On Thu, Mar 08, 2018 at 11:12:01AM -0600, Brijesh Singh wrote: > Extend hypervisor capabilities to include sev feature. When available, > hypervisor supports launching an encrypted VM on AMD platform. The > sev feature tag provides additional details like platform diffie-hellman > key and certificate chain which can be used by the guest owner to > establish a cryptographic session with the SEV firmware to negotiate > keys used for attestation or to provide secret during launch. > > Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx> > --- > docs/formatdomaincaps.html.in | 40 ++++++++++++++++++++++++++++++++++++++++ > docs/schemas/domaincaps.rng | 20 ++++++++++++++++++++ > src/conf/domain_capabilities.c | 20 ++++++++++++++++++++ > src/conf/domain_capabilities.h | 1 + > src/qemu/qemu_capabilities.c | 2 ++ > 5 files changed, 83 insertions(+) > > diff --git a/docs/formatdomaincaps.html.in b/docs/formatdomaincaps.html.in > index 6bfcaf61caae..f38314166ac3 100644 > --- a/docs/formatdomaincaps.html.in > +++ b/docs/formatdomaincaps.html.in > @@ -417,6 +417,12 @@ > <value>3</value> > </enum> > </gic> > + <sev> > + <pdh> </pdh> > + <cert-chain> </cert-chain> > + <cbitpos> </cbitpos> > + <reduced-phys-bits> </reduced-phys-bits> > + </sev> > </features> > </domainCapabilities> > </pre> > @@ -441,5 +447,39 @@ > <code>gic</code> element.</dd> > </dl> > > + <h4><a id="elementsSEV">SEV capabilities</a></h4> > + > + <p>AMD Secure Encrypted Virtualization (SEV) capabilities are exposed under > + the <code>sev</code> element. > + SEV is an extension to the AMD-V architecture which supports running > + virtual machines (VMs) under the control of a hypervisor. When supported, > + guest owner can create a VM whose memory contents will be transparently > + encrypted with a key unique to that VM. > + > + For more details on SEV feature see: > + <a href="https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf"> > + SEV API spec</a> and <a href="http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf"> > + SEV White Paper</a> > + > + </p> > + > + <dl> > + <dt><code>pdh</code></dt> > + <dd>Platform diffie-hellman key, which can be exported to remote entities > + which wish to establish a secure transport context with the SEV platform > + in order to transmit data securely. The key is encoded in base64</dd> > + <dt><code>cert-chain</code></dt> > + <dd> Platform certificate chain -- which includes platform endorsement key > + (PEK), owners certificate authory (OCA) and chip endorsement key (CEK). > + The certificate chain is encoded in base64.</dd> > + <dt><code>cbitpos</code></dt> > + <dd>When memory encryption is enabled, one of the physical address bit > + (aka the C-bit) is utilized to mark if a memory page is protected. The > + C-bit position is Hypervisor dependent.</dd> > + <dt><code>reduced-phys-bits</code></dt> > + <dd>When memory encryption is enabled, we loose certain bits in physical > + address space. The number of bits we loose is hypervisor dependent.</dd> > + </dl> > + > </body> > </html> > diff --git a/docs/schemas/domaincaps.rng b/docs/schemas/domaincaps.rng > index 39053181eb9a..53b33eb83c1f 100644 > --- a/docs/schemas/domaincaps.rng > +++ b/docs/schemas/domaincaps.rng > @@ -173,6 +173,9 @@ > <element name='features'> > <interleave> > <ref name='gic'/> > + <optional> > + <ref name='sev'/> > + </optional> > </interleave> > </element> > </define> > @@ -184,6 +187,23 @@ > </element> > </define> > > + <define name='sev'> > + <element name='sev'> > + <element name='pdh'> > + <data type='string'/> > + </element> > + <element name='cert-chain'> > + <data type='string'/> > + </element> > + <element name='cbitpos'> > + <data type='unsignedInt'/> > + </element> > + <element name='reduced-phys-bits'> > + <data type='unsignedInt'/> > + </element> > + </element> > + </define> > + > <define name='value'> > <zeroOrMore> > <element name='value'> > diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c > index f7d9be50f82d..082065fb4733 100644 > --- a/src/conf/domain_capabilities.c > +++ b/src/conf/domain_capabilities.c > @@ -549,6 +549,25 @@ virDomainCapsFeatureGICFormat(virBufferPtr buf, > FORMAT_EPILOGUE(gic); > } > > +static void > +virDomainCapsFeatureSEVFormat(virBufferPtr buf, > + virSEVCapabilityPtr const sev) > +{ > + if (!sev) > + return; > + > + virBufferAddLit(buf, "<sev supported='yes'>\n"); > + virBufferAdjustIndent(buf, 2); > + virBufferAsprintf(buf, "<cbitpos>%d</cbitpos>\n", sev->cbitpos); > + virBufferAsprintf(buf, "<reduced-phys-bits>%d</reduced-phys-bits>\n", > + sev->reduced_phys_bits); > + virBufferAsprintf(buf, "<pdh>%s</pdh>\n", sev->pdh); > + virBufferAsprintf(buf, "<cert-chain>%s</cert-chain>\n", > + sev->cert_chain); I wonder what length 'cert_chain' is going to be typically ? I hope we don't cause ourselves any trouble by having the data inline in the main capabilities XML ? > + virBufferAdjustIndent(buf, -2); > + virBufferAddLit(buf, "</sev>\n"); > +} > + > > char * > virDomainCapsFormat(virDomainCapsPtr const caps) > @@ -587,6 +606,7 @@ virDomainCapsFormat(virDomainCapsPtr const caps) > virBufferAdjustIndent(&buf, 2); > > virDomainCapsFeatureGICFormat(&buf, &caps->gic); > + virDomainCapsFeatureSEVFormat(&buf, caps->sev); > > virBufferAdjustIndent(&buf, -2); > virBufferAddLit(&buf, "</features>\n"); > diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h > index 83d04d4c8506..2239566105fd 100644 > --- a/src/conf/domain_capabilities.h > +++ b/src/conf/domain_capabilities.h > @@ -170,6 +170,7 @@ struct _virDomainCaps { > /* add new domain devices here */ > > virDomainCapsFeatureGIC gic; > + virSEVCapabilityPtr sev; > /* add new domain features here */ > }; > > diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c > index 68e3622a3963..f56e88032c06 100644 > --- a/src/qemu/qemu_capabilities.c > +++ b/src/qemu/qemu_capabilities.c > @@ -5975,6 +5975,8 @@ virQEMUCapsFillDomainCaps(virCapsPtr caps, > virQEMUCapsFillDomainDeviceHostdevCaps(qemuCaps, hostdev) < 0 || > virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps) < 0) > return -1; > + > + domCaps->sev = qemuCaps->sevCapabilities; > return 0; > } Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list