xref: /openbmc/qemu/target/i386/sev.c (revision b4b9a0e3)
1 /*
2  * QEMU SEV support
3  *
4  * Copyright Advanced Micro Devices 2016-2018
5  *
6  * Author:
7  *      Brijesh Singh <brijesh.singh@amd.com>
8  *
9  * This work is licensed under the terms of the GNU GPL, version 2 or later.
10  * See the COPYING file in the top-level directory.
11  *
12  */
13 
14 #include "qemu/osdep.h"
15 
16 #include <linux/kvm.h>
17 #include <linux/psp-sev.h>
18 
19 #include <sys/ioctl.h>
20 
21 #include "qapi/error.h"
22 #include "qom/object_interfaces.h"
23 #include "qemu/base64.h"
24 #include "qemu/module.h"
25 #include "qemu/uuid.h"
26 #include "crypto/hash.h"
27 #include "sysemu/kvm.h"
28 #include "sev.h"
29 #include "sysemu/sysemu.h"
30 #include "sysemu/runstate.h"
31 #include "trace.h"
32 #include "migration/blocker.h"
33 #include "qom/object.h"
34 #include "monitor/monitor.h"
35 #include "monitor/hmp-target.h"
36 #include "qapi/qapi-commands-misc-target.h"
37 #include "qapi/qmp/qerror.h"
38 #include "exec/confidential-guest-support.h"
39 #include "hw/i386/pc.h"
40 
41 #define TYPE_SEV_GUEST "sev-guest"
42 OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST)
43 
44 
45 /**
46  * SevGuestState:
47  *
48  * The SevGuestState object is used for creating and managing a SEV
49  * guest.
50  *
51  * # $QEMU \
52  *         -object sev-guest,id=sev0 \
53  *         -machine ...,memory-encryption=sev0
54  */
55 struct SevGuestState {
56     ConfidentialGuestSupport parent_obj;
57 
58     /* configuration parameters */
59     char *sev_device;
60     uint32_t policy;
61     char *dh_cert_file;
62     char *session_file;
63     uint32_t cbitpos;
64     uint32_t reduced_phys_bits;
65 
66     /* runtime state */
67     uint32_t handle;
68     uint8_t api_major;
69     uint8_t api_minor;
70     uint8_t build_id;
71     int sev_fd;
72     SevState state;
73     gchar *measurement;
74 
75     uint32_t reset_cs;
76     uint32_t reset_ip;
77     bool reset_data_valid;
78 };
79 
80 #define DEFAULT_GUEST_POLICY    0x1 /* disable debug */
81 #define DEFAULT_SEV_DEVICE      "/dev/sev"
82 
83 #define SEV_INFO_BLOCK_GUID     "00f771de-1a7e-4fcb-890e-68c77e2fb44e"
84 typedef struct __attribute__((__packed__)) SevInfoBlock {
85     /* SEV-ES Reset Vector Address */
86     uint32_t reset_addr;
87 } SevInfoBlock;
88 
89 #define SEV_HASH_TABLE_RV_GUID  "7255371f-3a3b-4b04-927b-1da6efa8d454"
90 typedef struct QEMU_PACKED SevHashTableDescriptor {
91     /* SEV hash table area guest address */
92     uint32_t base;
93     /* SEV hash table area size (in bytes) */
94     uint32_t size;
95 } SevHashTableDescriptor;
96 
97 /* hard code sha256 digest size */
98 #define HASH_SIZE 32
99 
100 typedef struct QEMU_PACKED SevHashTableEntry {
101     QemuUUID guid;
102     uint16_t len;
103     uint8_t hash[HASH_SIZE];
104 } SevHashTableEntry;
105 
106 typedef struct QEMU_PACKED SevHashTable {
107     QemuUUID guid;
108     uint16_t len;
109     SevHashTableEntry cmdline;
110     SevHashTableEntry initrd;
111     SevHashTableEntry kernel;
112     uint8_t padding[];
113 } SevHashTable;
114 
115 static SevGuestState *sev_guest;
116 static Error *sev_mig_blocker;
117 
118 static const char *const sev_fw_errlist[] = {
119     [SEV_RET_SUCCESS]                = "",
120     [SEV_RET_INVALID_PLATFORM_STATE] = "Platform state is invalid",
121     [SEV_RET_INVALID_GUEST_STATE]    = "Guest state is invalid",
122     [SEV_RET_INAVLID_CONFIG]         = "Platform configuration is invalid",
123     [SEV_RET_INVALID_LEN]            = "Buffer too small",
124     [SEV_RET_ALREADY_OWNED]          = "Platform is already owned",
125     [SEV_RET_INVALID_CERTIFICATE]    = "Certificate is invalid",
126     [SEV_RET_POLICY_FAILURE]         = "Policy is not allowed",
127     [SEV_RET_INACTIVE]               = "Guest is not active",
128     [SEV_RET_INVALID_ADDRESS]        = "Invalid address",
129     [SEV_RET_BAD_SIGNATURE]          = "Bad signature",
130     [SEV_RET_BAD_MEASUREMENT]        = "Bad measurement",
131     [SEV_RET_ASID_OWNED]             = "ASID is already owned",
132     [SEV_RET_INVALID_ASID]           = "Invalid ASID",
133     [SEV_RET_WBINVD_REQUIRED]        = "WBINVD is required",
134     [SEV_RET_DFFLUSH_REQUIRED]       = "DF_FLUSH is required",
135     [SEV_RET_INVALID_GUEST]          = "Guest handle is invalid",
136     [SEV_RET_INVALID_COMMAND]        = "Invalid command",
137     [SEV_RET_ACTIVE]                 = "Guest is active",
138     [SEV_RET_HWSEV_RET_PLATFORM]     = "Hardware error",
139     [SEV_RET_HWSEV_RET_UNSAFE]       = "Hardware unsafe",
140     [SEV_RET_UNSUPPORTED]            = "Feature not supported",
141     [SEV_RET_INVALID_PARAM]          = "Invalid parameter",
142     [SEV_RET_RESOURCE_LIMIT]         = "Required firmware resource depleted",
143     [SEV_RET_SECURE_DATA_INVALID]    = "Part-specific integrity check failure",
144 };
145 
146 #define SEV_FW_MAX_ERROR      ARRAY_SIZE(sev_fw_errlist)
147 
148 static int
149 sev_ioctl(int fd, int cmd, void *data, int *error)
150 {
151     int r;
152     struct kvm_sev_cmd input;
153 
154     memset(&input, 0x0, sizeof(input));
155 
156     input.id = cmd;
157     input.sev_fd = fd;
158     input.data = (__u64)(unsigned long)data;
159 
160     r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &input);
161 
162     if (error) {
163         *error = input.error;
164     }
165 
166     return r;
167 }
168 
169 static int
170 sev_platform_ioctl(int fd, int cmd, void *data, int *error)
171 {
172     int r;
173     struct sev_issue_cmd arg;
174 
175     arg.cmd = cmd;
176     arg.data = (unsigned long)data;
177     r = ioctl(fd, SEV_ISSUE_CMD, &arg);
178     if (error) {
179         *error = arg.error;
180     }
181 
182     return r;
183 }
184 
185 static const char *
186 fw_error_to_str(int code)
187 {
188     if (code < 0 || code >= SEV_FW_MAX_ERROR) {
189         return "unknown error";
190     }
191 
192     return sev_fw_errlist[code];
193 }
194 
195 static bool
196 sev_check_state(const SevGuestState *sev, SevState state)
197 {
198     assert(sev);
199     return sev->state == state ? true : false;
200 }
201 
202 static void
203 sev_set_guest_state(SevGuestState *sev, SevState new_state)
204 {
205     assert(new_state < SEV_STATE__MAX);
206     assert(sev);
207 
208     trace_kvm_sev_change_state(SevState_str(sev->state),
209                                SevState_str(new_state));
210     sev->state = new_state;
211 }
212 
213 static void
214 sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size,
215                     size_t max_size)
216 {
217     int r;
218     struct kvm_enc_region range;
219     ram_addr_t offset;
220     MemoryRegion *mr;
221 
222     /*
223      * The RAM device presents a memory region that should be treated
224      * as IO region and should not be pinned.
225      */
226     mr = memory_region_from_host(host, &offset);
227     if (mr && memory_region_is_ram_device(mr)) {
228         return;
229     }
230 
231     range.addr = (__u64)(unsigned long)host;
232     range.size = max_size;
233 
234     trace_kvm_memcrypt_register_region(host, max_size);
235     r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_REG_REGION, &range);
236     if (r) {
237         error_report("%s: failed to register region (%p+%#zx) error '%s'",
238                      __func__, host, max_size, strerror(errno));
239         exit(1);
240     }
241 }
242 
243 static void
244 sev_ram_block_removed(RAMBlockNotifier *n, void *host, size_t size,
245                       size_t max_size)
246 {
247     int r;
248     struct kvm_enc_region range;
249     ram_addr_t offset;
250     MemoryRegion *mr;
251 
252     /*
253      * The RAM device presents a memory region that should be treated
254      * as IO region and should not have been pinned.
255      */
256     mr = memory_region_from_host(host, &offset);
257     if (mr && memory_region_is_ram_device(mr)) {
258         return;
259     }
260 
261     range.addr = (__u64)(unsigned long)host;
262     range.size = max_size;
263 
264     trace_kvm_memcrypt_unregister_region(host, max_size);
265     r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_UNREG_REGION, &range);
266     if (r) {
267         error_report("%s: failed to unregister region (%p+%#zx)",
268                      __func__, host, max_size);
269     }
270 }
271 
272 static struct RAMBlockNotifier sev_ram_notifier = {
273     .ram_block_added = sev_ram_block_added,
274     .ram_block_removed = sev_ram_block_removed,
275 };
276 
277 static void
278 sev_guest_finalize(Object *obj)
279 {
280 }
281 
282 static char *
283 sev_guest_get_session_file(Object *obj, Error **errp)
284 {
285     SevGuestState *s = SEV_GUEST(obj);
286 
287     return s->session_file ? g_strdup(s->session_file) : NULL;
288 }
289 
290 static void
291 sev_guest_set_session_file(Object *obj, const char *value, Error **errp)
292 {
293     SevGuestState *s = SEV_GUEST(obj);
294 
295     s->session_file = g_strdup(value);
296 }
297 
298 static char *
299 sev_guest_get_dh_cert_file(Object *obj, Error **errp)
300 {
301     SevGuestState *s = SEV_GUEST(obj);
302 
303     return g_strdup(s->dh_cert_file);
304 }
305 
306 static void
307 sev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp)
308 {
309     SevGuestState *s = SEV_GUEST(obj);
310 
311     s->dh_cert_file = g_strdup(value);
312 }
313 
314 static char *
315 sev_guest_get_sev_device(Object *obj, Error **errp)
316 {
317     SevGuestState *sev = SEV_GUEST(obj);
318 
319     return g_strdup(sev->sev_device);
320 }
321 
322 static void
323 sev_guest_set_sev_device(Object *obj, const char *value, Error **errp)
324 {
325     SevGuestState *sev = SEV_GUEST(obj);
326 
327     sev->sev_device = g_strdup(value);
328 }
329 
330 static void
331 sev_guest_class_init(ObjectClass *oc, void *data)
332 {
333     object_class_property_add_str(oc, "sev-device",
334                                   sev_guest_get_sev_device,
335                                   sev_guest_set_sev_device);
336     object_class_property_set_description(oc, "sev-device",
337             "SEV device to use");
338     object_class_property_add_str(oc, "dh-cert-file",
339                                   sev_guest_get_dh_cert_file,
340                                   sev_guest_set_dh_cert_file);
341     object_class_property_set_description(oc, "dh-cert-file",
342             "guest owners DH certificate (encoded with base64)");
343     object_class_property_add_str(oc, "session-file",
344                                   sev_guest_get_session_file,
345                                   sev_guest_set_session_file);
346     object_class_property_set_description(oc, "session-file",
347             "guest owners session parameters (encoded with base64)");
348 }
349 
350 static void
351 sev_guest_instance_init(Object *obj)
352 {
353     SevGuestState *sev = SEV_GUEST(obj);
354 
355     sev->sev_device = g_strdup(DEFAULT_SEV_DEVICE);
356     sev->policy = DEFAULT_GUEST_POLICY;
357     object_property_add_uint32_ptr(obj, "policy", &sev->policy,
358                                    OBJ_PROP_FLAG_READWRITE);
359     object_property_add_uint32_ptr(obj, "handle", &sev->handle,
360                                    OBJ_PROP_FLAG_READWRITE);
361     object_property_add_uint32_ptr(obj, "cbitpos", &sev->cbitpos,
362                                    OBJ_PROP_FLAG_READWRITE);
363     object_property_add_uint32_ptr(obj, "reduced-phys-bits",
364                                    &sev->reduced_phys_bits,
365                                    OBJ_PROP_FLAG_READWRITE);
366 }
367 
368 /* sev guest info */
369 static const TypeInfo sev_guest_info = {
370     .parent = TYPE_CONFIDENTIAL_GUEST_SUPPORT,
371     .name = TYPE_SEV_GUEST,
372     .instance_size = sizeof(SevGuestState),
373     .instance_finalize = sev_guest_finalize,
374     .class_init = sev_guest_class_init,
375     .instance_init = sev_guest_instance_init,
376     .interfaces = (InterfaceInfo[]) {
377         { TYPE_USER_CREATABLE },
378         { }
379     }
380 };
381 
382 bool
383 sev_enabled(void)
384 {
385     return !!sev_guest;
386 }
387 
388 bool
389 sev_es_enabled(void)
390 {
391     return sev_enabled() && (sev_guest->policy & SEV_POLICY_ES);
392 }
393 
394 uint32_t
395 sev_get_cbit_position(void)
396 {
397     return sev_guest ? sev_guest->cbitpos : 0;
398 }
399 
400 uint32_t
401 sev_get_reduced_phys_bits(void)
402 {
403     return sev_guest ? sev_guest->reduced_phys_bits : 0;
404 }
405 
406 static SevInfo *sev_get_info(void)
407 {
408     SevInfo *info;
409 
410     info = g_new0(SevInfo, 1);
411     info->enabled = sev_enabled();
412 
413     if (info->enabled) {
414         info->api_major = sev_guest->api_major;
415         info->api_minor = sev_guest->api_minor;
416         info->build_id = sev_guest->build_id;
417         info->policy = sev_guest->policy;
418         info->state = sev_guest->state;
419         info->handle = sev_guest->handle;
420     }
421 
422     return info;
423 }
424 
425 SevInfo *qmp_query_sev(Error **errp)
426 {
427     SevInfo *info;
428 
429     info = sev_get_info();
430     if (!info) {
431         error_setg(errp, "SEV feature is not available");
432         return NULL;
433     }
434 
435     return info;
436 }
437 
438 void hmp_info_sev(Monitor *mon, const QDict *qdict)
439 {
440     SevInfo *info = sev_get_info();
441 
442     if (info && info->enabled) {
443         monitor_printf(mon, "handle: %d\n", info->handle);
444         monitor_printf(mon, "state: %s\n", SevState_str(info->state));
445         monitor_printf(mon, "build: %d\n", info->build_id);
446         monitor_printf(mon, "api version: %d.%d\n",
447                        info->api_major, info->api_minor);
448         monitor_printf(mon, "debug: %s\n",
449                        info->policy & SEV_POLICY_NODBG ? "off" : "on");
450         monitor_printf(mon, "key-sharing: %s\n",
451                        info->policy & SEV_POLICY_NOKS ? "off" : "on");
452     } else {
453         monitor_printf(mon, "SEV is not enabled\n");
454     }
455 
456     qapi_free_SevInfo(info);
457 }
458 
459 static int
460 sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len, guchar **cert_chain,
461                  size_t *cert_chain_len, Error **errp)
462 {
463     guchar *pdh_data = NULL;
464     guchar *cert_chain_data = NULL;
465     struct sev_user_data_pdh_cert_export export = {};
466     int err, r;
467 
468     /* query the certificate length */
469     r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err);
470     if (r < 0) {
471         if (err != SEV_RET_INVALID_LEN) {
472             error_setg(errp, "SEV: Failed to export PDH cert"
473                              " ret=%d fw_err=%d (%s)",
474                        r, err, fw_error_to_str(err));
475             return 1;
476         }
477     }
478 
479     pdh_data = g_new(guchar, export.pdh_cert_len);
480     cert_chain_data = g_new(guchar, export.cert_chain_len);
481     export.pdh_cert_address = (unsigned long)pdh_data;
482     export.cert_chain_address = (unsigned long)cert_chain_data;
483 
484     r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, &export, &err);
485     if (r < 0) {
486         error_setg(errp, "SEV: Failed to export PDH cert ret=%d fw_err=%d (%s)",
487                    r, err, fw_error_to_str(err));
488         goto e_free;
489     }
490 
491     *pdh = pdh_data;
492     *pdh_len = export.pdh_cert_len;
493     *cert_chain = cert_chain_data;
494     *cert_chain_len = export.cert_chain_len;
495     return 0;
496 
497 e_free:
498     g_free(pdh_data);
499     g_free(cert_chain_data);
500     return 1;
501 }
502 
503 static SevCapability *sev_get_capabilities(Error **errp)
504 {
505     SevCapability *cap = NULL;
506     guchar *pdh_data = NULL;
507     guchar *cert_chain_data = NULL;
508     size_t pdh_len = 0, cert_chain_len = 0;
509     uint32_t ebx;
510     int fd;
511 
512     if (!kvm_enabled()) {
513         error_setg(errp, "KVM not enabled");
514         return NULL;
515     }
516     if (kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, NULL) < 0) {
517         error_setg(errp, "SEV is not enabled in KVM");
518         return NULL;
519     }
520 
521     fd = open(DEFAULT_SEV_DEVICE, O_RDWR);
522     if (fd < 0) {
523         error_setg_errno(errp, errno, "SEV: Failed to open %s",
524                          DEFAULT_SEV_DEVICE);
525         return NULL;
526     }
527 
528     if (sev_get_pdh_info(fd, &pdh_data, &pdh_len,
529                          &cert_chain_data, &cert_chain_len, errp)) {
530         goto out;
531     }
532 
533     cap = g_new0(SevCapability, 1);
534     cap->pdh = g_base64_encode(pdh_data, pdh_len);
535     cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len);
536 
537     host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
538     cap->cbitpos = ebx & 0x3f;
539 
540     /*
541      * When SEV feature is enabled, we loose one bit in guest physical
542      * addressing.
543      */
544     cap->reduced_phys_bits = 1;
545 
546 out:
547     g_free(pdh_data);
548     g_free(cert_chain_data);
549     close(fd);
550     return cap;
551 }
552 
553 SevCapability *qmp_query_sev_capabilities(Error **errp)
554 {
555     return sev_get_capabilities(errp);
556 }
557 
558 static SevAttestationReport *sev_get_attestation_report(const char *mnonce,
559                                                         Error **errp)
560 {
561     struct kvm_sev_attestation_report input = {};
562     SevAttestationReport *report = NULL;
563     SevGuestState *sev = sev_guest;
564     g_autofree guchar *data = NULL;
565     g_autofree guchar *buf = NULL;
566     gsize len;
567     int err = 0, ret;
568 
569     if (!sev_enabled()) {
570         error_setg(errp, "SEV is not enabled");
571         return NULL;
572     }
573 
574     /* lets decode the mnonce string */
575     buf = g_base64_decode(mnonce, &len);
576     if (!buf) {
577         error_setg(errp, "SEV: failed to decode mnonce input");
578         return NULL;
579     }
580 
581     /* verify the input mnonce length */
582     if (len != sizeof(input.mnonce)) {
583         error_setg(errp, "SEV: mnonce must be %zu bytes (got %" G_GSIZE_FORMAT ")",
584                 sizeof(input.mnonce), len);
585         return NULL;
586     }
587 
588     /* Query the report length */
589     ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT,
590             &input, &err);
591     if (ret < 0) {
592         if (err != SEV_RET_INVALID_LEN) {
593             error_setg(errp, "SEV: Failed to query the attestation report"
594                              " length ret=%d fw_err=%d (%s)",
595                        ret, err, fw_error_to_str(err));
596             return NULL;
597         }
598     }
599 
600     data = g_malloc(input.len);
601     input.uaddr = (unsigned long)data;
602     memcpy(input.mnonce, buf, sizeof(input.mnonce));
603 
604     /* Query the report */
605     ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT,
606             &input, &err);
607     if (ret) {
608         error_setg_errno(errp, errno, "SEV: Failed to get attestation report"
609                 " ret=%d fw_err=%d (%s)", ret, err, fw_error_to_str(err));
610         return NULL;
611     }
612 
613     report = g_new0(SevAttestationReport, 1);
614     report->data = g_base64_encode(data, input.len);
615 
616     trace_kvm_sev_attestation_report(mnonce, report->data);
617 
618     return report;
619 }
620 
621 SevAttestationReport *qmp_query_sev_attestation_report(const char *mnonce,
622                                                        Error **errp)
623 {
624     return sev_get_attestation_report(mnonce, errp);
625 }
626 
627 static int
628 sev_read_file_base64(const char *filename, guchar **data, gsize *len)
629 {
630     gsize sz;
631     g_autofree gchar *base64 = NULL;
632     GError *error = NULL;
633 
634     if (!g_file_get_contents(filename, &base64, &sz, &error)) {
635         error_report("SEV: Failed to read '%s' (%s)", filename, error->message);
636         g_error_free(error);
637         return -1;
638     }
639 
640     *data = g_base64_decode(base64, len);
641     return 0;
642 }
643 
644 static int
645 sev_launch_start(SevGuestState *sev)
646 {
647     gsize sz;
648     int ret = 1;
649     int fw_error, rc;
650     struct kvm_sev_launch_start start = {
651         .handle = sev->handle, .policy = sev->policy
652     };
653     guchar *session = NULL, *dh_cert = NULL;
654 
655     if (sev->session_file) {
656         if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) {
657             goto out;
658         }
659         start.session_uaddr = (unsigned long)session;
660         start.session_len = sz;
661     }
662 
663     if (sev->dh_cert_file) {
664         if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) {
665             goto out;
666         }
667         start.dh_uaddr = (unsigned long)dh_cert;
668         start.dh_len = sz;
669     }
670 
671     trace_kvm_sev_launch_start(start.policy, session, dh_cert);
672     rc = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_START, &start, &fw_error);
673     if (rc < 0) {
674         error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'",
675                 __func__, ret, fw_error, fw_error_to_str(fw_error));
676         goto out;
677     }
678 
679     sev_set_guest_state(sev, SEV_STATE_LAUNCH_UPDATE);
680     sev->handle = start.handle;
681     ret = 0;
682 
683 out:
684     g_free(session);
685     g_free(dh_cert);
686     return ret;
687 }
688 
689 static int
690 sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len)
691 {
692     int ret, fw_error;
693     struct kvm_sev_launch_update_data update;
694 
695     if (!addr || !len) {
696         return 1;
697     }
698 
699     update.uaddr = (__u64)(unsigned long)addr;
700     update.len = len;
701     trace_kvm_sev_launch_update_data(addr, len);
702     ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA,
703                     &update, &fw_error);
704     if (ret) {
705         error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'",
706                 __func__, ret, fw_error, fw_error_to_str(fw_error));
707     }
708 
709     return ret;
710 }
711 
712 static int
713 sev_launch_update_vmsa(SevGuestState *sev)
714 {
715     int ret, fw_error;
716 
717     ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL, &fw_error);
718     if (ret) {
719         error_report("%s: LAUNCH_UPDATE_VMSA ret=%d fw_error=%d '%s'",
720                 __func__, ret, fw_error, fw_error_to_str(fw_error));
721     }
722 
723     return ret;
724 }
725 
726 static void
727 sev_launch_get_measure(Notifier *notifier, void *unused)
728 {
729     SevGuestState *sev = sev_guest;
730     int ret, error;
731     g_autofree guchar *data = NULL;
732     struct kvm_sev_launch_measure measurement = {};
733 
734     if (!sev_check_state(sev, SEV_STATE_LAUNCH_UPDATE)) {
735         return;
736     }
737 
738     if (sev_es_enabled()) {
739         /* measure all the VM save areas before getting launch_measure */
740         ret = sev_launch_update_vmsa(sev);
741         if (ret) {
742             exit(1);
743         }
744     }
745 
746     /* query the measurement blob length */
747     ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE,
748                     &measurement, &error);
749     if (!measurement.len) {
750         error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'",
751                      __func__, ret, error, fw_error_to_str(errno));
752         return;
753     }
754 
755     data = g_new0(guchar, measurement.len);
756     measurement.uaddr = (unsigned long)data;
757 
758     /* get the measurement blob */
759     ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE,
760                     &measurement, &error);
761     if (ret) {
762         error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'",
763                      __func__, ret, error, fw_error_to_str(errno));
764         return;
765     }
766 
767     sev_set_guest_state(sev, SEV_STATE_LAUNCH_SECRET);
768 
769     /* encode the measurement value and emit the event */
770     sev->measurement = g_base64_encode(data, measurement.len);
771     trace_kvm_sev_launch_measurement(sev->measurement);
772 }
773 
774 static char *sev_get_launch_measurement(void)
775 {
776     if (sev_guest &&
777         sev_guest->state >= SEV_STATE_LAUNCH_SECRET) {
778         return g_strdup(sev_guest->measurement);
779     }
780 
781     return NULL;
782 }
783 
784 SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Error **errp)
785 {
786     char *data;
787     SevLaunchMeasureInfo *info;
788 
789     data = sev_get_launch_measurement();
790     if (!data) {
791         error_setg(errp, "SEV launch measurement is not available");
792         return NULL;
793     }
794 
795     info = g_malloc0(sizeof(*info));
796     info->data = data;
797 
798     return info;
799 }
800 
801 static Notifier sev_machine_done_notify = {
802     .notify = sev_launch_get_measure,
803 };
804 
805 static void
806 sev_launch_finish(SevGuestState *sev)
807 {
808     int ret, error;
809 
810     trace_kvm_sev_launch_finish();
811     ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, &error);
812     if (ret) {
813         error_report("%s: LAUNCH_FINISH ret=%d fw_error=%d '%s'",
814                      __func__, ret, error, fw_error_to_str(error));
815         exit(1);
816     }
817 
818     sev_set_guest_state(sev, SEV_STATE_RUNNING);
819 
820     /* add migration blocker */
821     error_setg(&sev_mig_blocker,
822                "SEV: Migration is not implemented");
823     migrate_add_blocker(sev_mig_blocker, &error_fatal);
824 }
825 
826 static void
827 sev_vm_state_change(void *opaque, bool running, RunState state)
828 {
829     SevGuestState *sev = opaque;
830 
831     if (running) {
832         if (!sev_check_state(sev, SEV_STATE_RUNNING)) {
833             sev_launch_finish(sev);
834         }
835     }
836 }
837 
838 int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
839 {
840     SevGuestState *sev
841         = (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUEST);
842     char *devname;
843     int ret, fw_error, cmd;
844     uint32_t ebx;
845     uint32_t host_cbitpos;
846     struct sev_user_data_status status = {};
847 
848     if (!sev) {
849         return 0;
850     }
851 
852     ret = ram_block_discard_disable(true);
853     if (ret) {
854         error_report("%s: cannot disable RAM discard", __func__);
855         return -1;
856     }
857 
858     sev_guest = sev;
859     sev->state = SEV_STATE_UNINIT;
860 
861     host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
862     host_cbitpos = ebx & 0x3f;
863 
864     if (host_cbitpos != sev->cbitpos) {
865         error_setg(errp, "%s: cbitpos check failed, host '%d' requested '%d'",
866                    __func__, host_cbitpos, sev->cbitpos);
867         goto err;
868     }
869 
870     if (sev->reduced_phys_bits < 1) {
871         error_setg(errp, "%s: reduced_phys_bits check failed, it should be >=1,"
872                    " requested '%d'", __func__, sev->reduced_phys_bits);
873         goto err;
874     }
875 
876     devname = object_property_get_str(OBJECT(sev), "sev-device", NULL);
877     sev->sev_fd = open(devname, O_RDWR);
878     if (sev->sev_fd < 0) {
879         error_setg(errp, "%s: Failed to open %s '%s'", __func__,
880                    devname, strerror(errno));
881         g_free(devname);
882         goto err;
883     }
884     g_free(devname);
885 
886     ret = sev_platform_ioctl(sev->sev_fd, SEV_PLATFORM_STATUS, &status,
887                              &fw_error);
888     if (ret) {
889         error_setg(errp, "%s: failed to get platform status ret=%d "
890                    "fw_error='%d: %s'", __func__, ret, fw_error,
891                    fw_error_to_str(fw_error));
892         goto err;
893     }
894     sev->build_id = status.build;
895     sev->api_major = status.api_major;
896     sev->api_minor = status.api_minor;
897 
898     if (sev_es_enabled()) {
899         if (!kvm_kernel_irqchip_allowed()) {
900             error_report("%s: SEV-ES guests require in-kernel irqchip support",
901                          __func__);
902             goto err;
903         }
904 
905         if (!(status.flags & SEV_STATUS_FLAGS_CONFIG_ES)) {
906             error_report("%s: guest policy requires SEV-ES, but "
907                          "host SEV-ES support unavailable",
908                          __func__);
909             goto err;
910         }
911         cmd = KVM_SEV_ES_INIT;
912     } else {
913         cmd = KVM_SEV_INIT;
914     }
915 
916     trace_kvm_sev_init();
917     ret = sev_ioctl(sev->sev_fd, cmd, NULL, &fw_error);
918     if (ret) {
919         error_setg(errp, "%s: failed to initialize ret=%d fw_error=%d '%s'",
920                    __func__, ret, fw_error, fw_error_to_str(fw_error));
921         goto err;
922     }
923 
924     ret = sev_launch_start(sev);
925     if (ret) {
926         error_setg(errp, "%s: failed to create encryption context", __func__);
927         goto err;
928     }
929 
930     ram_block_notifier_add(&sev_ram_notifier);
931     qemu_add_machine_init_done_notifier(&sev_machine_done_notify);
932     qemu_add_vm_change_state_handler(sev_vm_state_change, sev);
933 
934     cgs->ready = true;
935 
936     return 0;
937 err:
938     sev_guest = NULL;
939     ram_block_discard_disable(false);
940     return -1;
941 }
942 
943 int
944 sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp)
945 {
946     if (!sev_guest) {
947         return 0;
948     }
949 
950     /* if SEV is in update state then encrypt the data else do nothing */
951     if (sev_check_state(sev_guest, SEV_STATE_LAUNCH_UPDATE)) {
952         int ret = sev_launch_update_data(sev_guest, ptr, len);
953         if (ret < 0) {
954             error_setg(errp, "SEV: Failed to encrypt pflash rom");
955             return ret;
956         }
957     }
958 
959     return 0;
960 }
961 
962 int sev_inject_launch_secret(const char *packet_hdr, const char *secret,
963                              uint64_t gpa, Error **errp)
964 {
965     struct kvm_sev_launch_secret input;
966     g_autofree guchar *data = NULL, *hdr = NULL;
967     int error, ret = 1;
968     void *hva;
969     gsize hdr_sz = 0, data_sz = 0;
970     MemoryRegion *mr = NULL;
971 
972     if (!sev_guest) {
973         error_setg(errp, "SEV not enabled for guest");
974         return 1;
975     }
976 
977     /* secret can be injected only in this state */
978     if (!sev_check_state(sev_guest, SEV_STATE_LAUNCH_SECRET)) {
979         error_setg(errp, "SEV: Not in correct state. (LSECRET) %x",
980                      sev_guest->state);
981         return 1;
982     }
983 
984     hdr = g_base64_decode(packet_hdr, &hdr_sz);
985     if (!hdr || !hdr_sz) {
986         error_setg(errp, "SEV: Failed to decode sequence header");
987         return 1;
988     }
989 
990     data = g_base64_decode(secret, &data_sz);
991     if (!data || !data_sz) {
992         error_setg(errp, "SEV: Failed to decode data");
993         return 1;
994     }
995 
996     hva = gpa2hva(&mr, gpa, data_sz, errp);
997     if (!hva) {
998         error_prepend(errp, "SEV: Failed to calculate guest address: ");
999         return 1;
1000     }
1001 
1002     input.hdr_uaddr = (uint64_t)(unsigned long)hdr;
1003     input.hdr_len = hdr_sz;
1004 
1005     input.trans_uaddr = (uint64_t)(unsigned long)data;
1006     input.trans_len = data_sz;
1007 
1008     input.guest_uaddr = (uint64_t)(unsigned long)hva;
1009     input.guest_len = data_sz;
1010 
1011     trace_kvm_sev_launch_secret(gpa, input.guest_uaddr,
1012                                 input.trans_uaddr, input.trans_len);
1013 
1014     ret = sev_ioctl(sev_guest->sev_fd, KVM_SEV_LAUNCH_SECRET,
1015                     &input, &error);
1016     if (ret) {
1017         error_setg(errp, "SEV: failed to inject secret ret=%d fw_error=%d '%s'",
1018                      ret, error, fw_error_to_str(error));
1019         return ret;
1020     }
1021 
1022     return 0;
1023 }
1024 
1025 #define SEV_SECRET_GUID "4c2eb361-7d9b-4cc3-8081-127c90d3d294"
1026 struct sev_secret_area {
1027     uint32_t base;
1028     uint32_t size;
1029 };
1030 
1031 void qmp_sev_inject_launch_secret(const char *packet_hdr,
1032                                   const char *secret,
1033                                   bool has_gpa, uint64_t gpa,
1034                                   Error **errp)
1035 {
1036     if (!sev_enabled()) {
1037         error_setg(errp, "SEV not enabled for guest");
1038         return;
1039     }
1040     if (!has_gpa) {
1041         uint8_t *data;
1042         struct sev_secret_area *area;
1043 
1044         if (!pc_system_ovmf_table_find(SEV_SECRET_GUID, &data, NULL)) {
1045             error_setg(errp, "SEV: no secret area found in OVMF,"
1046                        " gpa must be specified.");
1047             return;
1048         }
1049         area = (struct sev_secret_area *)data;
1050         gpa = area->base;
1051     }
1052 
1053     sev_inject_launch_secret(packet_hdr, secret, gpa, errp);
1054 }
1055 
1056 static int
1057 sev_es_parse_reset_block(SevInfoBlock *info, uint32_t *addr)
1058 {
1059     if (!info->reset_addr) {
1060         error_report("SEV-ES reset address is zero");
1061         return 1;
1062     }
1063 
1064     *addr = info->reset_addr;
1065 
1066     return 0;
1067 }
1068 
1069 static int
1070 sev_es_find_reset_vector(void *flash_ptr, uint64_t flash_size,
1071                          uint32_t *addr)
1072 {
1073     QemuUUID info_guid, *guid;
1074     SevInfoBlock *info;
1075     uint8_t *data;
1076     uint16_t *len;
1077 
1078     /*
1079      * Initialize the address to zero. An address of zero with a successful
1080      * return code indicates that SEV-ES is not active.
1081      */
1082     *addr = 0;
1083 
1084     /*
1085      * Extract the AP reset vector for SEV-ES guests by locating the SEV GUID.
1086      * The SEV GUID is located on its own (original implementation) or within
1087      * the Firmware GUID Table (new implementation), either of which are
1088      * located 32 bytes from the end of the flash.
1089      *
1090      * Check the Firmware GUID Table first.
1091      */
1092     if (pc_system_ovmf_table_find(SEV_INFO_BLOCK_GUID, &data, NULL)) {
1093         return sev_es_parse_reset_block((SevInfoBlock *)data, addr);
1094     }
1095 
1096     /*
1097      * SEV info block not found in the Firmware GUID Table (or there isn't
1098      * a Firmware GUID Table), fall back to the original implementation.
1099      */
1100     data = flash_ptr + flash_size - 0x20;
1101 
1102     qemu_uuid_parse(SEV_INFO_BLOCK_GUID, &info_guid);
1103     info_guid = qemu_uuid_bswap(info_guid); /* GUIDs are LE */
1104 
1105     guid = (QemuUUID *)(data - sizeof(info_guid));
1106     if (!qemu_uuid_is_equal(guid, &info_guid)) {
1107         error_report("SEV information block/Firmware GUID Table block not found in pflash rom");
1108         return 1;
1109     }
1110 
1111     len = (uint16_t *)((uint8_t *)guid - sizeof(*len));
1112     info = (SevInfoBlock *)(data - le16_to_cpu(*len));
1113 
1114     return sev_es_parse_reset_block(info, addr);
1115 }
1116 
1117 void sev_es_set_reset_vector(CPUState *cpu)
1118 {
1119     X86CPU *x86;
1120     CPUX86State *env;
1121 
1122     /* Only update if we have valid reset information */
1123     if (!sev_guest || !sev_guest->reset_data_valid) {
1124         return;
1125     }
1126 
1127     /* Do not update the BSP reset state */
1128     if (cpu->cpu_index == 0) {
1129         return;
1130     }
1131 
1132     x86 = X86_CPU(cpu);
1133     env = &x86->env;
1134 
1135     cpu_x86_load_seg_cache(env, R_CS, 0xf000, sev_guest->reset_cs, 0xffff,
1136                            DESC_P_MASK | DESC_S_MASK | DESC_CS_MASK |
1137                            DESC_R_MASK | DESC_A_MASK);
1138 
1139     env->eip = sev_guest->reset_ip;
1140 }
1141 
1142 int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size)
1143 {
1144     CPUState *cpu;
1145     uint32_t addr;
1146     int ret;
1147 
1148     if (!sev_es_enabled()) {
1149         return 0;
1150     }
1151 
1152     addr = 0;
1153     ret = sev_es_find_reset_vector(flash_ptr, flash_size,
1154                                    &addr);
1155     if (ret) {
1156         return ret;
1157     }
1158 
1159     if (addr) {
1160         sev_guest->reset_cs = addr & 0xffff0000;
1161         sev_guest->reset_ip = addr & 0x0000ffff;
1162         sev_guest->reset_data_valid = true;
1163 
1164         CPU_FOREACH(cpu) {
1165             sev_es_set_reset_vector(cpu);
1166         }
1167     }
1168 
1169     return 0;
1170 }
1171 
1172 static const QemuUUID sev_hash_table_header_guid = {
1173     .data = UUID_LE(0x9438d606, 0x4f22, 0x4cc9, 0xb4, 0x79, 0xa7, 0x93,
1174                     0xd4, 0x11, 0xfd, 0x21)
1175 };
1176 
1177 static const QemuUUID sev_kernel_entry_guid = {
1178     .data = UUID_LE(0x4de79437, 0xabd2, 0x427f, 0xb8, 0x35, 0xd5, 0xb1,
1179                     0x72, 0xd2, 0x04, 0x5b)
1180 };
1181 static const QemuUUID sev_initrd_entry_guid = {
1182     .data = UUID_LE(0x44baf731, 0x3a2f, 0x4bd7, 0x9a, 0xf1, 0x41, 0xe2,
1183                     0x91, 0x69, 0x78, 0x1d)
1184 };
1185 static const QemuUUID sev_cmdline_entry_guid = {
1186     .data = UUID_LE(0x97d02dd8, 0xbd20, 0x4c94, 0xaa, 0x78, 0xe7, 0x71,
1187                     0x4d, 0x36, 0xab, 0x2a)
1188 };
1189 
1190 /*
1191  * Add the hashes of the linux kernel/initrd/cmdline to an encrypted guest page
1192  * which is included in SEV's initial memory measurement.
1193  */
1194 bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
1195 {
1196     uint8_t *data;
1197     SevHashTableDescriptor *area;
1198     SevHashTable *ht;
1199     uint8_t cmdline_hash[HASH_SIZE];
1200     uint8_t initrd_hash[HASH_SIZE];
1201     uint8_t kernel_hash[HASH_SIZE];
1202     uint8_t *hashp;
1203     size_t hash_len = HASH_SIZE;
1204     int aligned_len;
1205 
1206     if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) {
1207         error_setg(errp, "SEV: kernel specified but OVMF has no hash table guid");
1208         return false;
1209     }
1210     area = (SevHashTableDescriptor *)data;
1211 
1212     /*
1213      * Calculate hash of kernel command-line with the terminating null byte. If
1214      * the user doesn't supply a command-line via -append, the 1-byte "\0" will
1215      * be used.
1216      */
1217     hashp = cmdline_hash;
1218     if (qcrypto_hash_bytes(QCRYPTO_HASH_ALG_SHA256, ctx->cmdline_data,
1219                            ctx->cmdline_size, &hashp, &hash_len, errp) < 0) {
1220         return false;
1221     }
1222     assert(hash_len == HASH_SIZE);
1223 
1224     /*
1225      * Calculate hash of initrd. If the user doesn't supply an initrd via
1226      * -initrd, an empty buffer will be used (ctx->initrd_size == 0).
1227      */
1228     hashp = initrd_hash;
1229     if (qcrypto_hash_bytes(QCRYPTO_HASH_ALG_SHA256, ctx->initrd_data,
1230                            ctx->initrd_size, &hashp, &hash_len, errp) < 0) {
1231         return false;
1232     }
1233     assert(hash_len == HASH_SIZE);
1234 
1235     /* Calculate hash of the kernel */
1236     hashp = kernel_hash;
1237     struct iovec iov[2] = {
1238         { .iov_base = ctx->setup_data, .iov_len = ctx->setup_size },
1239         { .iov_base = ctx->kernel_data, .iov_len = ctx->kernel_size }
1240     };
1241     if (qcrypto_hash_bytesv(QCRYPTO_HASH_ALG_SHA256, iov, ARRAY_SIZE(iov),
1242                             &hashp, &hash_len, errp) < 0) {
1243         return false;
1244     }
1245     assert(hash_len == HASH_SIZE);
1246 
1247     /*
1248      * Populate the hashes table in the guest's memory at the OVMF-designated
1249      * area for the SEV hashes table
1250      */
1251     ht = qemu_map_ram_ptr(NULL, area->base);
1252 
1253     ht->guid = sev_hash_table_header_guid;
1254     ht->len = sizeof(*ht);
1255 
1256     ht->cmdline.guid = sev_cmdline_entry_guid;
1257     ht->cmdline.len = sizeof(ht->cmdline);
1258     memcpy(ht->cmdline.hash, cmdline_hash, sizeof(ht->cmdline.hash));
1259 
1260     ht->initrd.guid = sev_initrd_entry_guid;
1261     ht->initrd.len = sizeof(ht->initrd);
1262     memcpy(ht->initrd.hash, initrd_hash, sizeof(ht->initrd.hash));
1263 
1264     ht->kernel.guid = sev_kernel_entry_guid;
1265     ht->kernel.len = sizeof(ht->kernel);
1266     memcpy(ht->kernel.hash, kernel_hash, sizeof(ht->kernel.hash));
1267 
1268     /* When calling sev_encrypt_flash, the length has to be 16 byte aligned */
1269     aligned_len = ROUND_UP(ht->len, 16);
1270     if (aligned_len != ht->len) {
1271         /* zero the excess data so the measurement can be reliably calculated */
1272         memset(ht->padding, 0, aligned_len - ht->len);
1273     }
1274 
1275     if (sev_encrypt_flash((uint8_t *)ht, aligned_len, errp) < 0) {
1276         return false;
1277     }
1278 
1279     return true;
1280 }
1281 
1282 static void
1283 sev_register_types(void)
1284 {
1285     type_register_static(&sev_guest_info);
1286 }
1287 
1288 type_init(sev_register_types);
1289