From: "Alex Bennée" <alex.bennee@linaro.org> To: qemu-devel@nongnu.org, maxim.uvarov@linaro.org, joakim.bech@linaro.org, ilias.apalodimas@linaro.org, tomas.winkler@intel.com, yang.huang@intel.com, bing.zhu@intel.com, Matti.Moell@opensynergy.com, hmo@opensynergy.com Cc: jean-philippe@linaro.org, takahiro.akashi@linaro.org, virtualization@lists.linuxfoundation.org, "Alex Bennée" <alex.bennee@linaro.org>, arnd@linaro.org, stratos-dev@op-lists.linaro.org Subject: [RFC PATCH 00/19] vhost-user-rpmb (Replay Protected Memory Block) Date: Fri, 25 Sep 2020 13:51:28 +0100 [thread overview] Message-ID: <20200925125147.26943-1-alex.bennee@linaro.org> (raw) Hi, This is an initial implementation of a vhost-user backend for the VirtIO RPMB device. The device is currently in the draft of the next VirtIO specification and describes block device which uses combination of a key, nonce, hashing and a persistent write counter to prevent replay attacks (hence Replay Protected Memory Block). It is implemented as a vhost-user device because we want to experiment in making portable backends that can be used with multiple hypervisors. We also want to support backends isolated in their own separate service VMs with limited memory cross-sections with the principle guest. This is part of a wider initiative called project Stratos for which you can find information here: https://collaborate.linaro.org/display/STR/Stratos I mention this to explain the decision to duplicate some of the utility functions (specifically iov and hmac handling) and write the daemon as a fairly pure glib application that just depends on libvhost-user. As it happens I ended up having to include libqemuutil as libvhost-user requires qemu_memfd_alloc. Whether this is an oversight for libvhost-user or it means we should split these daemons into a separate repository is a discussion I would like to have with the community. Now I have a working reference implementation I also want to explore how easy it is to write a Rust version of the backend which raises similar questions about where such a project should live. The current Linux kernel doesn't support RPMB devices in the vanilla tree so if you want to test you will need to look at my testing tree which is based on Thomas Winkler's original patches although somewhat cut down and pared back to just support the JDEC style frames of the upstream spec and the simple chardev based userspace interface. You can find my kernel testing tree here: https://git.linaro.org/people/alex.bennee/linux.git/log/?h=testing/virtio-rpmb The above branch includes a simple test script with the rpmb userspace tool which I've used to exercise the various features. I'm unsure if there will ever be a push to upstream support for RPMB to the kernel as access to these sorts of devices are usually the preserve of firmware living in the secure world. There is currently work underway to support this device in uboot and I suspect eventually there will be support for OPTEE as well. Any review comments gratefully received as well as discussion about if we should consider creating some new projects for housing these sort of vhost-user backends. Alex Bennée (19): tools/virtiofsd: add support for --socket-group hw/block: add boilerplate for vhost-user-rpmb device hw/virtio: move virtio-pci.h into shared include space hw/block: add vhost-user-rpmb-pci boilerplate virtio-pci: add notification trace points tools/vhost-user-rpmb: add boilerplate and initial main tools/vhost-user-rpmb: implement --print-capabilities tools/vhost-user-rpmb: connect to fd and instantiate basic run loop tools/vhost-user-rpmb: add a --verbose/debug flags for logging tools/vhost-user-rpmb: handle shutdown and SIGINT/SIGHUP cleanly tools/vhost-user-rpmb: add --flash-path for backing store tools/vhost-user-rpmb: import hmac_sha256 functions tools/vhost-user-rpmb: implement the PROGRAM_KEY handshake tools/vhost-user-rpmb: implement VIRTIO_RPMB_REQ_GET_WRITE_COUNTER tools/vhost-user-rpmb: implement VIRTIO_RPMB_REQ_DATA_WRITE tools/vhost-user-rpmb: implement VIRTIO_RPMB_REQ_DATA_READ tools/vhost-user-rpmb: add key persistence tools/vhost-user-rpmb: allow setting of the write_count docs: add a man page for vhost-user-rpmb docs/tools/index.rst | 1 + docs/tools/vhost-user-rpmb.rst | 102 +++ docs/tools/virtiofsd.rst | 4 + include/hw/virtio/vhost-user-rpmb.h | 46 ++ {hw => include/hw}/virtio/virtio-pci.h | 0 tools/vhost-user-rpmb/hmac_sha256.h | 87 ++ tools/virtiofsd/fuse_i.h | 1 + hw/block/vhost-user-rpmb-pci.c | 82 ++ hw/block/vhost-user-rpmb.c | 333 ++++++++ hw/virtio/vhost-scsi-pci.c | 2 +- hw/virtio/vhost-user-blk-pci.c | 2 +- hw/virtio/vhost-user-fs-pci.c | 2 +- hw/virtio/vhost-user-input-pci.c | 2 +- hw/virtio/vhost-user-scsi-pci.c | 2 +- hw/virtio/vhost-user-vsock-pci.c | 2 +- hw/virtio/vhost-vsock-pci.c | 2 +- hw/virtio/virtio-9p-pci.c | 2 +- hw/virtio/virtio-balloon-pci.c | 2 +- hw/virtio/virtio-blk-pci.c | 2 +- hw/virtio/virtio-input-host-pci.c | 2 +- hw/virtio/virtio-input-pci.c | 2 +- hw/virtio/virtio-iommu-pci.c | 2 +- hw/virtio/virtio-net-pci.c | 2 +- hw/virtio/virtio-pci.c | 5 +- hw/virtio/virtio-rng-pci.c | 2 +- hw/virtio/virtio-scsi-pci.c | 2 +- hw/virtio/virtio-serial-pci.c | 2 +- tools/vhost-user-rpmb/hmac_sha256.c | 331 ++++++++ tools/vhost-user-rpmb/main.c | 880 +++++++++++++++++++++ tools/virtiofsd/fuse_lowlevel.c | 6 + tools/virtiofsd/fuse_virtio.c | 20 +- MAINTAINERS | 5 + hw/block/Kconfig | 5 + hw/block/meson.build | 3 + hw/virtio/trace-events | 7 +- tools/meson.build | 8 + tools/vhost-user-rpmb/50-qemu-rpmb.json.in | 5 + tools/vhost-user-rpmb/meson.build | 12 + 38 files changed, 1956 insertions(+), 21 deletions(-) create mode 100644 docs/tools/vhost-user-rpmb.rst create mode 100644 include/hw/virtio/vhost-user-rpmb.h rename {hw => include/hw}/virtio/virtio-pci.h (100%) create mode 100644 tools/vhost-user-rpmb/hmac_sha256.h create mode 100644 hw/block/vhost-user-rpmb-pci.c create mode 100644 hw/block/vhost-user-rpmb.c create mode 100644 tools/vhost-user-rpmb/hmac_sha256.c create mode 100644 tools/vhost-user-rpmb/main.c create mode 100644 tools/vhost-user-rpmb/50-qemu-rpmb.json.in create mode 100644 tools/vhost-user-rpmb/meson.build -- 2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: "Alex Bennée" <alex.bennee@linaro.org> To: qemu-devel@nongnu.org, maxim.uvarov@linaro.org, joakim.bech@linaro.org, ilias.apalodimas@linaro.org, tomas.winkler@intel.com, yang.huang@intel.com, bing.zhu@intel.com, Matti.Moell@opensynergy.com, hmo@opensynergy.com Cc: jean-philippe@linaro.org, takahiro.akashi@linaro.org, virtualization@lists.linuxfoundation.org, arnd@linaro.org, stratos-dev@op-lists.linaro.org Subject: [RFC PATCH 00/19] vhost-user-rpmb (Replay Protected Memory Block) Date: Fri, 25 Sep 2020 13:51:28 +0100 [thread overview] Message-ID: <20200925125147.26943-1-alex.bennee@linaro.org> (raw) Hi, This is an initial implementation of a vhost-user backend for the VirtIO RPMB device. The device is currently in the draft of the next VirtIO specification and describes block device which uses combination of a key, nonce, hashing and a persistent write counter to prevent replay attacks (hence Replay Protected Memory Block). It is implemented as a vhost-user device because we want to experiment in making portable backends that can be used with multiple hypervisors. We also want to support backends isolated in their own separate service VMs with limited memory cross-sections with the principle guest. This is part of a wider initiative called project Stratos for which you can find information here: https://collaborate.linaro.org/display/STR/Stratos I mention this to explain the decision to duplicate some of the utility functions (specifically iov and hmac handling) and write the daemon as a fairly pure glib application that just depends on libvhost-user. As it happens I ended up having to include libqemuutil as libvhost-user requires qemu_memfd_alloc. Whether this is an oversight for libvhost-user or it means we should split these daemons into a separate repository is a discussion I would like to have with the community. Now I have a working reference implementation I also want to explore how easy it is to write a Rust version of the backend which raises similar questions about where such a project should live. The current Linux kernel doesn't support RPMB devices in the vanilla tree so if you want to test you will need to look at my testing tree which is based on Thomas Winkler's original patches although somewhat cut down and pared back to just support the JDEC style frames of the upstream spec and the simple chardev based userspace interface. You can find my kernel testing tree here: https://git.linaro.org/people/alex.bennee/linux.git/log/?h=testing/virtio-rpmb The above branch includes a simple test script with the rpmb userspace tool which I've used to exercise the various features. I'm unsure if there will ever be a push to upstream support for RPMB to the kernel as access to these sorts of devices are usually the preserve of firmware living in the secure world. There is currently work underway to support this device in uboot and I suspect eventually there will be support for OPTEE as well. Any review comments gratefully received as well as discussion about if we should consider creating some new projects for housing these sort of vhost-user backends. Alex Bennée (19): tools/virtiofsd: add support for --socket-group hw/block: add boilerplate for vhost-user-rpmb device hw/virtio: move virtio-pci.h into shared include space hw/block: add vhost-user-rpmb-pci boilerplate virtio-pci: add notification trace points tools/vhost-user-rpmb: add boilerplate and initial main tools/vhost-user-rpmb: implement --print-capabilities tools/vhost-user-rpmb: connect to fd and instantiate basic run loop tools/vhost-user-rpmb: add a --verbose/debug flags for logging tools/vhost-user-rpmb: handle shutdown and SIGINT/SIGHUP cleanly tools/vhost-user-rpmb: add --flash-path for backing store tools/vhost-user-rpmb: import hmac_sha256 functions tools/vhost-user-rpmb: implement the PROGRAM_KEY handshake tools/vhost-user-rpmb: implement VIRTIO_RPMB_REQ_GET_WRITE_COUNTER tools/vhost-user-rpmb: implement VIRTIO_RPMB_REQ_DATA_WRITE tools/vhost-user-rpmb: implement VIRTIO_RPMB_REQ_DATA_READ tools/vhost-user-rpmb: add key persistence tools/vhost-user-rpmb: allow setting of the write_count docs: add a man page for vhost-user-rpmb docs/tools/index.rst | 1 + docs/tools/vhost-user-rpmb.rst | 102 +++ docs/tools/virtiofsd.rst | 4 + include/hw/virtio/vhost-user-rpmb.h | 46 ++ {hw => include/hw}/virtio/virtio-pci.h | 0 tools/vhost-user-rpmb/hmac_sha256.h | 87 ++ tools/virtiofsd/fuse_i.h | 1 + hw/block/vhost-user-rpmb-pci.c | 82 ++ hw/block/vhost-user-rpmb.c | 333 ++++++++ hw/virtio/vhost-scsi-pci.c | 2 +- hw/virtio/vhost-user-blk-pci.c | 2 +- hw/virtio/vhost-user-fs-pci.c | 2 +- hw/virtio/vhost-user-input-pci.c | 2 +- hw/virtio/vhost-user-scsi-pci.c | 2 +- hw/virtio/vhost-user-vsock-pci.c | 2 +- hw/virtio/vhost-vsock-pci.c | 2 +- hw/virtio/virtio-9p-pci.c | 2 +- hw/virtio/virtio-balloon-pci.c | 2 +- hw/virtio/virtio-blk-pci.c | 2 +- hw/virtio/virtio-input-host-pci.c | 2 +- hw/virtio/virtio-input-pci.c | 2 +- hw/virtio/virtio-iommu-pci.c | 2 +- hw/virtio/virtio-net-pci.c | 2 +- hw/virtio/virtio-pci.c | 5 +- hw/virtio/virtio-rng-pci.c | 2 +- hw/virtio/virtio-scsi-pci.c | 2 +- hw/virtio/virtio-serial-pci.c | 2 +- tools/vhost-user-rpmb/hmac_sha256.c | 331 ++++++++ tools/vhost-user-rpmb/main.c | 880 +++++++++++++++++++++ tools/virtiofsd/fuse_lowlevel.c | 6 + tools/virtiofsd/fuse_virtio.c | 20 +- MAINTAINERS | 5 + hw/block/Kconfig | 5 + hw/block/meson.build | 3 + hw/virtio/trace-events | 7 +- tools/meson.build | 8 + tools/vhost-user-rpmb/50-qemu-rpmb.json.in | 5 + tools/vhost-user-rpmb/meson.build | 12 + 38 files changed, 1956 insertions(+), 21 deletions(-) create mode 100644 docs/tools/vhost-user-rpmb.rst create mode 100644 include/hw/virtio/vhost-user-rpmb.h rename {hw => include/hw}/virtio/virtio-pci.h (100%) create mode 100644 tools/vhost-user-rpmb/hmac_sha256.h create mode 100644 hw/block/vhost-user-rpmb-pci.c create mode 100644 hw/block/vhost-user-rpmb.c create mode 100644 tools/vhost-user-rpmb/hmac_sha256.c create mode 100644 tools/vhost-user-rpmb/main.c create mode 100644 tools/vhost-user-rpmb/50-qemu-rpmb.json.in create mode 100644 tools/vhost-user-rpmb/meson.build -- 2.20.1 _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next reply other threads:[~2020-09-25 12:53 UTC|newest] Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-09-25 12:51 Alex Bennée [this message] 2020-09-25 12:51 ` [RFC PATCH 00/19] vhost-user-rpmb (Replay Protected Memory Block) Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 01/19] tools/virtiofsd: add support for --socket-group Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-10-07 10:48 ` Dr. David Alan Gilbert 2020-10-07 10:48 ` Dr. David Alan Gilbert 2020-09-25 12:51 ` [RFC PATCH 02/19] hw/block: add boilerplate for vhost-user-rpmb device Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 03/19] hw/virtio: move virtio-pci.h into shared include space Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 04/19] hw/block: add vhost-user-rpmb-pci boilerplate Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 05/19] virtio-pci: add notification trace points Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 13:06 ` Philippe Mathieu-Daudé 2020-09-25 12:51 ` [RFC PATCH 06/19] tools/vhost-user-rpmb: add boilerplate and initial main Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 07/19] tools/vhost-user-rpmb: implement --print-capabilities Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 08/19] tools/vhost-user-rpmb: connect to fd and instantiate basic run loop Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 09/19] tools/vhost-user-rpmb: add a --verbose/debug flags for logging Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 10/19] tools/vhost-user-rpmb: handle shutdown and SIGINT/SIGHUP cleanly Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 11/19] tools/vhost-user-rpmb: add --flash-path for backing store Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 12/19] tools/vhost-user-rpmb: import hmac_sha256 functions Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 13/19] tools/vhost-user-rpmb: implement the PROGRAM_KEY handshake Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 14/19] tools/vhost-user-rpmb: implement VIRTIO_RPMB_REQ_GET_WRITE_COUNTER Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 15/19] tools/vhost-user-rpmb: implement VIRTIO_RPMB_REQ_DATA_WRITE Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-28 13:52 ` Joakim Bech 2020-09-28 14:56 ` Alex Bennée 2020-09-28 14:56 ` Alex Bennée 2020-09-28 15:18 ` Joakim Bech 2020-09-25 12:51 ` [RFC PATCH 16/19] tools/vhost-user-rpmb: implement VIRTIO_RPMB_REQ_DATA_READ Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 17/19] tools/vhost-user-rpmb: add key persistence Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 18/19] tools/vhost-user-rpmb: allow setting of the write_count Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 19/19] docs: add a man page for vhost-user-rpmb Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 14:07 ` [RFC PATCH 00/19] vhost-user-rpmb (Replay Protected Memory Block) no-reply
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200925125147.26943-1-alex.bennee@linaro.org \ --to=alex.bennee@linaro.org \ --cc=Matti.Moell@opensynergy.com \ --cc=arnd@linaro.org \ --cc=bing.zhu@intel.com \ --cc=hmo@opensynergy.com \ --cc=ilias.apalodimas@linaro.org \ --cc=jean-philippe@linaro.org \ --cc=joakim.bech@linaro.org \ --cc=maxim.uvarov@linaro.org \ --cc=qemu-devel@nongnu.org \ --cc=stratos-dev@op-lists.linaro.org \ --cc=takahiro.akashi@linaro.org \ --cc=tomas.winkler@intel.com \ --cc=virtualization@lists.linuxfoundation.org \ --cc=yang.huang@intel.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.