1 /* 2 * QEMU SEV support 3 * 4 * Copyright Advanced Micro Devices 2016-2018 5 * 6 * Author: 7 * Brijesh Singh <brijesh.singh@amd.com> 8 * 9 * This work is licensed under the terms of the GNU GPL, version 2 or later. 10 * See the COPYING file in the top-level directory. 11 * 12 */ 13 14 #include "qemu/osdep.h" 15 16 #include <linux/kvm.h> 17 #include <linux/psp-sev.h> 18 19 #include <sys/ioctl.h> 20 21 #include "qapi/error.h" 22 #include "qom/object_interfaces.h" 23 #include "qemu/base64.h" 24 #include "qemu/module.h" 25 #include "qemu/uuid.h" 26 #include "sysemu/kvm.h" 27 #include "sev_i386.h" 28 #include "sysemu/sysemu.h" 29 #include "sysemu/runstate.h" 30 #include "trace.h" 31 #include "migration/blocker.h" 32 #include "qom/object.h" 33 #include "exec/address-spaces.h" 34 #include "monitor/monitor.h" 35 #include "exec/confidential-guest-support.h" 36 #include "hw/i386/pc.h" 37 38 #define TYPE_SEV_GUEST "sev-guest" 39 OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST) 40 41 42 /** 43 * SevGuestState: 44 * 45 * The SevGuestState object is used for creating and managing a SEV 46 * guest. 47 * 48 * # $QEMU \ 49 * -object sev-guest,id=sev0 \ 50 * -machine ...,memory-encryption=sev0 51 */ 52 struct SevGuestState { 53 ConfidentialGuestSupport parent_obj; 54 55 /* configuration parameters */ 56 char *sev_device; 57 uint32_t policy; 58 char *dh_cert_file; 59 char *session_file; 60 uint32_t cbitpos; 61 uint32_t reduced_phys_bits; 62 63 /* runtime state */ 64 uint32_t handle; 65 uint8_t api_major; 66 uint8_t api_minor; 67 uint8_t build_id; 68 uint64_t me_mask; 69 int sev_fd; 70 SevState state; 71 gchar *measurement; 72 73 uint32_t reset_cs; 74 uint32_t reset_ip; 75 bool reset_data_valid; 76 }; 77 78 #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ 79 #define DEFAULT_SEV_DEVICE "/dev/sev" 80 81 #define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e" 82 typedef struct __attribute__((__packed__)) SevInfoBlock { 83 /* SEV-ES Reset Vector Address */ 84 uint32_t reset_addr; 85 } SevInfoBlock; 86 87 static SevGuestState *sev_guest; 88 static Error *sev_mig_blocker; 89 90 static const char *const sev_fw_errlist[] = { 91 "", 92 "Platform state is invalid", 93 "Guest state is invalid", 94 "Platform configuration is invalid", 95 "Buffer too small", 96 "Platform is already owned", 97 "Certificate is invalid", 98 "Policy is not allowed", 99 "Guest is not active", 100 "Invalid address", 101 "Bad signature", 102 "Bad measurement", 103 "Asid is already owned", 104 "Invalid ASID", 105 "WBINVD is required", 106 "DF_FLUSH is required", 107 "Guest handle is invalid", 108 "Invalid command", 109 "Guest is active", 110 "Hardware error", 111 "Hardware unsafe", 112 "Feature not supported", 113 "Invalid parameter" 114 }; 115 116 #define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) 117 118 static int 119 sev_ioctl(int fd, int cmd, void *data, int *error) 120 { 121 int r; 122 struct kvm_sev_cmd input; 123 124 memset(&input, 0x0, sizeof(input)); 125 126 input.id = cmd; 127 input.sev_fd = fd; 128 input.data = (__u64)(unsigned long)data; 129 130 r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &input); 131 132 if (error) { 133 *error = input.error; 134 } 135 136 return r; 137 } 138 139 static int 140 sev_platform_ioctl(int fd, int cmd, void *data, int *error) 141 { 142 int r; 143 struct sev_issue_cmd arg; 144 145 arg.cmd = cmd; 146 arg.data = (unsigned long)data; 147 r = ioctl(fd, SEV_ISSUE_CMD, &arg); 148 if (error) { 149 *error = arg.error; 150 } 151 152 return r; 153 } 154 155 static const char * 156 fw_error_to_str(int code) 157 { 158 if (code < 0 || code >= SEV_FW_MAX_ERROR) { 159 return "unknown error"; 160 } 161 162 return sev_fw_errlist[code]; 163 } 164 165 static bool 166 sev_check_state(const SevGuestState *sev, SevState state) 167 { 168 assert(sev); 169 return sev->state == state ? true : false; 170 } 171 172 static void 173 sev_set_guest_state(SevGuestState *sev, SevState new_state) 174 { 175 assert(new_state < SEV_STATE__MAX); 176 assert(sev); 177 178 trace_kvm_sev_change_state(SevState_str(sev->state), 179 SevState_str(new_state)); 180 sev->state = new_state; 181 } 182 183 static void 184 sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size) 185 { 186 int r; 187 struct kvm_enc_region range; 188 ram_addr_t offset; 189 MemoryRegion *mr; 190 191 /* 192 * The RAM device presents a memory region that should be treated 193 * as IO region and should not be pinned. 194 */ 195 mr = memory_region_from_host(host, &offset); 196 if (mr && memory_region_is_ram_device(mr)) { 197 return; 198 } 199 200 range.addr = (__u64)(unsigned long)host; 201 range.size = size; 202 203 trace_kvm_memcrypt_register_region(host, size); 204 r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_REG_REGION, &range); 205 if (r) { 206 error_report("%s: failed to register region (%p+%#zx) error '%s'", 207 __func__, host, size, strerror(errno)); 208 exit(1); 209 } 210 } 211 212 static void 213 sev_ram_block_removed(RAMBlockNotifier *n, void *host, size_t size) 214 { 215 int r; 216 struct kvm_enc_region range; 217 ram_addr_t offset; 218 MemoryRegion *mr; 219 220 /* 221 * The RAM device presents a memory region that should be treated 222 * as IO region and should not have been pinned. 223 */ 224 mr = memory_region_from_host(host, &offset); 225 if (mr && memory_region_is_ram_device(mr)) { 226 return; 227 } 228 229 range.addr = (__u64)(unsigned long)host; 230 range.size = size; 231 232 trace_kvm_memcrypt_unregister_region(host, size); 233 r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_UNREG_REGION, &range); 234 if (r) { 235 error_report("%s: failed to unregister region (%p+%#zx)", 236 __func__, host, size); 237 } 238 } 239 240 static struct RAMBlockNotifier sev_ram_notifier = { 241 .ram_block_added = sev_ram_block_added, 242 .ram_block_removed = sev_ram_block_removed, 243 }; 244 245 static void 246 sev_guest_finalize(Object *obj) 247 { 248 } 249 250 static char * 251 sev_guest_get_session_file(Object *obj, Error **errp) 252 { 253 SevGuestState *s = SEV_GUEST(obj); 254 255 return s->session_file ? g_strdup(s->session_file) : NULL; 256 } 257 258 static void 259 sev_guest_set_session_file(Object *obj, const char *value, Error **errp) 260 { 261 SevGuestState *s = SEV_GUEST(obj); 262 263 s->session_file = g_strdup(value); 264 } 265 266 static char * 267 sev_guest_get_dh_cert_file(Object *obj, Error **errp) 268 { 269 SevGuestState *s = SEV_GUEST(obj); 270 271 return g_strdup(s->dh_cert_file); 272 } 273 274 static void 275 sev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp) 276 { 277 SevGuestState *s = SEV_GUEST(obj); 278 279 s->dh_cert_file = g_strdup(value); 280 } 281 282 static char * 283 sev_guest_get_sev_device(Object *obj, Error **errp) 284 { 285 SevGuestState *sev = SEV_GUEST(obj); 286 287 return g_strdup(sev->sev_device); 288 } 289 290 static void 291 sev_guest_set_sev_device(Object *obj, const char *value, Error **errp) 292 { 293 SevGuestState *sev = SEV_GUEST(obj); 294 295 sev->sev_device = g_strdup(value); 296 } 297 298 static void 299 sev_guest_class_init(ObjectClass *oc, void *data) 300 { 301 object_class_property_add_str(oc, "sev-device", 302 sev_guest_get_sev_device, 303 sev_guest_set_sev_device); 304 object_class_property_set_description(oc, "sev-device", 305 "SEV device to use"); 306 object_class_property_add_str(oc, "dh-cert-file", 307 sev_guest_get_dh_cert_file, 308 sev_guest_set_dh_cert_file); 309 object_class_property_set_description(oc, "dh-cert-file", 310 "guest owners DH certificate (encoded with base64)"); 311 object_class_property_add_str(oc, "session-file", 312 sev_guest_get_session_file, 313 sev_guest_set_session_file); 314 object_class_property_set_description(oc, "session-file", 315 "guest owners session parameters (encoded with base64)"); 316 } 317 318 static void 319 sev_guest_instance_init(Object *obj) 320 { 321 SevGuestState *sev = SEV_GUEST(obj); 322 323 sev->sev_device = g_strdup(DEFAULT_SEV_DEVICE); 324 sev->policy = DEFAULT_GUEST_POLICY; 325 object_property_add_uint32_ptr(obj, "policy", &sev->policy, 326 OBJ_PROP_FLAG_READWRITE); 327 object_property_add_uint32_ptr(obj, "handle", &sev->handle, 328 OBJ_PROP_FLAG_READWRITE); 329 object_property_add_uint32_ptr(obj, "cbitpos", &sev->cbitpos, 330 OBJ_PROP_FLAG_READWRITE); 331 object_property_add_uint32_ptr(obj, "reduced-phys-bits", 332 &sev->reduced_phys_bits, 333 OBJ_PROP_FLAG_READWRITE); 334 } 335 336 /* sev guest info */ 337 static const TypeInfo sev_guest_info = { 338 .parent = TYPE_CONFIDENTIAL_GUEST_SUPPORT, 339 .name = TYPE_SEV_GUEST, 340 .instance_size = sizeof(SevGuestState), 341 .instance_finalize = sev_guest_finalize, 342 .class_init = sev_guest_class_init, 343 .instance_init = sev_guest_instance_init, 344 .interfaces = (InterfaceInfo[]) { 345 { TYPE_USER_CREATABLE }, 346 { } 347 } 348 }; 349 350 bool 351 sev_enabled(void) 352 { 353 return !!sev_guest; 354 } 355 356 bool 357 sev_es_enabled(void) 358 { 359 return false; 360 } 361 362 uint64_t 363 sev_get_me_mask(void) 364 { 365 return sev_guest ? sev_guest->me_mask : ~0; 366 } 367 368 uint32_t 369 sev_get_cbit_position(void) 370 { 371 return sev_guest ? sev_guest->cbitpos : 0; 372 } 373 374 uint32_t 375 sev_get_reduced_phys_bits(void) 376 { 377 return sev_guest ? sev_guest->reduced_phys_bits : 0; 378 } 379 380 SevInfo * 381 sev_get_info(void) 382 { 383 SevInfo *info; 384 385 info = g_new0(SevInfo, 1); 386 info->enabled = sev_enabled(); 387 388 if (info->enabled) { 389 info->api_major = sev_guest->api_major; 390 info->api_minor = sev_guest->api_minor; 391 info->build_id = sev_guest->build_id; 392 info->policy = sev_guest->policy; 393 info->state = sev_guest->state; 394 info->handle = sev_guest->handle; 395 } 396 397 return info; 398 } 399 400 static int 401 sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len, guchar **cert_chain, 402 size_t *cert_chain_len, Error **errp) 403 { 404 guchar *pdh_data = NULL; 405 guchar *cert_chain_data = NULL; 406 struct sev_user_data_pdh_cert_export export = {}; 407 int err, r; 408 409 /* query the certificate length */ 410 r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err); 411 if (r < 0) { 412 if (err != SEV_RET_INVALID_LEN) { 413 error_setg(errp, "failed to export PDH cert ret=%d fw_err=%d (%s)", 414 r, err, fw_error_to_str(err)); 415 return 1; 416 } 417 } 418 419 pdh_data = g_new(guchar, export.pdh_cert_len); 420 cert_chain_data = g_new(guchar, export.cert_chain_len); 421 export.pdh_cert_address = (unsigned long)pdh_data; 422 export.cert_chain_address = (unsigned long)cert_chain_data; 423 424 r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err); 425 if (r < 0) { 426 error_setg(errp, "failed to export PDH cert ret=%d fw_err=%d (%s)", 427 r, err, fw_error_to_str(err)); 428 goto e_free; 429 } 430 431 *pdh = pdh_data; 432 *pdh_len = export.pdh_cert_len; 433 *cert_chain = cert_chain_data; 434 *cert_chain_len = export.cert_chain_len; 435 return 0; 436 437 e_free: 438 g_free(pdh_data); 439 g_free(cert_chain_data); 440 return 1; 441 } 442 443 SevCapability * 444 sev_get_capabilities(Error **errp) 445 { 446 SevCapability *cap = NULL; 447 guchar *pdh_data = NULL; 448 guchar *cert_chain_data = NULL; 449 size_t pdh_len = 0, cert_chain_len = 0; 450 uint32_t ebx; 451 int fd; 452 453 if (!kvm_enabled()) { 454 error_setg(errp, "KVM not enabled"); 455 return NULL; 456 } 457 if (kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, NULL) < 0) { 458 error_setg(errp, "SEV is not enabled in KVM"); 459 return NULL; 460 } 461 462 fd = open(DEFAULT_SEV_DEVICE, O_RDWR); 463 if (fd < 0) { 464 error_setg_errno(errp, errno, "Failed to open %s", 465 DEFAULT_SEV_DEVICE); 466 return NULL; 467 } 468 469 if (sev_get_pdh_info(fd, &pdh_data, &pdh_len, 470 &cert_chain_data, &cert_chain_len, errp)) { 471 goto out; 472 } 473 474 cap = g_new0(SevCapability, 1); 475 cap->pdh = g_base64_encode(pdh_data, pdh_len); 476 cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len); 477 478 host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); 479 cap->cbitpos = ebx & 0x3f; 480 481 /* 482 * When SEV feature is enabled, we loose one bit in guest physical 483 * addressing. 484 */ 485 cap->reduced_phys_bits = 1; 486 487 out: 488 g_free(pdh_data); 489 g_free(cert_chain_data); 490 close(fd); 491 return cap; 492 } 493 494 static int 495 sev_read_file_base64(const char *filename, guchar **data, gsize *len) 496 { 497 gsize sz; 498 gchar *base64; 499 GError *error = NULL; 500 501 if (!g_file_get_contents(filename, &base64, &sz, &error)) { 502 error_report("failed to read '%s' (%s)", filename, error->message); 503 g_error_free(error); 504 return -1; 505 } 506 507 *data = g_base64_decode(base64, len); 508 return 0; 509 } 510 511 static int 512 sev_launch_start(SevGuestState *sev) 513 { 514 gsize sz; 515 int ret = 1; 516 int fw_error, rc; 517 struct kvm_sev_launch_start *start; 518 guchar *session = NULL, *dh_cert = NULL; 519 520 start = g_new0(struct kvm_sev_launch_start, 1); 521 522 start->handle = sev->handle; 523 start->policy = sev->policy; 524 if (sev->session_file) { 525 if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) { 526 goto out; 527 } 528 start->session_uaddr = (unsigned long)session; 529 start->session_len = sz; 530 } 531 532 if (sev->dh_cert_file) { 533 if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) { 534 goto out; 535 } 536 start->dh_uaddr = (unsigned long)dh_cert; 537 start->dh_len = sz; 538 } 539 540 trace_kvm_sev_launch_start(start->policy, session, dh_cert); 541 rc = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_START, start, &fw_error); 542 if (rc < 0) { 543 error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'", 544 __func__, ret, fw_error, fw_error_to_str(fw_error)); 545 goto out; 546 } 547 548 sev_set_guest_state(sev, SEV_STATE_LAUNCH_UPDATE); 549 sev->handle = start->handle; 550 ret = 0; 551 552 out: 553 g_free(start); 554 g_free(session); 555 g_free(dh_cert); 556 return ret; 557 } 558 559 static int 560 sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) 561 { 562 int ret, fw_error; 563 struct kvm_sev_launch_update_data update; 564 565 if (!addr || !len) { 566 return 1; 567 } 568 569 update.uaddr = (__u64)(unsigned long)addr; 570 update.len = len; 571 trace_kvm_sev_launch_update_data(addr, len); 572 ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, 573 &update, &fw_error); 574 if (ret) { 575 error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", 576 __func__, ret, fw_error, fw_error_to_str(fw_error)); 577 } 578 579 return ret; 580 } 581 582 static int 583 sev_launch_update_vmsa(SevGuestState *sev) 584 { 585 int ret, fw_error; 586 587 ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL, &fw_error); 588 if (ret) { 589 error_report("%s: LAUNCH_UPDATE_VMSA ret=%d fw_error=%d '%s'", 590 __func__, ret, fw_error, fw_error_to_str(fw_error)); 591 } 592 593 return ret; 594 } 595 596 static void 597 sev_launch_get_measure(Notifier *notifier, void *unused) 598 { 599 SevGuestState *sev = sev_guest; 600 int ret, error; 601 guchar *data; 602 struct kvm_sev_launch_measure *measurement; 603 604 if (!sev_check_state(sev, SEV_STATE_LAUNCH_UPDATE)) { 605 return; 606 } 607 608 if (sev_es_enabled()) { 609 /* measure all the VM save areas before getting launch_measure */ 610 ret = sev_launch_update_vmsa(sev); 611 if (ret) { 612 exit(1); 613 } 614 } 615 616 measurement = g_new0(struct kvm_sev_launch_measure, 1); 617 618 /* query the measurement blob length */ 619 ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE, 620 measurement, &error); 621 if (!measurement->len) { 622 error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", 623 __func__, ret, error, fw_error_to_str(errno)); 624 goto free_measurement; 625 } 626 627 data = g_new0(guchar, measurement->len); 628 measurement->uaddr = (unsigned long)data; 629 630 /* get the measurement blob */ 631 ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE, 632 measurement, &error); 633 if (ret) { 634 error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", 635 __func__, ret, error, fw_error_to_str(errno)); 636 goto free_data; 637 } 638 639 sev_set_guest_state(sev, SEV_STATE_LAUNCH_SECRET); 640 641 /* encode the measurement value and emit the event */ 642 sev->measurement = g_base64_encode(data, measurement->len); 643 trace_kvm_sev_launch_measurement(sev->measurement); 644 645 free_data: 646 g_free(data); 647 free_measurement: 648 g_free(measurement); 649 } 650 651 char * 652 sev_get_launch_measurement(void) 653 { 654 if (sev_guest && 655 sev_guest->state >= SEV_STATE_LAUNCH_SECRET) { 656 return g_strdup(sev_guest->measurement); 657 } 658 659 return NULL; 660 } 661 662 static Notifier sev_machine_done_notify = { 663 .notify = sev_launch_get_measure, 664 }; 665 666 static void 667 sev_launch_finish(SevGuestState *sev) 668 { 669 int ret, error; 670 Error *local_err = NULL; 671 672 trace_kvm_sev_launch_finish(); 673 ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, &error); 674 if (ret) { 675 error_report("%s: LAUNCH_FINISH ret=%d fw_error=%d '%s'", 676 __func__, ret, error, fw_error_to_str(error)); 677 exit(1); 678 } 679 680 sev_set_guest_state(sev, SEV_STATE_RUNNING); 681 682 /* add migration blocker */ 683 error_setg(&sev_mig_blocker, 684 "SEV: Migration is not implemented"); 685 ret = migrate_add_blocker(sev_mig_blocker, &local_err); 686 if (local_err) { 687 error_report_err(local_err); 688 error_free(sev_mig_blocker); 689 exit(1); 690 } 691 } 692 693 static void 694 sev_vm_state_change(void *opaque, int running, RunState state) 695 { 696 SevGuestState *sev = opaque; 697 698 if (running) { 699 if (!sev_check_state(sev, SEV_STATE_RUNNING)) { 700 sev_launch_finish(sev); 701 } 702 } 703 } 704 705 int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) 706 { 707 SevGuestState *sev 708 = (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUEST); 709 char *devname; 710 int ret, fw_error, cmd; 711 uint32_t ebx; 712 uint32_t host_cbitpos; 713 struct sev_user_data_status status = {}; 714 715 if (!sev) { 716 return 0; 717 } 718 719 ret = ram_block_discard_disable(true); 720 if (ret) { 721 error_report("%s: cannot disable RAM discard", __func__); 722 return -1; 723 } 724 725 sev_guest = sev; 726 sev->state = SEV_STATE_UNINIT; 727 728 host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); 729 host_cbitpos = ebx & 0x3f; 730 731 if (host_cbitpos != sev->cbitpos) { 732 error_setg(errp, "%s: cbitpos check failed, host '%d' requested '%d'", 733 __func__, host_cbitpos, sev->cbitpos); 734 goto err; 735 } 736 737 if (sev->reduced_phys_bits < 1) { 738 error_setg(errp, "%s: reduced_phys_bits check failed, it should be >=1," 739 " requested '%d'", __func__, sev->reduced_phys_bits); 740 goto err; 741 } 742 743 sev->me_mask = ~(1UL << sev->cbitpos); 744 745 devname = object_property_get_str(OBJECT(sev), "sev-device", NULL); 746 sev->sev_fd = open(devname, O_RDWR); 747 if (sev->sev_fd < 0) { 748 error_setg(errp, "%s: Failed to open %s '%s'", __func__, 749 devname, strerror(errno)); 750 g_free(devname); 751 goto err; 752 } 753 g_free(devname); 754 755 ret = sev_platform_ioctl(sev->sev_fd, SEV_PLATFORM_STATUS, &status, 756 &fw_error); 757 if (ret) { 758 error_setg(errp, "%s: failed to get platform status ret=%d " 759 "fw_error='%d: %s'", __func__, ret, fw_error, 760 fw_error_to_str(fw_error)); 761 goto err; 762 } 763 sev->build_id = status.build; 764 sev->api_major = status.api_major; 765 sev->api_minor = status.api_minor; 766 767 if (sev_es_enabled()) { 768 if (!kvm_kernel_irqchip_allowed()) { 769 error_report("%s: SEV-ES guests require in-kernel irqchip support", 770 __func__); 771 goto err; 772 } 773 774 if (!(status.flags & SEV_STATUS_FLAGS_CONFIG_ES)) { 775 error_report("%s: guest policy requires SEV-ES, but " 776 "host SEV-ES support unavailable", 777 __func__); 778 goto err; 779 } 780 cmd = KVM_SEV_ES_INIT; 781 } else { 782 cmd = KVM_SEV_INIT; 783 } 784 785 trace_kvm_sev_init(); 786 ret = sev_ioctl(sev->sev_fd, cmd, NULL, &fw_error); 787 if (ret) { 788 error_setg(errp, "%s: failed to initialize ret=%d fw_error=%d '%s'", 789 __func__, ret, fw_error, fw_error_to_str(fw_error)); 790 goto err; 791 } 792 793 ret = sev_launch_start(sev); 794 if (ret) { 795 error_setg(errp, "%s: failed to create encryption context", __func__); 796 goto err; 797 } 798 799 ram_block_notifier_add(&sev_ram_notifier); 800 qemu_add_machine_init_done_notifier(&sev_machine_done_notify); 801 qemu_add_vm_change_state_handler(sev_vm_state_change, sev); 802 803 cgs->ready = true; 804 805 return 0; 806 err: 807 sev_guest = NULL; 808 ram_block_discard_disable(false); 809 return -1; 810 } 811 812 int 813 sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) 814 { 815 if (!sev_guest) { 816 return 0; 817 } 818 819 /* if SEV is in update state then encrypt the data else do nothing */ 820 if (sev_check_state(sev_guest, SEV_STATE_LAUNCH_UPDATE)) { 821 int ret = sev_launch_update_data(sev_guest, ptr, len); 822 if (ret < 0) { 823 error_setg(errp, "failed to encrypt pflash rom"); 824 return ret; 825 } 826 } 827 828 return 0; 829 } 830 831 int sev_inject_launch_secret(const char *packet_hdr, const char *secret, 832 uint64_t gpa, Error **errp) 833 { 834 struct kvm_sev_launch_secret input; 835 g_autofree guchar *data = NULL, *hdr = NULL; 836 int error, ret = 1; 837 void *hva; 838 gsize hdr_sz = 0, data_sz = 0; 839 MemoryRegion *mr = NULL; 840 841 if (!sev_guest) { 842 error_setg(errp, "SEV: SEV not enabled."); 843 return 1; 844 } 845 846 /* secret can be injected only in this state */ 847 if (!sev_check_state(sev_guest, SEV_STATE_LAUNCH_SECRET)) { 848 error_setg(errp, "SEV: Not in correct state. (LSECRET) %x", 849 sev_guest->state); 850 return 1; 851 } 852 853 hdr = g_base64_decode(packet_hdr, &hdr_sz); 854 if (!hdr || !hdr_sz) { 855 error_setg(errp, "SEV: Failed to decode sequence header"); 856 return 1; 857 } 858 859 data = g_base64_decode(secret, &data_sz); 860 if (!data || !data_sz) { 861 error_setg(errp, "SEV: Failed to decode data"); 862 return 1; 863 } 864 865 hva = gpa2hva(&mr, gpa, data_sz, errp); 866 if (!hva) { 867 error_prepend(errp, "SEV: Failed to calculate guest address: "); 868 return 1; 869 } 870 871 input.hdr_uaddr = (uint64_t)(unsigned long)hdr; 872 input.hdr_len = hdr_sz; 873 874 input.trans_uaddr = (uint64_t)(unsigned long)data; 875 input.trans_len = data_sz; 876 877 input.guest_uaddr = (uint64_t)(unsigned long)hva; 878 input.guest_len = data_sz; 879 880 trace_kvm_sev_launch_secret(gpa, input.guest_uaddr, 881 input.trans_uaddr, input.trans_len); 882 883 ret = sev_ioctl(sev_guest->sev_fd, KVM_SEV_LAUNCH_SECRET, 884 &input, &error); 885 if (ret) { 886 error_setg(errp, "SEV: failed to inject secret ret=%d fw_error=%d '%s'", 887 ret, error, fw_error_to_str(error)); 888 return ret; 889 } 890 891 return 0; 892 } 893 894 static int 895 sev_es_parse_reset_block(SevInfoBlock *info, uint32_t *addr) 896 { 897 if (!info->reset_addr) { 898 error_report("SEV-ES reset address is zero"); 899 return 1; 900 } 901 902 *addr = info->reset_addr; 903 904 return 0; 905 } 906 907 static int 908 sev_es_find_reset_vector(void *flash_ptr, uint64_t flash_size, 909 uint32_t *addr) 910 { 911 QemuUUID info_guid, *guid; 912 SevInfoBlock *info; 913 uint8_t *data; 914 uint16_t *len; 915 916 /* 917 * Initialize the address to zero. An address of zero with a successful 918 * return code indicates that SEV-ES is not active. 919 */ 920 *addr = 0; 921 922 /* 923 * Extract the AP reset vector for SEV-ES guests by locating the SEV GUID. 924 * The SEV GUID is located on its own (original implementation) or within 925 * the Firmware GUID Table (new implementation), either of which are 926 * located 32 bytes from the end of the flash. 927 * 928 * Check the Firmware GUID Table first. 929 */ 930 if (pc_system_ovmf_table_find(SEV_INFO_BLOCK_GUID, &data, NULL)) { 931 return sev_es_parse_reset_block((SevInfoBlock *)data, addr); 932 } 933 934 /* 935 * SEV info block not found in the Firmware GUID Table (or there isn't 936 * a Firmware GUID Table), fall back to the original implementation. 937 */ 938 data = flash_ptr + flash_size - 0x20; 939 940 qemu_uuid_parse(SEV_INFO_BLOCK_GUID, &info_guid); 941 info_guid = qemu_uuid_bswap(info_guid); /* GUIDs are LE */ 942 943 guid = (QemuUUID *)(data - sizeof(info_guid)); 944 if (!qemu_uuid_is_equal(guid, &info_guid)) { 945 error_report("SEV information block/Firmware GUID Table block not found in pflash rom"); 946 return 1; 947 } 948 949 len = (uint16_t *)((uint8_t *)guid - sizeof(*len)); 950 info = (SevInfoBlock *)(data - le16_to_cpu(*len)); 951 952 return sev_es_parse_reset_block(info, addr); 953 } 954 955 void sev_es_set_reset_vector(CPUState *cpu) 956 { 957 X86CPU *x86; 958 CPUX86State *env; 959 960 /* Only update if we have valid reset information */ 961 if (!sev_guest || !sev_guest->reset_data_valid) { 962 return; 963 } 964 965 /* Do not update the BSP reset state */ 966 if (cpu->cpu_index == 0) { 967 return; 968 } 969 970 x86 = X86_CPU(cpu); 971 env = &x86->env; 972 973 cpu_x86_load_seg_cache(env, R_CS, 0xf000, sev_guest->reset_cs, 0xffff, 974 DESC_P_MASK | DESC_S_MASK | DESC_CS_MASK | 975 DESC_R_MASK | DESC_A_MASK); 976 977 env->eip = sev_guest->reset_ip; 978 } 979 980 int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size) 981 { 982 CPUState *cpu; 983 uint32_t addr; 984 int ret; 985 986 if (!sev_es_enabled()) { 987 return 0; 988 } 989 990 addr = 0; 991 ret = sev_es_find_reset_vector(flash_ptr, flash_size, 992 &addr); 993 if (ret) { 994 return ret; 995 } 996 997 if (addr) { 998 sev_guest->reset_cs = addr & 0xffff0000; 999 sev_guest->reset_ip = addr & 0x0000ffff; 1000 sev_guest->reset_data_valid = true; 1001 1002 CPU_FOREACH(cpu) { 1003 sev_es_set_reset_vector(cpu); 1004 } 1005 } 1006 1007 return 0; 1008 } 1009 1010 static void 1011 sev_register_types(void) 1012 { 1013 type_register_static(&sev_guest_info); 1014 } 1015 1016 type_init(sev_register_types); 1017