qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: jejb@linux.ibm.com, Paolo Bonzini <pbonzini@redhat.com>,
	qemu-devel@nongnu.org
Cc: "Dr . David Alan Gilbert" <dgilbert@redhat.com>,
	Sergio Lopez <slp@redhat.com>
Subject: Re: [PULL 02/19] sev: update sev-inject-launch-secret to make gpa optional
Date: Fri, 21 May 2021 13:34:17 +0200	[thread overview]
Message-ID: <796fab4e-1490-e7b1-f73e-9bbf0827f43a@redhat.com> (raw)
In-Reply-To: <25edd87f17b87db14b0b09b5dca1a41644ce4169.camel@linux.ibm.com>

On 5/21/21 12:19 AM, James Bottomley wrote:
> On Thu, 2021-05-20 at 23:36 +0200, Philippe Mathieu-Daudé wrote:
>> On 2/15/21 2:16 PM, Paolo Bonzini wrote:
>>> From: James Bottomley <jejb@linux.ibm.com>
>>>
>>> If the gpa isn't specified, it's value is extracted from the OVMF
>>> properties table located below the reset vector (and if this
>>> doesn't
>>> exist, an error is returned).  OVMF has defined the GUID for the
>>> SEV
>>> secret area as 4c2eb361-7d9b-4cc3-8081-127c90d3d294 and the format
>>> of
>>> the <data> is: <base>|<size> where both are uint32_t.  We extract
>>> <base> and use it as the gpa for the injection.
>>>
>>> Note: it is expected that the injected secret will also be GUID
>>> described but since qemu can't interpret it, the format is left
>>> undefined here.
>>>
>>> Signed-off-by: James Bottomley <jejb@linux.ibm.com>
>>>
>>> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
>>> Message-Id: <20210204193939.16617-3-jejb@linux.ibm.com>
>>> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
>>> ---
>>>  qapi/misc-target.json |  2 +-
>>>  target/i386/monitor.c | 23 ++++++++++++++++++++++-
>>>  2 files changed, 23 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/qapi/misc-target.json b/qapi/misc-target.json
>>> index 06ef8757f0..0c7491cd82 100644
>>> --- a/qapi/misc-target.json
>>> +++ b/qapi/misc-target.json
>>> @@ -216,7 +216,7 @@
>>>  #
>>>  ##
>>>  { 'command': 'sev-inject-launch-secret',
>>> -  'data': { 'packet-header': 'str', 'secret': 'str', 'gpa':
>>> 'uint64' },
>>> +  'data': { 'packet-header': 'str', 'secret': 'str', '*gpa':
>>> 'uint64' },
>>>    'if': 'defined(TARGET_I386)' }
>>>  
>>>  ##
>>> diff --git a/target/i386/monitor.c b/target/i386/monitor.c
>>> index 1bc91442b1..5994408bee 100644
>>> --- a/target/i386/monitor.c
>>> +++ b/target/i386/monitor.c
>>> @@ -34,6 +34,7 @@
>>>  #include "sev_i386.h"
>>>  #include "qapi/qapi-commands-misc-target.h"
>>>  #include "qapi/qapi-commands-misc.h"
>>> +#include "hw/i386/pc.h"
>>>  
>>>  /* Perform linear address sign extension */
>>>  static hwaddr addr_canonical(CPUArchState *env, hwaddr addr)
>>> @@ -730,9 +731,29 @@ SevCapability
>>> *qmp_query_sev_capabilities(Error **errp)
>>>      return sev_get_capabilities(errp);
>>>  }
>>>  
>>> +#define SEV_SECRET_GUID "4c2eb361-7d9b-4cc3-8081-127c90d3d294"
>>> +struct sev_secret_area {
>>> +    uint32_t base;
>>> +    uint32_t size;
>>> +};
>>> +
>>>  void qmp_sev_inject_launch_secret(const char *packet_hdr,
>>> -                                  const char *secret, uint64_t
>>> gpa,
>>> +                                  const char *secret,
>>> +                                  bool has_gpa, uint64_t gpa,
>>>                                    Error **errp)
>>>  {
>>> +    if (!has_gpa) {
>>> +        uint8_t *data;
>>> +        struct sev_secret_area *area;
>>> +
>>> +        if (!pc_system_ovmf_table_find(SEV_SECRET_GUID, &data,
>>> NULL)) {
>>
>> FYI trying to build MicroVM standalone (--without-default-devices):
>>
>> /usr/bin/ld: libqemu-i386-softmmu.fa.p/target_i386_monitor.c.o: in
>> function `qmp_sev_inject_launch_secret':
>> target/i386/monitor.c:749: undefined reference to
>> `pc_system_ovmf_table_find'
>>
>> I'm adding this to my TODO list.
> 
> I'm pretty clueless with the new meson build system but I think this is
> something to do with CONFIG_PC not being defined ... can you verify? in
> which case it could be fixed with a pc_sysfw-stub.c that builds it as a
> function returning false.

Oh actually I wrote the fix this morning, but haven't posted it yet.

Beside what you said, I added a X86_FW_OVMF symbol and have SEV
depends on it.

I'll cc you when posting.

Regards,

Phil.



  reply	other threads:[~2021-05-21 11:36 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-15 13:16 [PULL 00/19] i386, qgraph patches for 2020-02-15 Paolo Bonzini
2021-02-15 13:16 ` [PULL 01/19] pc: add parser for OVMF reset block Paolo Bonzini
2021-02-15 13:16 ` [PULL 02/19] sev: update sev-inject-launch-secret to make gpa optional Paolo Bonzini
2021-05-20 21:36   ` Philippe Mathieu-Daudé
2021-05-20 22:19     ` James Bottomley
2021-05-21 11:34       ` Philippe Mathieu-Daudé [this message]
2021-02-15 13:16 ` [PULL 03/19] sev/i386: Add initial support for SEV-ES Paolo Bonzini
2021-02-15 13:16 ` [PULL 04/19] sev/i386: Require in-kernel irqchip support for SEV-ES guests Paolo Bonzini
2021-02-15 13:16 ` [PULL 05/19] sev/i386: Allow AP booting under SEV-ES Paolo Bonzini
2021-02-15 13:16 ` [PULL 06/19] sev/i386: Don't allow a system reset under an SEV-ES guest Paolo Bonzini
2021-02-15 13:16 ` [PULL 07/19] kvm/i386: Use a per-VM check for SMM capability Paolo Bonzini
2021-02-15 13:16 ` [PULL 08/19] sev/i386: Enable an SEV-ES guest based on SEV policy Paolo Bonzini
2021-02-15 13:16 ` [PULL 09/19] libqos/qgraph: add qos_node_create_driver_named() Paolo Bonzini
2021-02-15 14:06   ` Christian Schoenebeck
2021-02-18  9:10     ` Christian Schoenebeck
2021-02-18  9:14       ` Paolo Bonzini
2021-02-18  9:23         ` Christian Schoenebeck
2021-02-15 13:16 ` [PULL 10/19] libqos/qgraph_internal: add qos_printf() and qos_printf_literal() Paolo Bonzini
2021-02-15 13:16 ` [PULL 11/19] tests/qtest/qos-test: dump qos graph if verbose Paolo Bonzini
2021-02-15 13:16 ` [PULL 12/19] tests/qtest/qos-test: dump environment variables " Paolo Bonzini
2021-02-15 13:16 ` [PULL 13/19] tests/qtest/qos-test: dump QEMU command " Paolo Bonzini
2021-02-15 13:16 ` [PULL 14/19] util/cutils: Skip "." when looking for next directory component Paolo Bonzini
2021-02-15 13:16 ` [PULL 15/19] hvf: Guard xgetbv call Paolo Bonzini
2021-02-15 13:16 ` [PULL 16/19] target/i386/hvf: add vmware-cpuid-freq cpu feature Paolo Bonzini
2021-02-15 13:16 ` [PULL 17/19] hvf: x86: Remove unused definitions Paolo Bonzini
2021-02-15 13:16 ` [PULL 18/19] target/i386/hvf: add rdmsr 35H MSR_CORE_THREAD_COUNT Paolo Bonzini
2021-02-15 13:16 ` [PULL 19/19] hvf: Fetch cr4 before evaluating CPUID(1) Paolo Bonzini
2021-02-15 13:29 ` [PULL 00/19] i386, qgraph patches for 2020-02-15 Thomas Huth
2021-02-15 13:30 ` Philippe Mathieu-Daudé
2021-02-15 13:43 ` no-reply
2021-02-15 21:13 ` Eric Blake
2021-02-16 14:13   ` Peter Maydell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=796fab4e-1490-e7b1-f73e-9bbf0827f43a@redhat.com \
    --to=philmd@redhat.com \
    --cc=dgilbert@redhat.com \
    --cc=jejb@linux.ibm.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=slp@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).