From: David Gibson <david@gibson.dropbear.id.au>
To: Cornelia Huck <cohuck@redhat.com>
Cc: brijesh.singh@amd.com, pair@us.ibm.com, dgilbert@redhat.com,
pasic@linux.ibm.com, qemu-devel@nongnu.org,
Richard Henderson <richard.henderson@linaro.org>,
Marcelo Tosatti <mtosatti@redhat.com>,
David Hildenbrand <david@redhat.com>,
borntraeger@de.ibm.com,
Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
Paolo Bonzini <pbonzini@redhat.com>,
mst@redhat.com, jun.nakajima@intel.com, thuth@redhat.com,
pragyansri.pathi@intel.com, kvm@vger.kernel.org,
Eduardo Habkost <ehabkost@redhat.com>,
qemu-s390x@nongnu.org, qemu-ppc@nongnu.org,
frankja@linux.ibm.com, Greg Kurz <groug@kaod.org>,
mdroth@linux.vnet.ibm.com, berrange@redhat.com,
andi.kleen@intel.com
Subject: Re: [PATCH v7 03/13] sev: Remove false abstraction of flash encryption
Date: Mon, 18 Jan 2021 13:59:15 +1100 [thread overview]
Message-ID: <20210118025915.GF2089552@yekko.fritz.box> (raw)
In-Reply-To: <20210115135425.7fd94aed.cohuck@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 2443 bytes --]
On Fri, Jan 15, 2021 at 01:54:25PM +0100, Cornelia Huck wrote:
> On Thu, 14 Jan 2021 10:58:01 +1100
> David Gibson <david@gibson.dropbear.id.au> wrote:
>
> > When AMD's SEV memory encryption is in use, flash memory banks (which are
> > initialed by pc_system_flash_map()) need to be encrypted with the guest's
> > key, so that the guest can read them.
> >
> > That's abstracted via the kvm_memcrypt_encrypt_data() callback in the KVM
> > state.. except, that it doesn't really abstract much at all.
> >
> > For starters, the only called is in code specific to the 'pc' family of
>
> s/called/call site/
Fixed, thanks.
>
> > machine types, so it's obviously specific to those and to x86 to begin
> > with. But it makes a bunch of further assumptions that need not be true
> > about an arbitrary confidential guest system based on memory encryption,
> > let alone one based on other mechanisms:
> >
> > * it assumes that the flash memory is defined to be encrypted with the
> > guest key, rather than being shared with hypervisor
> > * it assumes that that hypervisor has some mechanism to encrypt data into
> > the guest, even though it can't decrypt it out, since that's the whole
> > point
> > * the interface assumes that this encrypt can be done in place, which
> > implies that the hypervisor can write into a confidential guests's
> > memory, even if what it writes isn't meaningful
> >
> > So really, this "abstraction" is actually pretty specific to the way SEV
> > works. So, this patch removes it and instead has the PC flash
> > initialization code call into a SEV specific callback.
> >
> > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> > ---
> > accel/kvm/kvm-all.c | 31 ++-----------------------------
> > accel/kvm/sev-stub.c | 9 ++-------
> > accel/stubs/kvm-stub.c | 10 ----------
> > hw/i386/pc_sysfw.c | 17 ++++++-----------
> > include/sysemu/kvm.h | 16 ----------------
> > include/sysemu/sev.h | 4 ++--
> > target/i386/sev-stub.c | 5 +++++
> > target/i386/sev.c | 24 ++++++++++++++----------
> > 8 files changed, 31 insertions(+), 85 deletions(-)
>
> Reviewed-by: Cornelia Huck <cohuck@redhat.com>
>
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2021-01-18 3:05 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-13 23:57 [PATCH v7 00/13] Generalize memory encryption models David Gibson
2021-01-13 23:57 ` [PATCH v7 01/13] qom: Allow optional sugar props David Gibson
2021-01-13 23:58 ` [PATCH v7 02/13] confidential guest support: Introduce new confidential guest support class David Gibson
2021-01-14 9:34 ` Daniel P. Berrangé
2021-01-14 10:42 ` David Gibson
2021-01-18 18:51 ` Dr. David Alan Gilbert
2021-01-21 1:06 ` David Gibson
2021-01-21 9:08 ` Dr. David Alan Gilbert
2021-01-29 2:32 ` David Gibson
2021-01-13 23:58 ` [PATCH v7 03/13] sev: Remove false abstraction of flash encryption David Gibson
2021-01-15 12:54 ` Cornelia Huck
2021-01-18 2:59 ` David Gibson [this message]
2021-01-13 23:58 ` [PATCH v7 04/13] confidential guest support: Move side effect out of machine_set_memory_encryption() David Gibson
2021-01-15 12:56 ` Cornelia Huck
2021-01-13 23:58 ` [PATCH v7 05/13] confidential guest support: Rework the "memory-encryption" property David Gibson
2021-01-15 13:06 ` Cornelia Huck
2021-01-13 23:58 ` [PATCH v7 06/13] sev: Add Error ** to sev_kvm_init() David Gibson
2021-01-13 23:58 ` [PATCH v7 07/13] confidential guest support: Introduce cgs "ready" flag David Gibson
2021-01-14 8:55 ` Greg Kurz
2021-01-15 13:12 ` Cornelia Huck
2021-01-18 19:47 ` Dr. David Alan Gilbert
2021-01-19 8:16 ` Cornelia Huck
2021-02-02 1:41 ` David Gibson
2021-01-13 23:58 ` [PATCH v7 08/13] confidential guest support: Move SEV initialization into arch specific code David Gibson
2021-01-15 13:24 ` Cornelia Huck
2021-01-18 3:03 ` David Gibson
2021-01-18 8:03 ` Cornelia Huck
2021-01-29 3:12 ` David Gibson
2021-01-13 23:58 ` [PATCH v7 09/13] confidential guest support: Update documentation David Gibson
2021-01-14 10:07 ` Greg Kurz
2021-01-15 15:36 ` Cornelia Huck
2021-01-29 2:36 ` David Gibson
2021-01-13 23:58 ` [PATCH v7 10/13] spapr: Add PEF based confidential guest support David Gibson
2021-01-15 15:41 ` Cornelia Huck
2021-01-29 2:43 ` David Gibson
2021-01-13 23:58 ` [PATCH v7 11/13] spapr: PEF: prevent migration David Gibson
2021-01-13 23:58 ` [PATCH v7 12/13] confidential guest support: Alter virtio default properties for protected guests David Gibson
2021-01-13 23:58 ` [PATCH v7 13/13] s390: Recognize confidential-guest-support option David Gibson
2021-01-14 9:10 ` Christian Borntraeger
2021-01-14 9:19 ` Christian Borntraeger
2021-01-14 9:24 ` Christian Borntraeger
2021-01-15 0:13 ` David Gibson
2021-01-14 11:45 ` David Gibson
2021-01-15 16:36 ` Cornelia Huck
2021-01-18 17:06 ` Christian Borntraeger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210118025915.GF2089552@yekko.fritz.box \
--to=david@gibson.dropbear.id.au \
--cc=andi.kleen@intel.com \
--cc=berrange@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=brijesh.singh@amd.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=dgilbert@redhat.com \
--cc=ehabkost@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=groug@kaod.org \
--cc=jun.nakajima@intel.com \
--cc=kvm@vger.kernel.org \
--cc=marcel.apfelbaum@gmail.com \
--cc=mdroth@linux.vnet.ibm.com \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pair@us.ibm.com \
--cc=pasic@linux.ibm.com \
--cc=pbonzini@redhat.com \
--cc=pragyansri.pathi@intel.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).