From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 03B35C4332E for ; Tue, 26 Jan 2021 22:38:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BDC0C20575 for ; Tue, 26 Jan 2021 22:38:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729287AbhAZWgg (ORCPT ); Tue, 26 Jan 2021 17:36:36 -0500 Received: from mail-co1nam11on2053.outbound.protection.outlook.com ([40.107.220.53]:3264 "EHLO NAM11-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2392492AbhAZRiA (ORCPT ); Tue, 26 Jan 2021 12:38:00 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hx6BJSqImoZVpgnZMkBP8a7Kryj7ebJniOKWLQVviaYBBVwnEAF0xpdzLj1Ag2b6SyAXjjQPtu5420O5zREs8Sq5EXOKkMEm04FHD5qn71wDk34dpsFDtOhDlmhk2nlsQuN5ZnAQKJbZzlMPkLZ4305rRxxesBcVwqeXYURdBOxpGjlVuCRrL1A4OKYNo9quFeFXsacX9KIcQh5LlrSkoGKIs2TW+eesWWLzoawdr246FxdD527lggvA/GanxNQlKoEK3znvat5jwIC48uPtbjm+uqj9n4hUOM8wpeM+r2Afa5ZNFrz0XX8lt/q14/YofhGDCf/uIS5JqL4k46kPlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L6MOkBBcpubOvgl4hCEAjOyS4NBnDXd58l2abFH7eNs=; b=CWjg2oZGgIdBw2S1XqR7mE9uEkGx84BnhPtHQ8WF3BT83GXfvxC6pBvfn9fqF5DU7k2mHm228F7b63tWnHgmQj+M2SK3qjwo0blrfxWWeKxREO2I5vUcd2p4bBjmn11OYMSVYDf6Olfy+7pZtLVO5AE2YC6ZQseA+KPbv1XdsZ42a46FoahRclM1XTIW/EhgHFanIN2/y9onzGavMpV590PQQTfifuMxKGmLt0NKJuAHFwPUhyn8/D9HYcCZ+okjlczAOA8as3TugA/k3R9SaJOgvemCVke6E4EJkfa7oVAPbzIo3RuWFH9lhrO4RNg3HHFB+uWVcT1zvvMaX1bpdg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L6MOkBBcpubOvgl4hCEAjOyS4NBnDXd58l2abFH7eNs=; b=eedsVTutuTES6NJZ7f2NvBZ/nJE8B3QIR26XYwrSxK8ughLX3bxVHH7V29vVZWl0dVT/kiX3UK5d9+x46d0yhtjF2BbYROsQHRUzBWOvDl5tdSfWO1mQ3qzBpsumyY3+RnIA6r7ppeEczF6QkuE9zDEds+YBrSzWbf/mtyjsXUU= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4153.namprd12.prod.outlook.com (2603:10b6:5:212::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3784.13; Tue, 26 Jan 2021 17:37:05 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::cc15:4b1f:9f84:6914]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::cc15:4b1f:9f84:6914%4]) with mapi id 15.20.3784.019; Tue, 26 Jan 2021 17:37:04 +0000 From: Tom Lendacky To: qemu-devel@nongnu.org, kvm@vger.kernel.org Cc: Marcel Apfelbaum , Paolo Bonzini , "Dr. David Alan Gilbert" , Eduardo Habkost , Richard Henderson , Connor Kuehl , Brijesh Singh , Jiri Slaby , Marcelo Tosatti , "Michael S. Tsirkin" , Sean Christopherson , Aleksandar Rikalo , Aurelien Jarno , David Gibson , David Hildenbrand , Jiaxun Yang , Peter Maydell , Richard Henderson Subject: [PATCH v6 0/6] Qemu SEV-ES guest support Date: Tue, 26 Jan 2021 11:36:43 -0600 Message-Id: X-Mailer: git-send-email 2.30.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR04CA0102.namprd04.prod.outlook.com (2603:10b6:805:f2::43) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN6PR04CA0102.namprd04.prod.outlook.com (2603:10b6:805:f2::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16 via Frontend Transport; Tue, 26 Jan 2021 17:37:03 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 56da634a-aa8a-4cc9-01a9-08d8c220ff11 X-MS-TrafficTypeDiagnostic: DM6PR12MB4153: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4941; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 1Om57hovJUlyALvCSA/3I5q9cel4P3AkBLE3vo9z5daIYv6AWzcGmOdNHrT9IPg5UKv/iWvmVxwrznjvKEZOpmuUuz33ROFV4p6amjHowD3iRygq/GAdRky+bkKJhbSPXcYxYSMhO5OPGAVgMtkhgRKzGSoqm7gm9tkt2RjRyviExYThH0BRmve9hN1fpreHupRZs4yW7/HO+DxMCfy1xG3CRlYUGruEgjX9v6nNOyHcpJHgKrwXT8UgHkxkMQTRJw8zr5NLajbTm4rJHxTuDesxOrkedel0hkr+etVttbr3PvY6bCJ8Itv7StbZ/ib5yJkkRPoNGa/oFdpz16dU1bDhpXbN8wx+qcDyJv9DJq5uu9wUBWFPRYXiGxqEUwjxpH0Bd1vbjomhBXSrvvNnSjeUcOEeoDJQh05pWTZdVbdFw4PDPTJCAXQG3RzvmLilZp4MRYls2Oo35XfEXEezsg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(39860400002)(376002)(396003)(346002)(136003)(8676002)(7696005)(52116002)(478600001)(6666004)(966005)(7416002)(4326008)(2906002)(66476007)(316002)(54906003)(5660300002)(26005)(2616005)(956004)(86362001)(83380400001)(36756003)(186003)(16526019)(6486002)(66946007)(8936002)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?JCvcO06qKEUTTohkc8qMkLa/Tg5XV7sE5cVR6+dYjxjU/qJSaVo6yJqmSCFr?= =?us-ascii?Q?xS1mCq6OnQGPzIZynZOMNDFgydwPsTHfL+lYpgD6hiXjyisT6X4s0piHpb0q?= =?us-ascii?Q?Zo4hNfh05oGJn6+vQ7XNWdpPnchnsoYkYYJNnWG/VN6XnbLQe+nY/6aLocgv?= =?us-ascii?Q?Pr6nltwMu0YV5hlYoZIV79dk5tNLOFoG5H4P0OF3gMP7AiCH+0MF3ebIgIlT?= =?us-ascii?Q?fSgHwtc7RoDE2KVsM5f5FMjPNqFMpkPz0jCkUnMO/xvIT9mD53U90UtseCAp?= =?us-ascii?Q?MEsb2p/3f5haf2FQbCXOrKdyvwgCYKPqHjfJO/1t765J8pNJ4iT4ebl1IhNd?= =?us-ascii?Q?8Knivh9Fupg40ibKTlC7Fw9jxamKNulZsyy/0nEOlsC/KtM/3DlaAIj52qnS?= =?us-ascii?Q?NmTZ283ndQztC/B/BiGIJobskYQZrXlyzC350I/bqCl7LjreG4u6bVA2l1Xh?= =?us-ascii?Q?Q1m6jW8X50vkoOI7JT6PG56Xejg6PJbc5u354/u19Aa8wXhoS1zLb7s4Tr3H?= =?us-ascii?Q?13E3XDIIFmwOGL1VfDpL8PD8vIGolBwO1r4rz6lcLKQ0MP8JDMeY5kF4uo0S?= =?us-ascii?Q?BuutwC0JQ0xbP2+fIgXPEtTAvcMLJ+N8WnR0vdb2kGplbx5DvXWDuCChsjS7?= =?us-ascii?Q?7RHMYXaYF676Asm3v48RtVTjlDaeIEpS6+iWi81ese31EAQF5DTsbJcVvRf0?= =?us-ascii?Q?iepckVkdgmjFdiaLqlCxmg3FY7Ezj88YM7oxxD/Gg9WhYnRzNmXsXjlqDyTJ?= =?us-ascii?Q?qgtgvdYA4Y8lBXzesxS1r6I6dKQsA+WeqQhnmBec9/y5exJvBsR1W3LYeyQ/?= =?us-ascii?Q?mpKpezeGSn69oiNfsht/iWoG+nesEJZOz10A4paY6518UyE9RdoyNR+pyhes?= =?us-ascii?Q?/NUIdwbkJAeMRfhD2cdLIIk1oD1EEFH494etQPMyQ+br4TZx91wdylw7xvyT?= =?us-ascii?Q?kvy92XF1gSS9veTepXEyHw75PamS7DIBBb5ac9/jbNy8vR1FF2b/C+oX8+vu?= =?us-ascii?Q?WJDScUnLLtXto7Agw0E5T0ptpHJCD323sRHBtrojhGy/4QLKDrR797o924tn?= =?us-ascii?Q?KEgkgUoh?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 56da634a-aa8a-4cc9-01a9-08d8c220ff11 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2021 17:37:04.8321 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 83DCcZb4IzaeJ2nlNqWnMRMIUSqVzjxHArzQsgG3LDipNakIr6pid4i1DsS5VnXfSE3EUgJg4U6ZS6qLaTgViA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4153 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Tom Lendacky This patch series provides support for launching an SEV-ES guest. Secure Encrypted Virtualization - Encrypted State (SEV-ES) expands on the SEV support to protect the guest register state from the hypervisor. See "AMD64 Architecture Programmer's Manual Volume 2: System Programming", section "15.35 Encrypted State (SEV-ES)" [1]. In order to allow a hypervisor to perform functions on behalf of a guest, there is architectural support for notifying a guest's operating system when certain types of VMEXITs are about to occur. This allows the guest to selectively share information with the hypervisor to satisfy the requested function. The notification is performed using a new exception, the VMM Communication exception (#VC). The information is shared through the Guest-Hypervisor Communication Block (GHCB) using the VMGEXIT instruction. The GHCB format and the protocol for using it is documented in "SEV-ES Guest-Hypervisor Communication Block Standardization" [2]. The main areas of the Qemu code that are updated to support SEV-ES are around the SEV guest launch process and AP booting in order to support booting multiple vCPUs. There are no new command line switches required. Instead, the desire for SEV-ES is presented using the SEV policy object. Bit 2 of the SEV policy object indicates that SEV-ES is required. The SEV launch process is updated in two ways. The first is that a the KVM_SEV_ES_INIT ioctl is used to initialize the guest instead of the standard KVM_SEV_INIT ioctl. The second is that before the SEV launch measurement is calculated, the LAUNCH_UPDATE_VMSA SEV API is invoked for each vCPU that Qemu has created. Once the LAUNCH_UPDATE_VMSA API has been invoked, no direct changes to the guest register state can be made. AP booting poses some interesting challenges. The INIT-SIPI-SIPI sequence is typically used to boot the APs. However, the hypervisor is not allowed to update the guest registers. For the APs, the reset vector must be known in advance. An OVMF method to provide a known reset vector address exists by providing an SEV information block, identified by UUID, near the end of the firmware [3]. OVMF will program the jump to the actual reset vector in this area of memory. Since the memory location is known in advance, an AP can be created with the known reset vector address as its starting CS:IP. The GHCB document [2] talks about how SMP booting under SEV-ES is performed. SEV-ES also requires the use of the in-kernel irqchip support in order to minimize the changes required to Qemu to support AP booting. [1] https://www.amd.com/system/files/TechDocs/24593.pdf [2] https://developer.amd.com/wp-content/resources/56421.pdf [3] 30937f2f98c4 ("OvmfPkg: Use the SEV-ES work area for the SEV-ES AP reset vector") https://github.com/tianocore/edk2/commit/30937f2f98c42496f2f143fe8374ae7f7e684847 Cc: Aleksandar Rikalo Cc: Aurelien Jarno Cc: David Gibson Cc: David Hildenbrand Cc: Eduardo Habkost Cc: Jiaxun Yang Cc: Marcel Apfelbaum Cc: Marcelo Tosatti Cc: "Michael S. Tsirkin" Cc: Paolo Bonzini Cc: Peter Maydell Cc: Richard Henderson --- These patches are based on commit: 9cd69f1a27 ("Merge remote-tracking branch 'remotes/stefanberger/tags/pull-tpm-2021-01-25-1' into staging") Additionally, these patches pre-req the following patch series that has not yet been accepted into the Qemu tree: [PATCH v2 0/2] sev: enable secret injection to a self described area in OVMF https://lore.kernel.org/qemu-devel/20201214154429.11023-1-jejb@linux.ibm.com/ A version of the tree can be found at: https://github.com/AMDESE/qemu/tree/sev-es-v14 Changes since v5: - Rework the reset prevention patch to not issue the error message if the --no-reboot option has been specified for SEV-ES guests. Changes since v4: - Add support for an updated Firmware GUID table implementation, that is now present in OVMF SEV-ES firmware, when searching for the reset vector information. The code will check for the new implementation first, followed by the original implementation to maintain backward compatibility. Changes since v3: - Use the QemuUUID structure for GUID definitions - Use SEV-ES policy bit definition from target/i386/sev_i386.h - Update SMM support to a per-VM check in order to check SMM capability at the VM level since SEV-ES guests don't currently support SMM - Make the CPU resettable check an arch-specific check Changes since v2: - Add in-kernel irqchip requirement for SEV-ES guests Changes since v1: - Fixed checkpatch.pl errors/warnings Tom Lendacky (6): sev/i386: Add initial support for SEV-ES sev/i386: Require in-kernel irqchip support for SEV-ES guests sev/i386: Allow AP booting under SEV-ES sev/i386: Don't allow a system reset under an SEV-ES guest kvm/i386: Use a per-VM check for SMM capability sev/i386: Enable an SEV-ES guest based on SEV policy accel/kvm/kvm-all.c | 69 +++++++++++++++++++++ accel/stubs/kvm-stub.c | 5 ++ hw/i386/pc_sysfw.c | 10 ++- include/sysemu/cpus.h | 2 + include/sysemu/hw_accel.h | 5 ++ include/sysemu/kvm.h | 26 ++++++++ include/sysemu/sev.h | 3 + softmmu/cpus.c | 5 ++ softmmu/runstate.c | 3 + target/arm/kvm.c | 5 ++ target/i386/cpu.c | 1 + target/i386/kvm/kvm.c | 10 ++- target/i386/sev-stub.c | 6 ++ target/i386/sev.c | 124 +++++++++++++++++++++++++++++++++++++- target/i386/sev_i386.h | 1 + target/mips/kvm.c | 5 ++ target/ppc/kvm.c | 5 ++ target/s390x/kvm.c | 5 ++ 18 files changed, 286 insertions(+), 4 deletions(-) -- 2.30.0 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CFDC3C433DB for ; Tue, 26 Jan 2021 17:40:15 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 46D0A2228A for ; Tue, 26 Jan 2021 17:40:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 46D0A2228A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=amd.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:36308 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l4SK5-0003ck-04 for qemu-devel@archiver.kernel.org; Tue, 26 Jan 2021 12:40:14 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:40318) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l4SHD-000279-GY for qemu-devel@nongnu.org; Tue, 26 Jan 2021 12:37:15 -0500 Received: from mail-co1nam11on2057.outbound.protection.outlook.com ([40.107.220.57]:48352 helo=NAM11-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l4SHA-0006st-Da for qemu-devel@nongnu.org; Tue, 26 Jan 2021 12:37:14 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hx6BJSqImoZVpgnZMkBP8a7Kryj7ebJniOKWLQVviaYBBVwnEAF0xpdzLj1Ag2b6SyAXjjQPtu5420O5zREs8Sq5EXOKkMEm04FHD5qn71wDk34dpsFDtOhDlmhk2nlsQuN5ZnAQKJbZzlMPkLZ4305rRxxesBcVwqeXYURdBOxpGjlVuCRrL1A4OKYNo9quFeFXsacX9KIcQh5LlrSkoGKIs2TW+eesWWLzoawdr246FxdD527lggvA/GanxNQlKoEK3znvat5jwIC48uPtbjm+uqj9n4hUOM8wpeM+r2Afa5ZNFrz0XX8lt/q14/YofhGDCf/uIS5JqL4k46kPlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L6MOkBBcpubOvgl4hCEAjOyS4NBnDXd58l2abFH7eNs=; b=CWjg2oZGgIdBw2S1XqR7mE9uEkGx84BnhPtHQ8WF3BT83GXfvxC6pBvfn9fqF5DU7k2mHm228F7b63tWnHgmQj+M2SK3qjwo0blrfxWWeKxREO2I5vUcd2p4bBjmn11OYMSVYDf6Olfy+7pZtLVO5AE2YC6ZQseA+KPbv1XdsZ42a46FoahRclM1XTIW/EhgHFanIN2/y9onzGavMpV590PQQTfifuMxKGmLt0NKJuAHFwPUhyn8/D9HYcCZ+okjlczAOA8as3TugA/k3R9SaJOgvemCVke6E4EJkfa7oVAPbzIo3RuWFH9lhrO4RNg3HHFB+uWVcT1zvvMaX1bpdg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L6MOkBBcpubOvgl4hCEAjOyS4NBnDXd58l2abFH7eNs=; b=eedsVTutuTES6NJZ7f2NvBZ/nJE8B3QIR26XYwrSxK8ughLX3bxVHH7V29vVZWl0dVT/kiX3UK5d9+x46d0yhtjF2BbYROsQHRUzBWOvDl5tdSfWO1mQ3qzBpsumyY3+RnIA6r7ppeEczF6QkuE9zDEds+YBrSzWbf/mtyjsXUU= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4153.namprd12.prod.outlook.com (2603:10b6:5:212::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3784.13; Tue, 26 Jan 2021 17:37:05 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::cc15:4b1f:9f84:6914]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::cc15:4b1f:9f84:6914%4]) with mapi id 15.20.3784.019; Tue, 26 Jan 2021 17:37:04 +0000 From: Tom Lendacky To: qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v6 0/6] Qemu SEV-ES guest support Date: Tue, 26 Jan 2021 11:36:43 -0600 Message-Id: X-Mailer: git-send-email 2.30.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR04CA0102.namprd04.prod.outlook.com (2603:10b6:805:f2::43) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN6PR04CA0102.namprd04.prod.outlook.com (2603:10b6:805:f2::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16 via Frontend Transport; Tue, 26 Jan 2021 17:37:03 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 56da634a-aa8a-4cc9-01a9-08d8c220ff11 X-MS-TrafficTypeDiagnostic: DM6PR12MB4153: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4941; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 1Om57hovJUlyALvCSA/3I5q9cel4P3AkBLE3vo9z5daIYv6AWzcGmOdNHrT9IPg5UKv/iWvmVxwrznjvKEZOpmuUuz33ROFV4p6amjHowD3iRygq/GAdRky+bkKJhbSPXcYxYSMhO5OPGAVgMtkhgRKzGSoqm7gm9tkt2RjRyviExYThH0BRmve9hN1fpreHupRZs4yW7/HO+DxMCfy1xG3CRlYUGruEgjX9v6nNOyHcpJHgKrwXT8UgHkxkMQTRJw8zr5NLajbTm4rJHxTuDesxOrkedel0hkr+etVttbr3PvY6bCJ8Itv7StbZ/ib5yJkkRPoNGa/oFdpz16dU1bDhpXbN8wx+qcDyJv9DJq5uu9wUBWFPRYXiGxqEUwjxpH0Bd1vbjomhBXSrvvNnSjeUcOEeoDJQh05pWTZdVbdFw4PDPTJCAXQG3RzvmLilZp4MRYls2Oo35XfEXEezsg== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR12MB1355.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(39860400002)(376002)(396003)(346002)(136003)(8676002)(7696005)(52116002)(478600001)(6666004)(966005)(7416002)(4326008)(2906002)(66476007)(316002)(54906003)(5660300002)(26005)(2616005)(956004)(86362001)(83380400001)(36756003)(186003)(16526019)(6486002)(66946007)(8936002)(66556008); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?JCvcO06qKEUTTohkc8qMkLa/Tg5XV7sE5cVR6+dYjxjU/qJSaVo6yJqmSCFr?= =?us-ascii?Q?xS1mCq6OnQGPzIZynZOMNDFgydwPsTHfL+lYpgD6hiXjyisT6X4s0piHpb0q?= =?us-ascii?Q?Zo4hNfh05oGJn6+vQ7XNWdpPnchnsoYkYYJNnWG/VN6XnbLQe+nY/6aLocgv?= =?us-ascii?Q?Pr6nltwMu0YV5hlYoZIV79dk5tNLOFoG5H4P0OF3gMP7AiCH+0MF3ebIgIlT?= =?us-ascii?Q?fSgHwtc7RoDE2KVsM5f5FMjPNqFMpkPz0jCkUnMO/xvIT9mD53U90UtseCAp?= =?us-ascii?Q?MEsb2p/3f5haf2FQbCXOrKdyvwgCYKPqHjfJO/1t765J8pNJ4iT4ebl1IhNd?= =?us-ascii?Q?8Knivh9Fupg40ibKTlC7Fw9jxamKNulZsyy/0nEOlsC/KtM/3DlaAIj52qnS?= =?us-ascii?Q?NmTZ283ndQztC/B/BiGIJobskYQZrXlyzC350I/bqCl7LjreG4u6bVA2l1Xh?= =?us-ascii?Q?Q1m6jW8X50vkoOI7JT6PG56Xejg6PJbc5u354/u19Aa8wXhoS1zLb7s4Tr3H?= =?us-ascii?Q?13E3XDIIFmwOGL1VfDpL8PD8vIGolBwO1r4rz6lcLKQ0MP8JDMeY5kF4uo0S?= =?us-ascii?Q?BuutwC0JQ0xbP2+fIgXPEtTAvcMLJ+N8WnR0vdb2kGplbx5DvXWDuCChsjS7?= =?us-ascii?Q?7RHMYXaYF676Asm3v48RtVTjlDaeIEpS6+iWi81ese31EAQF5DTsbJcVvRf0?= =?us-ascii?Q?iepckVkdgmjFdiaLqlCxmg3FY7Ezj88YM7oxxD/Gg9WhYnRzNmXsXjlqDyTJ?= =?us-ascii?Q?qgtgvdYA4Y8lBXzesxS1r6I6dKQsA+WeqQhnmBec9/y5exJvBsR1W3LYeyQ/?= =?us-ascii?Q?mpKpezeGSn69oiNfsht/iWoG+nesEJZOz10A4paY6518UyE9RdoyNR+pyhes?= =?us-ascii?Q?/NUIdwbkJAeMRfhD2cdLIIk1oD1EEFH494etQPMyQ+br4TZx91wdylw7xvyT?= =?us-ascii?Q?kvy92XF1gSS9veTepXEyHw75PamS7DIBBb5ac9/jbNy8vR1FF2b/C+oX8+vu?= =?us-ascii?Q?WJDScUnLLtXto7Agw0E5T0ptpHJCD323sRHBtrojhGy/4QLKDrR797o924tn?= =?us-ascii?Q?KEgkgUoh?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 56da634a-aa8a-4cc9-01a9-08d8c220ff11 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2021 17:37:04.8321 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 83DCcZb4IzaeJ2nlNqWnMRMIUSqVzjxHArzQsgG3LDipNakIr6pid4i1DsS5VnXfSE3EUgJg4U6ZS6qLaTgViA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4153 Received-SPF: softfail client-ip=40.107.220.57; envelope-from=Thomas.Lendacky@amd.com; helo=NAM11-CO1-obe.outbound.protection.outlook.com X-Spam_score_int: 12 X-Spam_score: 1.2 X-Spam_bar: + X-Spam_report: (1.2 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SBL_CSS=3.335, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Aleksandar Rikalo , Brijesh Singh , Eduardo Habkost , "Michael S. Tsirkin" , Connor Kuehl , Sean Christopherson , Marcelo Tosatti , David Hildenbrand , "Dr. David Alan Gilbert" , Richard Henderson , Paolo Bonzini , David Gibson , Jiri Slaby , Aurelien Jarno , Richard Henderson Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Tom Lendacky This patch series provides support for launching an SEV-ES guest. Secure Encrypted Virtualization - Encrypted State (SEV-ES) expands on the SEV support to protect the guest register state from the hypervisor. See "AMD64 Architecture Programmer's Manual Volume 2: System Programming", section "15.35 Encrypted State (SEV-ES)" [1]. In order to allow a hypervisor to perform functions on behalf of a guest, there is architectural support for notifying a guest's operating system when certain types of VMEXITs are about to occur. This allows the guest to selectively share information with the hypervisor to satisfy the requested function. The notification is performed using a new exception, the VMM Communication exception (#VC). The information is shared through the Guest-Hypervisor Communication Block (GHCB) using the VMGEXIT instruction. The GHCB format and the protocol for using it is documented in "SEV-ES Guest-Hypervisor Communication Block Standardization" [2]. The main areas of the Qemu code that are updated to support SEV-ES are around the SEV guest launch process and AP booting in order to support booting multiple vCPUs. There are no new command line switches required. Instead, the desire for SEV-ES is presented using the SEV policy object. Bit 2 of the SEV policy object indicates that SEV-ES is required. The SEV launch process is updated in two ways. The first is that a the KVM_SEV_ES_INIT ioctl is used to initialize the guest instead of the standard KVM_SEV_INIT ioctl. The second is that before the SEV launch measurement is calculated, the LAUNCH_UPDATE_VMSA SEV API is invoked for each vCPU that Qemu has created. Once the LAUNCH_UPDATE_VMSA API has been invoked, no direct changes to the guest register state can be made. AP booting poses some interesting challenges. The INIT-SIPI-SIPI sequence is typically used to boot the APs. However, the hypervisor is not allowed to update the guest registers. For the APs, the reset vector must be known in advance. An OVMF method to provide a known reset vector address exists by providing an SEV information block, identified by UUID, near the end of the firmware [3]. OVMF will program the jump to the actual reset vector in this area of memory. Since the memory location is known in advance, an AP can be created with the known reset vector address as its starting CS:IP. The GHCB document [2] talks about how SMP booting under SEV-ES is performed. SEV-ES also requires the use of the in-kernel irqchip support in order to minimize the changes required to Qemu to support AP booting. [1] https://www.amd.com/system/files/TechDocs/24593.pdf [2] https://developer.amd.com/wp-content/resources/56421.pdf [3] 30937f2f98c4 ("OvmfPkg: Use the SEV-ES work area for the SEV-ES AP reset vector") https://github.com/tianocore/edk2/commit/30937f2f98c42496f2f143fe8374ae7f7e684847 Cc: Aleksandar Rikalo Cc: Aurelien Jarno Cc: David Gibson Cc: David Hildenbrand Cc: Eduardo Habkost Cc: Jiaxun Yang Cc: Marcel Apfelbaum Cc: Marcelo Tosatti Cc: "Michael S. Tsirkin" Cc: Paolo Bonzini Cc: Peter Maydell Cc: Richard Henderson --- These patches are based on commit: 9cd69f1a27 ("Merge remote-tracking branch 'remotes/stefanberger/tags/pull-tpm-2021-01-25-1' into staging") Additionally, these patches pre-req the following patch series that has not yet been accepted into the Qemu tree: [PATCH v2 0/2] sev: enable secret injection to a self described area in OVMF https://lore.kernel.org/qemu-devel/20201214154429.11023-1-jejb@linux.ibm.com/ A version of the tree can be found at: https://github.com/AMDESE/qemu/tree/sev-es-v14 Changes since v5: - Rework the reset prevention patch to not issue the error message if the --no-reboot option has been specified for SEV-ES guests. Changes since v4: - Add support for an updated Firmware GUID table implementation, that is now present in OVMF SEV-ES firmware, when searching for the reset vector information. The code will check for the new implementation first, followed by the original implementation to maintain backward compatibility. Changes since v3: - Use the QemuUUID structure for GUID definitions - Use SEV-ES policy bit definition from target/i386/sev_i386.h - Update SMM support to a per-VM check in order to check SMM capability at the VM level since SEV-ES guests don't currently support SMM - Make the CPU resettable check an arch-specific check Changes since v2: - Add in-kernel irqchip requirement for SEV-ES guests Changes since v1: - Fixed checkpatch.pl errors/warnings Tom Lendacky (6): sev/i386: Add initial support for SEV-ES sev/i386: Require in-kernel irqchip support for SEV-ES guests sev/i386: Allow AP booting under SEV-ES sev/i386: Don't allow a system reset under an SEV-ES guest kvm/i386: Use a per-VM check for SMM capability sev/i386: Enable an SEV-ES guest based on SEV policy accel/kvm/kvm-all.c | 69 +++++++++++++++++++++ accel/stubs/kvm-stub.c | 5 ++ hw/i386/pc_sysfw.c | 10 ++- include/sysemu/cpus.h | 2 + include/sysemu/hw_accel.h | 5 ++ include/sysemu/kvm.h | 26 ++++++++ include/sysemu/sev.h | 3 + softmmu/cpus.c | 5 ++ softmmu/runstate.c | 3 + target/arm/kvm.c | 5 ++ target/i386/cpu.c | 1 + target/i386/kvm/kvm.c | 10 ++- target/i386/sev-stub.c | 6 ++ target/i386/sev.c | 124 +++++++++++++++++++++++++++++++++++++- target/i386/sev_i386.h | 1 + target/mips/kvm.c | 5 ++ target/ppc/kvm.c | 5 ++ target/s390x/kvm.c | 5 ++ 18 files changed, 286 insertions(+), 4 deletions(-) -- 2.30.0