From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54541) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bjpW2-0003Ig-FO for qemu-devel@nongnu.org; Tue, 13 Sep 2016 11:20:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bjpVx-0007eJ-N5 for qemu-devel@nongnu.org; Tue, 13 Sep 2016 11:20:54 -0400 Received: from mail-bn3nam01on0044.outbound.protection.outlook.com ([104.47.33.44]:24096 helo=NAM01-BN3-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bjpVx-0007ct-IO for qemu-devel@nongnu.org; Tue, 13 Sep 2016 11:20:49 -0400 From: Brijesh Singh Date: Tue, 13 Sep 2016 10:48:38 -0400 Message-ID: <147377811888.11859.2777245831487772253.stgit@brijesh-build-machine> In-Reply-To: <147377800565.11859.4411044563640180545.stgit@brijesh-build-machine> References: <147377800565.11859.4411044563640180545.stgit@brijesh-build-machine> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Subject: [Qemu-devel] [RFC PATCH v1 11/22] sev: add SEV debug encrypt command List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: ehabkost@redhat.com, crosthwaite.peter@gmail.com, armbru@redhat.com, mst@redhat.com, p.fedin@samsung.com, qemu-devel@nongnu.org, lcapitulino@redhat.com, pbonzini@redhat.com, rth@twiddle.net The SEV DEBUG_ENCRYPT command is used for injecting a code into SEV-enabled guest memory For more information see [1], section 7.2 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf The following KVM RFC patches defines and implements this command http://marc.info/?l=kvm&m=147190861124032&w=2 http://marc.info/?l=kvm&m=147190861124032&w=2 Signed-off-by: Brijesh Singh --- include/sysemu/sev.h | 10 ++++++++++ sev.c | 23 +++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 5872c3e..a505d75 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -65,4 +65,14 @@ int kvm_sev_guest_measurement(uint8_t *measurement); */ int kvm_sev_dbg_decrypt(uint8_t *dest, const uint8_t *src, uint32_t len); +/** + * kvm_sev_dbg_encrypt - encrypt the guest memory in SEV mode. + * @src - guest memory address + * @dest - host memory address where the encrypted data should be copied + * @length - length of memory region + * + * Returns: 0 on success and dest will contains the encrypted data + */ +int kvm_sev_dbg_encrypt(uint8_t *dest, const uint8_t *src, uint32_t len); + #endif diff --git a/sev.c b/sev.c index c7031d3..4e5da84 100644 --- a/sev.c +++ b/sev.c @@ -455,3 +455,26 @@ int kvm_sev_dbg_decrypt(uint8_t *dst, const uint8_t *src, uint32_t len) DPRINTF("SEV: DBG_DECRYPT dst %p src %p sz %d\n", dst, src, len); return 0; } + +int kvm_sev_dbg_encrypt(uint8_t *dst, const uint8_t *src, uint32_t len) +{ + int ret; + struct kvm_sev_dbg_encrypt encrypt; + struct kvm_sev_issue_cmd input; + + encrypt.src_addr = (unsigned long)src; + encrypt.dst_addr = (unsigned long)dst; + encrypt.length = len; + + input.cmd = KVM_SEV_DBG_ENCRYPT; + input.opaque = (unsigned long)&encrypt; + ret = kvm_vm_ioctl(kvm_state, KVM_SEV_ISSUE_CMD, &input); + if (ret) { + fprintf(stderr, "SEV: dbg_encrypt failed ret=%d(%#010x)\n", + ret, input.ret_code); + return 1; + } + + DPRINTF("SEV: DBG_ENCRYPT dst %p src %p sz %d\n", dst, src, len); + return 0; +}