_to_str(err)); 468 goto e_free; 469 } 470 471 *pdh = pdh_data; 472 *pdh_len = export.pdh_cert_len; 473 *cert_chain = cert_chain_data; 474 *cert_chain_len = export.cert_chain_len; 475 return 0; 476 477 e_free: 478 g_free(pdh_data); 479 g_free(cert_chain_data); 480 return 1; 481 } 482 483 static int sev_get_cpu0_id(int fd, guchar **id, size_t *id_len, Error **errp) 484 { 485 guchar *id_data; 486 struct sev_user_data_get_id2 get_id2 = {}; 487 int err, r; 488 489 /* query the ID length */ 490 r = sev_platform_ioctl(fd, SEV_GET_ID2, &get_id2, &err); 491 if (r < 0 && err != SEV_RET_INVALID_LEN) { 492 error_setg(errp, "SEV: Failed to get ID ret=%d fw_err=%d (%s)", 493 r, err, fw_error_to_str(err)); 494 return 1; 495 } 496 497 id_data = g_new(guchar, get_id2.length); 498 get_id2.address = (unsigned long)id_data; 499 500 r = sev_platform_ioctl(fd, SEV_GET_ID2, &get_id2, &err); 501 if (r < 0) { 502 error_setg(errp, "SEV: Failed to get ID ret=%d fw_err=%d (%s)", 503 r, err, fw_error_to_str(err)); 504 goto err; 505 } 506 507 *id = id_data; 508 *id_len = get_id2.length; 509 return 0; 510 511 err: 512 g_free(id_data); 513 return 1; 514 } 515 516 static SevCapability *sev_get_capabilities(Error **errp) 517 { 518 SevCapability *cap = NULL; 519 guchar *pdh_data = NULL; 520 guchar *cert_chain_data = NULL; 521 guchar *cpu0_id_data = NULL; 522 size_t pdh_len = 0, cert_chain_len = 0, cpu0_id_len = 0; 523 uint32_t ebx; 524 int fd; 525 SevCommonState *sev_common; 526 char *sev_device; 527 528 if (!kvm_enabled()) { 529 error_setg(errp, "KVM not enabled"); 530 return NULL; 531 } 532 if (kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, NULL) < 0) { 533 error_setg(errp, "SEV is not enabled in KVM"); 534 return NULL; 535 } 536 537 sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 538 if (!sev_common) { 539 error_setg(errp, "SEV is not configured"); 540 } 541 542 sev_device = object_property_get_str(OBJECT(sev_common), "sev-device", 543 &error_abort); 544 fd = open(sev_device, O_RDWR); 545 if (fd < 0) { 546 error_setg_errno(errp, errno, "SEV: Failed to open %s", 547 DEFAULT_SEV_DEVICE); 548 g_free(sev_device); 549 return NULL; 550 } 551 g_free(sev_device); 552 553 if (sev_get_pdh_info(fd, &pdh_data, &pdh_len, 554 &cert_chain_data, &cert_chain_len, errp)) { 555 goto out; 556 } 557 558 if (sev_get_cpu0_id(fd, &cpu0_id_data, &cpu0_id_len, errp)) { 559 goto out; 560 } 561 562 cap = g_new0(SevCapability, 1); 563 cap->pdh = g_base64_encode(pdh_data, pdh_len); 564 cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len); 565 cap->cpu0_id = g_base64_encode(cpu0_id_data, cpu0_id_len); 566 567 host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); 568 cap->cbitpos = ebx & 0x3f; 569 570 /* 571 * When SEV feature is enabled, we loose one bit in guest physical 572 * addressing. 573 */ 574 cap->reduced_phys_bits = 1; 575 576 out: 577 g_free(cpu0_id_data); 578 g_free(pdh_data); 579 g_free(cert_chain_data); 580 close(fd); 581 return cap; 582 } 583 584 SevCapability *qmp_query_sev_capabilities(Error **errp) 585 { 586 return sev_get_capabilities(errp); 587 } 588 589 static SevAttestationReport *sev_get_attestation_report(const char *mnonce, 590 Error **errp) 591 { 592 struct kvm_sev_attestation_report input = {}; 593 SevAttestationReport *report = NULL; 594 SevCommonState *sev_common; 595 g_autofree guchar *data = NULL; 596 g_autofree guchar *buf = NULL; 597 gsize len; 598 int err = 0, ret; 599 600 if (!sev_enabled()) { 601 error_setg(errp, "SEV is not enabled"); 602 return NULL; 603 } 604 605 /* lets decode the mnonce string */ 606 buf = g_base64_decode(mnonce, &len); 607 if (!buf) { 608 error_setg(errp, "SEV: failed to decode mnonce input"); 609 return NULL; 610 } 611 612 /* verify the input mnonce length */ 613 if (len != sizeof(input.mnonce)) { 614 error_setg(errp, "SEV: mnonce must be %zu bytes (got %" G_GSIZE_FORMAT ")", 615 sizeof(input.mnonce), len); 616 return NULL; 617 } 618 619 sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 620 621 /* Query the report length */ 622 ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, 623 &input, &err); 624 if (ret < 0) { 625 if (err != SEV_RET_INVALID_LEN) { 626 error_setg(errp, "SEV: Failed to query the attestation report" 627 " length ret=%d fw_err=%d (%s)", 628 ret, err, fw_error_to_str(err)); 629 return NULL; 630 } 631 } 632 633 data = g_malloc(input.len); 634 input.uaddr = (unsigned long)data; 635 memcpy(input.mnonce, buf, sizeof(input.mnonce)); 636 637 /* Query the report */ 638 ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, 639 &input, &err); 640 if (ret) { 641 error_setg_errno(errp, errno, "SEV: Failed to get attestation report" 642 " ret=%d fw_err=%d (%s)", ret, err, fw_error_to_str(err)); 643 return NULL; 644 } 645 646 report = g_new0(SevAttestationReport, 1); 647 report->data = g_base64_encode(data, input.len); 648 649 trace_kvm_sev_attestation_report(mnonce, report->data); 650 651 return report; 652 } 653 654 SevAttestationReport *qmp_query_sev_attestation_report(const char *mnonce, 655 Error **errp) 656 { 657 return sev_get_attestation_report(mnonce, errp); 658 } 659 660 static int 661 sev_read_file_base64(const char *filename, guchar **data, gsize *len) 662 { 663 gsize sz; 664 g_autofree gchar *base64 = NULL; 665 GError *error = NULL; 666 667 if (!g_file_get_contents(filename, &base64, &sz, &error)) { 668 error_report("SEV: Failed to read '%s' (%s)", filename, error->message); 669 g_error_free(error); 670 return -1; 671 } 672 673 *data = g_base64_decode(base64, len); 674 return 0; 675 } 676 677 static int 678 sev_launch_start(SevCommonState *sev_common) 679 { 680 gsize sz; 681 int ret = 1; 682 int fw_error, rc; 683 SevGuestState *sev_guest = SEV_GUEST(sev_common); 684 struct kvm_sev_launch_start start = { 685 .handle = sev_guest->handle, .policy = sev_guest->policy 686 }; 687 guchar *session = NULL, *dh_cert = NULL; 688 689 if (sev_guest->session_file) { 690 if (sev_read_file_base64(sev_guest->session_file, &session, &sz) < 0) { 691 goto out; 692 } 693 start.session_uaddr = (unsigned long)session; 694 start.session_len = sz; 695 } 696 697 if (sev_guest->dh_cert_file) { 698 if (sev_read_file_base64(sev_guest->dh_cert_file, &dh_cert, &sz) < 0) { 699 goto out; 700 } 701 start.dh_uaddr = (unsigned long)dh_cert; 702 start.dh_len = sz; 703 } 704 705 trace_kvm_sev_launch_start(start.policy, session, dh_cert); 706 rc = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_START, &start, &fw_error); 707 if (rc < 0) { 708 error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'", 709 __func__, ret, fw_error, fw_error_to_str(fw_error)); 710 goto out; 711 } 712 713 sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_UPDATE); 714 sev_guest->handle = start.handle; 715 ret = 0; 716 717 out: 718 g_free(session); 719 g_free(dh_cert); 720 return ret; 721 } 722 723 static int 724 sev_launch_update_data(SevGuestState *sev_guest, uint8_t *addr, uint64_t len) 725 { 726 int ret, fw_error; 727 struct kvm_sev_launch_update_data update; 728 729 if (!addr || !len) { 730 return 1; 731 } 732 733 update.uaddr = (uintptr_t)addr; 734 update.len = len; 735 trace_kvm_sev_launch_update_data(addr, len); 736 ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, 737 &update, &fw_error); 738 if (ret) { 739 error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", 740 __func__, ret, fw_error, fw_error_to_str(fw_error)); 741 } 742 743 return ret; 744 } 745 746 static int 747 sev_launch_update_vmsa(SevGuestState *sev_guest) 748 { 749 int ret, fw_error; 750 751 ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_UPDATE_VMSA, 752 NULL, &fw_error); 753 if (ret) { 754 error_report("%s: LAUNCH_UPDATE_VMSA ret=%d fw_error=%d '%s'", 755 __func__, ret, fw_error, fw_error_to_str(fw_error)); 756 } 757 758 return ret; 759 } 760 761 static void 762 sev_launch_get_measure(Notifier *notifier, void *unused) 763 { 764 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 765 SevGuestState *sev_guest = SEV_GUEST(sev_common); 766 int ret, error; 767 g_autofree guchar *data = NULL; 768 struct kvm_sev_launch_measure measurement = {}; 769 770 if (!sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { 771 return; 772 } 773 774 if (sev_es_enabled()) { 775 /* measure all the VM save areas before getting launch_measure */ 776 ret = sev_launch_update_vmsa(sev_guest); 777 if (ret) { 778 exit(1); 779 } 780 kvm_mark_guest_state_protected(); 781 } 782 783 /* query the measurement blob length */ 784 ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_MEASURE, 785 &measurement, &error); 786 if (!measurement.len) { 787 error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", 788 __func__, ret, error, fw_error_to_str(errno)); 789 return; 790 } 791 792 data = g_new0(guchar, measurement.len); 793 measurement.uaddr = (unsigned long)data; 794 795 /* get the measurement blob */ 796 ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_MEASURE, 797 &measurement, &error); 798 if (ret) { 799 error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", 800 __func__, ret, error, fw_error_to_str(errno)); 801 return; 802 } 803 804 sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_SECRET); 805 806 /* encode the measurement value and emit the event */ 807 sev_guest->measurement = g_base64_encode(data, measurement.len); 808 trace_kvm_sev_launch_measurement(sev_guest->measurement); 809 } 810 811 static char *sev_get_launch_measurement(void) 812 { 813 ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; 814 SevGuestState *sev_guest = 815 (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUEST); 816 817 if (sev_guest && 818 SEV_COMMON(sev_guest)->state >= SEV_STATE_LAUNCH_SECRET) { 819 return g_strdup(sev_guest->measurement); 820 } 821 822 return NULL; 823 } 824 825 SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Error **errp) 826 { 827 char *data; 828 SevLaunchMeasureInfo *info; 829 830 data = sev_get_launch_measurement(); 831 if (!data) { 832 error_setg(errp, "SEV launch measurement is not available"); 833 return NULL; 834 } 835 836 info = g_malloc0(sizeof(*info)); 837 info->data = data; 838 839 return info; 840 } 841 842 static Notifier sev_machine_done_notify = { 843 .notify = sev_launch_get_measure, 844 }; 845 846 static void 847 sev_launch_finish(SevCommonState *sev_common) 848 { 849 int ret, error; 850 851 trace_kvm_sev_launch_finish(); 852 ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, 853 &error); 854 if (ret) { 855 error_report("%s: LAUNCH_FINISH ret=%d fw_error=%d '%s'", 856 __func__, ret, error, fw_error_to_str(error)); 857 exit(1); 858 } 859 860 sev_set_guest_state(sev_common, SEV_STATE_RUNNING); 861 862 /* add migration blocker */ 863 error_setg(&sev_mig_blocker, 864 "SEV: Migration is not implemented"); 865 migrate_add_blocker(&sev_mig_blocker, &error_fatal); 866 } 867 868 static void 869 sev_vm_state_change(void *opaque, bool running, RunState state) 870 { 871 SevCommonState *sev_common = opaque; 872 SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(opaque); 873 874 if (running) { 875 if (!sev_check_state(sev_common, SEV_STATE_RUNNING)) { 876 klass->launch_finish(sev_common); 877 } 878 } 879 } 880 881 static int sev_kvm_type(X86ConfidentialGuest *cg) 882 { 883 SevCommonState *sev_common = SEV_COMMON(cg); 884 SevGuestState *sev_guest = SEV_GUEST(sev_common); 885 int kvm_type; 886 887 if (sev_common->kvm_type != -1) { 888 goto out; 889 } 890 891 kvm_type = (sev_guest->policy & SEV_POLICY_ES) ? 892 KVM_X86_SEV_ES_VM : KVM_X86_SEV_VM; 893 if (kvm_is_vm_type_supported(kvm_type) && !sev_guest->legacy_vm_type) { 894 sev_common->kvm_type = kvm_type; 895 } else { 896 sev_common->kvm_type = KVM_X86_DEFAULT_VM; 897 } 898 899 out: 900 return sev_common->kvm_type; 901 } 902 903 static int sev_snp_kvm_type(X86ConfidentialGuest *cg) 904 { 905 return KVM_X86_SNP_VM; 906 } 907 908 static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) 909 { 910 char *devname; 911 int ret, fw_error, cmd; 912 uint32_t ebx; 913 uint32_t host_cbitpos; 914 struct sev_user_data_status status = {}; 915 SevCommonState *sev_common = SEV_COMMON(cgs); 916 SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(cgs); 917 X86ConfidentialGuestClass *x86_klass = 918 X86_CONFIDENTIAL_GUEST_GET_CLASS(cgs); 919 920 sev_common->state = SEV_STATE_UNINIT; 921 922 host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); 923 host_cbitpos = ebx & 0x3f; 924 925 /* 926 * The cbitpos value will be placed in bit positions 5:0 of the EBX 927 * register of CPUID 0x8000001F. No need to verify the range as the 928 * comparison against the host value accomplishes that. 929 */ 930 if (host_cbitpos != sev_common->cbitpos) { 931 error_setg(errp, "%s: cbitpos check failed, host '%d' requested '%d'", 932 __func__, host_cbitpos, sev_common->cbitpos); 933 return -1; 934 } 935 936 /* 937 * The reduced-phys-bits value will be placed in bit positions 11:6 of 938 * the EBX register of CPUID 0x8000001F, so verify the supplied value 939 * is in the range of 1 to 63. 940 */ 941 if (sev_common->reduced_phys_bits < 1 || 942 sev_common->reduced_phys_bits > 63) { 943 error_setg(errp, "%s: reduced_phys_bits check failed," 944 " it should be in the range of 1 to 63, requested '%d'", 945 __func__, sev_common->reduced_phys_bits); 946 return -1; 947 } 948 949 devname = object_property_get_str(OBJECT(sev_common), "sev-device", NULL); 950 sev_common->sev_fd = open(devname, O_RDWR); 951 if (sev_common->sev_fd < 0) { 952 error_setg(errp, "%s: Failed to open %s '%s'", __func__, 953 devname, strerror(errno)); 954 g_free(devname); 955 return -1; 956 } 957 g_free(devname); 958 959 ret = sev_platform_ioctl(sev_common->sev_fd, SEV_PLATFORM_STATUS, &status, 960 &fw_error); 961 if (ret) { 962 error_setg(errp, "%s: failed to get platform status ret=%d " 963 "fw_error='%d: %s'", __func__, ret, fw_error, 964 fw_error_to_str(fw_error)); 965 return -1; 966 } 967 sev_common->build_id = status.build; 968 sev_common->api_major = status.api_major; 969 sev_common->api_minor = status.api_minor; 970 971 if (sev_es_enabled()) { 972 if (!kvm_kernel_irqchip_allowed()) { 973 error_setg(errp, "%s: SEV-ES guests require in-kernel irqchip" 974 "support", __func__); 975 return -1; 976 } 977 } 978 979 if (sev_es_enabled() && !sev_snp_enabled()) { 980 if (!(status.flags & SEV_STATUS_FLAGS_CONFIG_ES)) { 981 error_setg(errp, "%s: guest policy requires SEV-ES, but " 982 "host SEV-ES support unavailable", 983 __func__); 984 return -1; 985 } 986 } 987 988 trace_kvm_sev_init(); 989 if (x86_klass->kvm_type(X86_CONFIDENTIAL_GUEST(sev_common)) == KVM_X86_DEFAULT_VM) { 990 cmd = sev_es_enabled() ? KVM_SEV_ES_INIT : KVM_SEV_INIT; 991 992 ret = sev_ioctl(sev_common->sev_fd, cmd, NULL, &fw_error); 993 } else { 994 struct kvm_sev_init args = { 0 }; 995 996 ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_INIT2, &args, &fw_error); 997 } 998 999 if (ret) { 1000 error_setg(errp, "%s: failed to initialize ret=%d fw_error=%d '%s'", 1001 __func__, ret, fw_error, fw_error_to_str(fw_error)); 1002 return -1; 1003 } 1004 1005 ret = klass->launch_start(sev_common); 1006 if (ret) { 1007 error_setg(errp, "%s: failed to create encryption context", __func__); 1008 return -1; 1009 } 1010 1011 if (klass->kvm_init && klass->kvm_init(cgs, errp)) { 1012 return -1; 1013 } 1014 1015 qemu_add_vm_change_state_handler(sev_vm_state_change, sev_common); 1016 1017 cgs->ready = true; 1018 1019 return 0; 1020 } 1021 1022 static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) 1023 { 1024 int ret; 1025 1026 /* 1027 * SEV/SEV-ES rely on pinned memory to back guest RAM so discarding 1028 * isn't actually possible. With SNP, only guest_memfd pages are used 1029 * for private guest memory, so discarding of shared memory is still 1030 * possible.. 1031 */ 1032 ret = ram_block_discard_disable(true); 1033 if (ret) { 1034 error_setg(errp, "%s: cannot disable RAM discard", __func__); 1035 return -1; 1036 } 1037 1038 /* 1039 * SEV uses these notifiers to register/pin pages prior to guest use, 1040 * but SNP relies on guest_memfd for private pages, which has its 1041 * own internal mechanisms for registering/pinning private memory. 1042 */ 1043 ram_block_notifier_add(&sev_ram_notifier); 1044 1045 /* 1046 * The machine done notify event is used for SEV guests to get the 1047 * measurement of the encrypted images. When SEV-SNP is enabled, the 1048 * measurement is part of the guest attestation process where it can 1049 * be collected without any reliance on the VMM. So skip registering 1050 * the notifier for SNP in favor of using guest attestation instead. 1051 */ 1052 qemu_add_machine_init_done_notifier(&sev_machine_done_notify); 1053 1054 return 0; 1055 } 1056 1057 static int sev_snp_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) 1058 { 1059 MachineState *ms = MACHINE(qdev_get_machine()); 1060 X86MachineState *x86ms = X86_MACHINE(ms); 1061 1062 if (x86ms->smm == ON_OFF_AUTO_AUTO) { 1063 x86ms->smm = ON_OFF_AUTO_OFF; 1064 } else if (x86ms->smm == ON_OFF_AUTO_ON) { 1065 error_setg(errp, "SEV-SNP does not support SMM."); 1066 return -1; 1067 } 1068 1069 return 0; 1070 } 1071 1072 int 1073 sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) 1074 { 1075 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 1076 1077 if (!sev_common) { 1078 return 0; 1079 } 1080 1081 /* if SEV is in update state then encrypt the data else do nothing */ 1082 if (sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { 1083 int ret = sev_launch_update_data(SEV_GUEST(sev_common), ptr, len); 1084 if (ret < 0) { 1085 error_setg(errp, "SEV: Failed to encrypt pflash rom"); 1086 return ret; 1087 } 1088 } 1089 1090 return 0; 1091 } 1092 1093 int sev_inject_launch_secret(const char *packet_hdr, const char *secret, 1094 uint64_t gpa, Error **errp) 1095 { 1096 ERRP_GUARD(); 1097 struct kvm_sev_launch_secret input; 1098 g_autofree guchar *data = NULL, *hdr = NULL; 1099 int error, ret = 1; 1100 void *hva; 1101 gsize hdr_sz = 0, data_sz = 0; 1102 MemoryRegion *mr = NULL; 1103 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 1104 1105 if (!sev_common) { 1106 error_setg(errp, "SEV not enabled for guest"); 1107 return 1; 1108 } 1109 1110 /* secret can be injected only in this state */ 1111 if (!sev_check_state(sev_common, SEV_STATE_LAUNCH_SECRET)) { 1112 error_setg(errp, "SEV: Not in correct state. (LSECRET) %x", 1113 sev_common->state); 1114 return 1; 1115 } 1116 1117 hdr = g_base64_decode(packet_hdr, &hdr_sz); 1118 if (!hdr || !hdr_sz) { 1119 error_setg(errp, "SEV: Failed to decode sequence header"); 1120 return 1; 1121 } 1122 1123 data = g_base64_decode(secret, &data_sz); 1124 if (!data || !data_sz) { 1125 error_setg(errp, "SEV: Failed to decode data"); 1126 return 1; 1127 } 1128 1129 hva = gpa2hva(&mr, gpa, data_sz, errp); 1130 if (!hva) { 1131 error_prepend(errp, "SEV: Failed to calculate guest address: "); 1132 return 1; 1133 } 1134 1135 input.hdr_uaddr = (uint64_t)(unsigned long)hdr; 1136 input.hdr_len = hdr_sz; 1137 1138 input.trans_uaddr = (uint64_t)(unsigned long)data; 1139 input.trans_len = data_sz; 1140 1141 input.guest_uaddr = (uint64_t)(unsigned long)hva; 1142 input.guest_len = data_sz; 1143 1144 trace_kvm_sev_launch_secret(gpa, input.guest_uaddr, 1145 input.trans_uaddr, input.trans_len); 1146 1147 ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_SECRET, 1148 &input, &error); 1149 if (ret) { 1150 error_setg(errp, "SEV: failed to inject secret ret=%d fw_error=%d '%s'", 1151 ret, error, fw_error_to_str(error)); 1152 return ret; 1153 } 1154 1155 return 0; 1156 } 1157 1158 #define SEV_SECRET_GUID "4c2eb361-7d9b-4cc3-8081-127c90d3d294" 1159 struct sev_secret_area { 1160 uint32_t base; 1161 uint32_t size; 1162 }; 1163 1164 void qmp_sev_inject_launch_secret(const char *packet_hdr, 1165 const char *secret, 1166 bool has_gpa, uint64_t gpa, 1167 Error **errp) 1168 { 1169 if (!sev_enabled()) { 1170 error_setg(errp, "SEV not enabled for guest"); 1171 return; 1172 } 1173 if (!has_gpa) { 1174 uint8_t *data; 1175 struct sev_secret_area *area; 1176 1177 if (!pc_system_ovmf_table_find(SEV_SECRET_GUID, &data, NULL)) { 1178 error_setg(errp, "SEV: no secret area found in OVMF," 1179 " gpa must be specified."); 1180 return; 1181 } 1182 area = (struct sev_secret_area *)data; 1183 gpa = area->base; 1184 } 1185 1186 sev_inject_launch_secret(packet_hdr, secret, gpa, errp); 1187 } 1188 1189 static int 1190 sev_es_parse_reset_block(SevInfoBlock *info, uint32_t *addr) 1191 { 1192 if (!info->reset_addr) { 1193 error_report("SEV-ES reset address is zero"); 1194 return 1; 1195 } 1196 1197 *addr = info->reset_addr; 1198 1199 return 0; 1200 } 1201 1202 static int 1203 sev_es_find_reset_vector(void *flash_ptr, uint64_t flash_size, 1204 uint32_t *addr) 1205 { 1206 QemuUUID info_guid, *guid; 1207 SevInfoBlock *info; 1208 uint8_t *data; 1209 uint16_t *len; 1210 1211 /* 1212 * Initialize the address to zero. An address of zero with a successful 1213 * return code indicates that SEV-ES is not active. 1214 */ 1215 *addr = 0; 1216 1217 /* 1218 * Extract the AP reset vector for SEV-ES guests by locating the SEV GUID. 1219 * The SEV GUID is located on its own (original implementation) or within 1220 * the Firmware GUID Table (new implementation), either of which are 1221 * located 32 bytes from the end of the flash. 1222 * 1223 * Check the Firmware GUID Table first. 1224 */ 1225 if (pc_system_ovmf_table_find(SEV_INFO_BLOCK_GUID, &data, NULL)) { 1226 return sev_es_parse_reset_block((SevInfoBlock *)data, addr); 1227 } 1228 1229 /* 1230 * SEV info block not found in the Firmware GUID Table (or there isn't 1231 * a Firmware GUID Table), fall back to the original implementation. 1232 */ 1233 data = flash_ptr + flash_size - 0x20; 1234 1235 qemu_uuid_parse(SEV_INFO_BLOCK_GUID, &info_guid); 1236 info_guid = qemu_uuid_bswap(info_guid); /* GUIDs are LE */ 1237 1238 guid = (QemuUUID *)(data - sizeof(info_guid)); 1239 if (!qemu_uuid_is_equal(guid, &info_guid)) { 1240 error_report("SEV information block/Firmware GUID Table block not found in pflash rom"); 1241 return 1; 1242 } 1243 1244 len = (uint16_t *)((uint8_t *)guid - sizeof(*len)); 1245 info = (SevInfoBlock *)(data - le16_to_cpu(*len)); 1246 1247 return sev_es_parse_reset_block(info, addr); 1248 } 1249 1250 void sev_es_set_reset_vector(CPUState *cpu) 1251 { 1252 X86CPU *x86; 1253 CPUX86State *env; 1254 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 1255 1256 /* Only update if we have valid reset information */ 1257 if (!sev_common || !sev_common->reset_data_valid) { 1258 return; 1259 } 1260 1261 /* Do not update the BSP reset state */ 1262 if (cpu->cpu_index == 0) { 1263 return; 1264 } 1265 1266 x86 = X86_CPU(cpu); 1267 env = &x86->env; 1268 1269 cpu_x86_load_seg_cache(env, R_CS, 0xf000, sev_common->reset_cs, 0xffff, 1270 DESC_P_MASK | DESC_S_MASK | DESC_CS_MASK | 1271 DESC_R_MASK | DESC_A_MASK); 1272 1273 env->eip = sev_common->reset_ip; 1274 } 1275 1276 int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size) 1277 { 1278 CPUState *cpu; 1279 uint32_t addr; 1280 int ret; 1281 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 1282 1283 if (!sev_es_enabled()) { 1284 return 0; 1285 } 1286 1287 addr = 0; 1288 ret = sev_es_find_reset_vector(flash_ptr, flash_size, 1289 &addr); 1290 if (ret) { 1291 return ret; 1292 } 1293 1294 if (addr) { 1295 sev_common->reset_cs = addr & 0xffff0000; 1296 sev_common->reset_ip = addr & 0x0000ffff; 1297 sev_common->reset_data_valid = true; 1298 1299 CPU_FOREACH(cpu) { 1300 sev_es_set_reset_vector(cpu); 1301 } 1302 } 1303 1304 return 0; 1305 } 1306 1307 static const QemuUUID sev_hash_table_header_guid = { 1308 .data = UUID_LE(0x9438d606, 0x4f22, 0x4cc9, 0xb4, 0x79, 0xa7, 0x93, 1309 0xd4, 0x11, 0xfd, 0x21) 1310 }; 1311 1312 static const QemuUUID sev_kernel_entry_guid = { 1313 .data = UUID_LE(0x4de79437, 0xabd2, 0x427f, 0xb8, 0x35, 0xd5, 0xb1, 1314 0x72, 0xd2, 0x04, 0x5b) 1315 }; 1316 static const QemuUUID sev_initrd_entry_guid = { 1317 .data = UUID_LE(0x44baf731, 0x3a2f, 0x4bd7, 0x9a, 0xf1, 0x41, 0xe2, 1318 0x91, 0x69, 0x78, 0x1d) 1319 }; 1320 static const QemuUUID sev_cmdline_entry_guid = { 1321 .data = UUID_LE(0x97d02dd8, 0xbd20, 0x4c94, 0xaa, 0x78, 0xe7, 0x71, 1322 0x4d, 0x36, 0xab, 0x2a) 1323 }; 1324 1325 /* 1326 * Add the hashes of the linux kernel/initrd/cmdline to an encrypted guest page 1327 * which is included in SEV's initial memory measurement. 1328 */ 1329 bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) 1330 { 1331 uint8_t *data; 1332 SevHashTableDescriptor *area; 1333 SevHashTable *ht; 1334 PaddedSevHashTable *padded_ht; 1335 uint8_t cmdline_hash[HASH_SIZE]; 1336 uint8_t initrd_hash[HASH_SIZE]; 1337 uint8_t kernel_hash[HASH_SIZE]; 1338 uint8_t *hashp; 1339 size_t hash_len = HASH_SIZE; 1340 hwaddr mapped_len = sizeof(*padded_ht); 1341 MemTxAttrs attrs = { 0 }; 1342 bool ret = true; 1343 SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); 1344 1345 /* 1346 * Only add the kernel hashes if the sev-guest configuration explicitly 1347 * stated kernel-hashes=on. 1348 */ 1349 if (!sev_common->kernel_hashes) { 1350 return false; 1351 } 1352 1353 if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) { 1354 error_setg(errp, "SEV: kernel specified but guest firmware " 1355 "has no hashes table GUID"); 1356 return false; 1357 } 1358 area = (SevHashTableDescriptor *)data; 1359 if (!area->base || area->size < sizeof(PaddedSevHashTable)) { 1360 error_setg(errp, "SEV: guest firmware hashes table area is invalid " 1361 "(base=0x%x size=0x%x)", area->base, area->size); 1362 return false; 1363 } 1364 1365 /* 1366 * Calculate hash of kernel command-line with the terminating null byte. If 1367 * the user doesn't supply a command-line via -append, the 1-byte "\0" will 1368 * be used. 1369 */ 1370 hashp = cmdline_hash; 1371 if (qcrypto_hash_bytes(QCRYPTO_HASH_ALG_SHA256, ctx->cmdline_data, 1372 ctx->cmdline_size, &hashp, &hash_len, errp) < 0) { 1373 return false; 1374 } 1375 assert(hash_len == HASH_SIZE); 1376 1377 /* 1378 * Calculate hash of initrd. If the user doesn't supply an initrd via 1379 * -initrd, an empty buffer will be used (ctx->initrd_size == 0). 1380 */ 1381 hashp = initrd_hash; 1382 if (qcrypto_hash_bytes(QCRYPTO_HASH_ALG_SHA256, ctx->initrd_data, 1383 ctx->initrd_size, &hashp, &hash_len, errp) < 0) { 1384 return false; 1385 } 1386 assert(hash_len == HASH_SIZE); 1387 1388 /* Calculate hash of the kernel */ 1389 hashp = kernel_hash; 1390 struct iovec iov[2] = { 1391 { .iov_base = ctx->setup_data, .iov_len = ctx->setup_size }, 1392 { .iov_base = ctx->kernel_data, .iov_len = ctx->kernel_size } 1393 }; 1394 if (qcrypto_hash_bytesv(QCRYPTO_HASH_ALG_SHA256, iov, ARRAY_SIZE(iov), 1395 &hashp, &hash_len, errp) < 0) { 1396 return false; 1397 } 1398 assert(hash_len == HASH_SIZE); 1399 1400 /* 1401 * Populate the hashes table in the guest's memory at the OVMF-designated 1402 * area for the SEV hashes table 1403 */ 1404 padded_ht = address_space_map(&address_space_memory, area->base, 1405 &mapped_len, true, attrs); 1406 if (!padded_ht || mapped_len != sizeof(*padded_ht)) { 1407 error_setg(errp, "SEV: cannot map hashes table guest memory area"); 1408 return false; 1409 } 1410 ht = &padded_ht->ht; 1411 1412 ht->guid = sev_hash_table_header_guid; 1413 ht->len = sizeof(*ht); 1414 1415 ht->cmdline.guid = sev_cmdline_entry_guid; 1416 ht->cmdline.len = sizeof(ht->cmdline); 1417 memcpy(ht->cmdline.hash, cmdline_hash, sizeof(ht->cmdline.hash)); 1418 1419 ht->initrd.guid = sev_initrd_entry_guid; 1420 ht->initrd.len = sizeof(ht->initrd); 1421 memcpy(ht->initrd.hash, initrd_hash, sizeof(ht->initrd.hash)); 1422 1423 ht->kernel.guid = sev_kernel_entry_guid; 1424 ht->kernel.len = sizeof(ht->kernel); 1425 memcpy(ht->kernel.hash, kernel_hash, sizeof(ht->kernel.hash)); 1426 1427 /* zero the excess data so the measurement can be reliably calculated */ 1428 memset(padded_ht->padding, 0, sizeof(padded_ht->padding)); 1429 1430 if (sev_encrypt_flash((uint8_t *)padded_ht, sizeof(*padded_ht), errp) < 0) { 1431 ret = false; 1432 } 1433 1434 address_space_unmap(&address_space_memory, padded_ht, 1435 mapped_len, true, mapped_len); 1436 1437 return ret; 1438 } 1439 1440 static char * 1441 sev_common_get_sev_device(Object *obj, Error **errp) 1442 { 1443 return g_strdup(SEV_COMMON(obj)->sev_device); 1444 } 1445 1446 static void 1447 sev_common_set_sev_device(Object *obj, const char *value, Error **errp) 1448 { 1449 SEV_COMMON(obj)->sev_device = g_strdup(value); 1450 } 1451 1452 static bool sev_common_get_kernel_hashes(Object *obj, Error **errp) 1453 { 1454 return SEV_COMMON(obj)->kernel_hashes; 1455 } 1456 1457 static void sev_common_set_kernel_hashes(Object *obj, bool value, Error **errp) 1458 { 1459 SEV_COMMON(obj)->kernel_hashes = value; 1460 } 1461 1462 static void 1463 sev_common_class_init(ObjectClass *oc, void *data) 1464 { 1465 ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc); 1466 1467 klass->kvm_init = sev_common_kvm_init; 1468 1469 object_class_property_add_str(oc, "sev-device", 1470 sev_common_get_sev_device, 1471 sev_common_set_sev_device); 1472 object_class_property_set_description(oc, "sev-device", 1473 "SEV device to use"); 1474 object_class_property_add_bool(oc, "kernel-hashes", 1475 sev_common_get_kernel_hashes, 1476 sev_common_set_kernel_hashes); 1477 object_class_property_set_description(oc, "kernel-hashes", 1478 "add kernel hashes to guest firmware for measured Linux boot"); 1479 } 1480 1481 static void 1482 sev_common_instance_init(Object *obj) 1483 { 1484 SevCommonState *sev_common = SEV_COMMON(obj); 1485 1486 sev_common->kvm_type = -1; 1487 1488 sev_common->sev_device = g_strdup(DEFAULT_SEV_DEVICE); 1489 1490 object_property_add_uint32_ptr(obj, "cbitpos", &sev_common->cbitpos, 1491 OBJ_PROP_FLAG_READWRITE); 1492 object_property_add_uint32_ptr(obj, "reduced-phys-bits", 1493 &sev_common->reduced_phys_bits, 1494 OBJ_PROP_FLAG_READWRITE); 1495 } 1496 1497 /* sev guest info common to sev/sev-es/sev-snp */ 1498 static const TypeInfo sev_common_info = { 1499 .parent = TYPE_X86_CONFIDENTIAL_GUEST, 1500 .name = TYPE_SEV_COMMON, 1501 .instance_size = sizeof(SevCommonState), 1502 .instance_init = sev_common_instance_init, 1503 .class_size = sizeof(SevCommonStateClass), 1504 .class_init = sev_common_class_init, 1505 .abstract = true, 1506 .interfaces = (InterfaceInfo[]) { 1507 { TYPE_USER_CREATABLE }, 1508 { } 1509 } 1510 }; 1511 1512 static char * 1513 sev_guest_get_dh_cert_file(Object *obj, Error **errp) 1514 { 1515 return g_strdup(SEV_GUEST(obj)->dh_cert_file); 1516 } 1517 1518 static void 1519 sev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp) 1520 { 1521 SEV_GUEST(obj)->dh_cert_file = g_strdup(value); 1522 } 1523 1524 static char * 1525 sev_guest_get_session_file(Object *obj, Error **errp) 1526 { 1527 SevGuestState *sev_guest = SEV_GUEST(obj); 1528 1529 return sev_guest->session_file ? g_strdup(sev_guest->session_file) : NULL; 1530 } 1531 1532 static void 1533 sev_guest_set_session_file(Object *obj, const char *value, Error **errp) 1534 { 1535 SEV_GUEST(obj)->session_file = g_strdup(value); 1536 } 1537 1538 static bool sev_guest_get_legacy_vm_type(Object *obj, Error **errp) 1539 { 1540 return SEV_GUEST(obj)->legacy_vm_type; 1541 } 1542 1543 static void sev_guest_set_legacy_vm_type(Object *obj, bool value, Error **errp) 1544 { 1545 SEV_GUEST(obj)->legacy_vm_type = value; 1546 } 1547 1548 static void 1549 sev_guest_class_init(ObjectClass *oc, void *data) 1550 { 1551 SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); 1552 X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); 1553 1554 klass->launch_start = sev_launch_start; 1555 klass->launch_finish = sev_launch_finish; 1556 klass->kvm_init = sev_kvm_init; 1557 x86_klass->kvm_type = sev_kvm_type; 1558 1559 object_class_property_add_str(oc, "dh-cert-file", 1560 sev_guest_get_dh_cert_file, 1561 sev_guest_set_dh_cert_file); 1562 object_class_property_set_description(oc, "dh-cert-file", 1563 "guest owners DH certificate (encoded with base64)"); 1564 object_class_property_add_str(oc, "session-file", 1565 sev_guest_get_session_file, 1566 sev_guest_set_session_file); 1567 object_class_property_set_description(oc, "session-file", 1568 "guest owners session parameters (encoded with base64)"); 1569 object_class_property_add_bool(oc, "legacy-vm-type", 1570 sev_guest_get_legacy_vm_type, 1571 sev_guest_set_legacy_vm_type); 1572 object_class_property_set_description(oc, "legacy-vm-type", 1573 "use legacy VM type to maintain measurement compatibility with older QEMU or kernel versions."); 1574 } 1575 1576 static void 1577 sev_guest_instance_init(Object *obj) 1578 { 1579 SevGuestState *sev_guest = SEV_GUEST(obj); 1580 1581 sev_guest->policy = DEFAULT_GUEST_POLICY; 1582 object_property_add_uint32_ptr(obj, "handle", &sev_guest->handle, 1583 OBJ_PROP_FLAG_READWRITE); 1584 object_property_add_uint32_ptr(obj, "policy", &sev_guest->policy, 1585 OBJ_PROP_FLAG_READWRITE); 1586 object_apply_compat_props(obj); 1587 } 1588 1589 /* guest info specific sev/sev-es */ 1590 static const TypeInfo sev_guest_info = { 1591 .parent = TYPE_SEV_COMMON, 1592 .name = TYPE_SEV_GUEST, 1593 .instance_size = sizeof(SevGuestState), 1594 .instance_init = sev_guest_instance_init, 1595 .class_init = sev_guest_class_init, 1596 }; 1597 1598 static void 1599 sev_snp_guest_get_policy(Object *obj, Visitor *v, const char *name, 1600 void *opaque, Error **errp) 1601 { 1602 visit_type_uint64(v, name, 1603 (uint64_t *)&SEV_SNP_GUEST(obj)->kvm_start_conf.policy, 1604 errp); 1605 } 1606 1607 static void 1608 sev_snp_guest_set_policy(Object *obj, Visitor *v, const char *name, 1609 void *opaque, Error **errp) 1610 { 1611 visit_type_uint64(v, name, 1612 (uint64_t *)&SEV_SNP_GUEST(obj)->kvm_start_conf.policy, 1613 errp); 1614 } 1615 1616 static char * 1617 sev_snp_guest_get_guest_visible_workarounds(Object *obj, Error **errp) 1618 { 1619 return g_strdup(SEV_SNP_GUEST(obj)->guest_visible_workarounds); 1620 } 1621 1622 static void 1623 sev_snp_guest_set_guest_visible_workarounds(Object *obj, const char *value, 1624 Error **errp) 1625 { 1626 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 1627 struct kvm_sev_snp_launch_start *start = &sev_snp_guest->kvm_start_conf; 1628 g_autofree guchar *blob; 1629 gsize len; 1630 1631 g_free(sev_snp_guest->guest_visible_workarounds); 1632 1633 /* store the base64 str so we don't need to re-encode in getter */ 1634 sev_snp_guest->guest_visible_workarounds = g_strdup(value); 1635 1636 blob = qbase64_decode(sev_snp_guest->guest_visible_workarounds, 1637 -1, &len, errp); 1638 if (!blob) { 1639 return; 1640 } 1641 1642 if (len != sizeof(start->gosvw)) { 1643 error_setg(errp, "parameter length of %lu exceeds max of %lu", 1644 len, sizeof(start->gosvw)); 1645 return; 1646 } 1647 1648 memcpy(start->gosvw, blob, len); 1649 } 1650 1651 static char * 1652 sev_snp_guest_get_id_block(Object *obj, Error **errp) 1653 { 1654 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 1655 1656 return g_strdup(sev_snp_guest->id_block); 1657 } 1658 1659 static void 1660 sev_snp_guest_set_id_block(Object *obj, const char *value, Error **errp) 1661 { 1662 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 1663 struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; 1664 gsize len; 1665 1666 g_free(sev_snp_guest->id_block); 1667 g_free((guchar *)finish->id_block_uaddr); 1668 1669 /* store the base64 str so we don't need to re-encode in getter */ 1670 sev_snp_guest->id_block = g_strdup(value); 1671 1672 finish->id_block_uaddr = 1673 (uint64_t)qbase64_decode(sev_snp_guest->id_block, -1, &len, errp); 1674 1675 if (!finish->id_block_uaddr) { 1676 return; 1677 } 1678 1679 if (len != KVM_SEV_SNP_ID_BLOCK_SIZE) { 1680 error_setg(errp, "parameter length of %lu not equal to %u", 1681 len, KVM_SEV_SNP_ID_BLOCK_SIZE); 1682 return; 1683 } 1684 1685 finish->id_block_en = (len) ? 1 : 0; 1686 } 1687 1688 static char * 1689 sev_snp_guest_get_id_auth(Object *obj, Error **errp) 1690 { 1691 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 1692 1693 return g_strdup(sev_snp_guest->id_auth); 1694 } 1695 1696 static void 1697 sev_snp_guest_set_id_auth(Object *obj, const char *value, Error **errp) 1698 { 1699 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 1700 struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; 1701 gsize len; 1702 1703 g_free(sev_snp_guest->id_auth); 1704 g_free((guchar *)finish->id_auth_uaddr); 1705 1706 /* store the base64 str so we don't need to re-encode in getter */ 1707 sev_snp_guest->id_auth = g_strdup(value); 1708 1709 finish->id_auth_uaddr = 1710 (uint64_t)qbase64_decode(sev_snp_guest->id_auth, -1, &len, errp); 1711 1712 if (!finish->id_auth_uaddr) { 1713 return; 1714 } 1715 1716 if (len > KVM_SEV_SNP_ID_AUTH_SIZE) { 1717 error_setg(errp, "parameter length:ID_AUTH %lu exceeds max of %u", 1718 len, KVM_SEV_SNP_ID_AUTH_SIZE); 1719 return; 1720 } 1721 } 1722 1723 static bool 1724 sev_snp_guest_get_author_key_enabled(Object *obj, Error **errp) 1725 { 1726 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 1727 1728 return !!sev_snp_guest->kvm_finish_conf.auth_key_en; 1729 } 1730 1731 static void 1732 sev_snp_guest_set_author_key_enabled(Object *obj, bool value, Error **errp) 1733 { 1734 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 1735 1736 sev_snp_guest->kvm_finish_conf.auth_key_en = value; 1737 } 1738 1739 static bool 1740 sev_snp_guest_get_vcek_disabled(Object *obj, Error **errp) 1741 { 1742 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 1743 1744 return !!sev_snp_guest->kvm_finish_conf.vcek_disabled; 1745 } 1746 1747 static void 1748 sev_snp_guest_set_vcek_disabled(Object *obj, bool value, Error **errp) 1749 { 1750 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 1751 1752 sev_snp_guest->kvm_finish_conf.vcek_disabled = value; 1753 } 1754 1755 static char * 1756 sev_snp_guest_get_host_data(Object *obj, Error **errp) 1757 { 1758 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 1759 1760 return g_strdup(sev_snp_guest->host_data); 1761 } 1762 1763 static void 1764 sev_snp_guest_set_host_data(Object *obj, const char *value, Error **errp) 1765 { 1766 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 1767 struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; 1768 g_autofree guchar *blob; 1769 gsize len; 1770 1771 g_free(sev_snp_guest->host_data); 1772 1773 /* store the base64 str so we don't need to re-encode in getter */ 1774 sev_snp_guest->host_data = g_strdup(value); 1775 1776 blob = qbase64_decode(sev_snp_guest->host_data, -1, &len, errp); 1777 1778 if (!blob) { 1779 return; 1780 } 1781 1782 if (len != sizeof(finish->host_data)) { 1783 error_setg(errp, "parameter length of %lu not equal to %lu", 1784 len, sizeof(finish->host_data)); 1785 return; 1786 } 1787 1788 memcpy(finish->host_data, blob, len); 1789 } 1790 1791 static void 1792 sev_snp_guest_class_init(ObjectClass *oc, void *data) 1793 { 1794 SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); 1795 X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); 1796 1797 klass->kvm_init = sev_snp_kvm_init; 1798 x86_klass->kvm_type = sev_snp_kvm_type; 1799 1800 object_class_property_add(oc, "policy", "uint64", 1801 sev_snp_guest_get_policy, 1802 sev_snp_guest_set_policy, NULL, NULL); 1803 object_class_property_add_str(oc, "guest-visible-workarounds", 1804 sev_snp_guest_get_guest_visible_workarounds, 1805 sev_snp_guest_set_guest_visible_workarounds); 1806 object_class_property_add_str(oc, "id-block", 1807 sev_snp_guest_get_id_block, 1808 sev_snp_guest_set_id_block); 1809 object_class_property_add_str(oc, "id-auth", 1810 sev_snp_guest_get_id_auth, 1811 sev_snp_guest_set_id_auth); 1812 object_class_property_add_bool(oc, "author-key-enabled", 1813 sev_snp_guest_get_author_key_enabled, 1814 sev_snp_guest_set_author_key_enabled); 1815 object_class_property_add_bool(oc, "vcek-required", 1816 sev_snp_guest_get_vcek_disabled, 1817 sev_snp_guest_set_vcek_disabled); 1818 object_class_property_add_str(oc, "host-data", 1819 sev_snp_guest_get_host_data, 1820 sev_snp_guest_set_host_data); 1821 } 1822 1823 static void 1824 sev_snp_guest_instance_init(Object *obj) 1825 { 1826 ConfidentialGuestSupport *cgs = CONFIDENTIAL_GUEST_SUPPORT(obj); 1827 SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); 1828 1829 cgs->require_guest_memfd = true; 1830 1831 /* default init/start/finish params for kvm */ 1832 sev_snp_guest->kvm_start_conf.policy = DEFAULT_SEV_SNP_POLICY; 1833 } 1834 1835 /* guest info specific to sev-snp */ 1836 static const TypeInfo sev_snp_guest_info = { 1837 .parent = TYPE_SEV_COMMON, 1838 .name = TYPE_SEV_SNP_GUEST, 1839 .instance_size = sizeof(SevSnpGuestState), 1840 .class_init = sev_snp_guest_class_init, 1841 .instance_init = sev_snp_guest_instance_init, 1842 }; 1843 1844 static void 1845 sev_register_types(void) 1846 { 1847 type_register_static(&sev_common_info); 1848 type_register_static(&sev_guest_info); 1849 type_register_static(&sev_snp_guest_info); 1850 } 1851 1852 type_init(sev_register_types); 1853