Hi Daniel and Peter. Any feedback on the series ? -Brijesh On 3/14/18 10:44 AM, Brijesh Singh wrote: > The patch series is test with QEMU recent pull which includes SEV support: > > https://lists.gnu.org/archive/html/qemu-devel/2018-03/msg03826.html > > This patch series provides support for launching an encrypted guest using > AMD's new Secure Encrypted Virtualization (SEV) feature. > > SEV is an extension to the AMD-V architecture which supports running > multiple VMs under the control of a hypervisor. When enabled, SEV feature > allows the memory contents of a virtual machine (VM) to be transparently > encrypted with a key unique to the guest VM. > > At very high level the flow looks this: > > 1. mgmt tool calls virConnectGetDomainCapabilities. This returns an XML document > that includes the following > > <feature> > ... > <sev supported='yes'> > <cbitpos> </cbitpos> > <reduced-phys-bits> </reduced-phys-bits> > <pdh> </pdh> > <cert-chain> </cert-chain> > </feature> > > If <sev> is provided then we indicate that hypervisor is capable of launching > SEV guest. > > 2. (optional) mgmt tool can provide the PDH and Cert-chain to guest owner in case > if guest owner wish to establish a secure connection with SEV firmware to > negotiate a key used for validating the measurement. > > 3. mgmt tool requests to start a guest calling virCreateXML(), passing VIR_DOMAIN_START_PAUSED. > The xml would include > > <launch-security type='sev'> > <cbitpos> </cbitpos> /* the value is same as what is obtained via virConnectGetDomainCapabilities() > <reduced-phys-bits> </reduced-phys-bits> /* the value is same as what is obtained via virConnectGetDomainCapabilities() > <dh-cert> .. </dh> /* guest owners diffie-hellman key */ (optional) > <session> ..</session> /* guest owners session blob */ (optional) > <policy> ..</policy> /* guest policy */ (optional) > > 4. Libvirt generate the QEMU cli arg to enable the SEV feature, a typical > args looks like this: > > # $QEMU .. > -machine memory-encryption=sev0 \ > -object sev-guest,id=sev0,dh-cert-file=<file>.... > > 5. Libvirt generates lifecycle VIR_DOMAIN_EVENT_SUSPENDED_PAUSED event > > 6. mgmt tool gets the VIR_DOMAIN_EVENT_SUSPENDED_PAUSED and calls virDomainGetLaunchSecretInfo() > to retrieve the measurement of encrypted memory. > > 7. (optional) mgmt tool can provide the measurement value to guest owner, which can > validate the measurement and gives GO/NO-GO answer. If mgmt tool gets GO then > it resumes the guest otherwise it calls destroy() to kill the guest. > > 8. mgmt tool resumes the guest > > TODO: > * SEV guest require to use DMA apis for the virtio devices. In order to use the DMA > apis the virtio devices must have this tag > > <driver iommu=on ats=on> > > It is a bit unclear to me where these changes need to go. Do we need to > modify the libvirt to automatically add these when SEV is enabled or > we ask mgmt tool to make sure that it creates XML with right tag to enable > the DMA APIs for virtio devices. I am looking for some suggestions. > > Using these patches we have succesfully booted and tested a guest both with and > without SEV enabled. > > SEV Firmware API spec is available at: > https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf > > Changes since v2: > * make cbitpos, policy and reduced-phys-bits as unsigned int > * update virDomainGetLaunchSecurityInfo to accept virTypedParameterPtr *params > instead of virTypedParameterPtr params. > > Changes since v1: > * rename <sev> -> <launch-security> for domain > * add more information about policy and other fields in domaincaps.html > * split the domain_conf support in two patches > * add virDomainGetLaunchInfo() to retrieve the SEV measurement > * extend virsh command to show the domain's launch security information > * add test cases to validate newly added <launch-security> element > * fix issues reported with 'make check' and 'make syntax-check' > > The complete git tree is available at: > https://github.com/codomania/libvirt/tree/v3 > > > Brijesh Singh (8): > qemu: provide support to query the SEV capability > qemu: introduce SEV feature in hypervisor capabilities > conf: introduce launch-security element in domain > qemu: add support to launch SEV guest > libvirt: add new public API to get launch security info > remote: implement the remote protocol for launch security > qemu_driver: add support to launch security info > virsh: implement new command for launch security > > Xiaogang Chen (1): > tests: extend tests to include sev specific tag parsing > > docs/formatdomain.html.in | 120 ++++++++++++++++++++++++++++++++++++ > docs/formatdomaincaps.html.in | 40 ++++++++++++ > docs/schemas/domaincaps.rng | 20 ++++++ > docs/schemas/domaincommon.rng | 39 ++++++++++++ > include/libvirt/libvirt-domain.h | 17 +++++ > src/conf/domain_capabilities.c | 20 ++++++ > src/conf/domain_capabilities.h | 14 +++++ > src/conf/domain_conf.c | 110 +++++++++++++++++++++++++++++++++ > src/conf/domain_conf.h | 26 ++++++++ > src/driver-hypervisor.h | 7 +++ > src/libvirt-domain.c | 48 +++++++++++++++ > src/libvirt_public.syms | 5 ++ > src/qemu/qemu_capabilities.c | 40 ++++++++++++ > src/qemu/qemu_capabilities.h | 1 + > src/qemu/qemu_capspriv.h | 4 ++ > src/qemu/qemu_command.c | 35 +++++++++++ > src/qemu/qemu_driver.c | 66 ++++++++++++++++++++ > src/qemu/qemu_monitor.c | 17 +++++ > src/qemu/qemu_monitor.h | 6 ++ > src/qemu/qemu_monitor_json.c | 105 +++++++++++++++++++++++++++++++ > src/qemu/qemu_monitor_json.h | 5 ++ > src/qemu/qemu_process.c | 58 +++++++++++++++++ > src/remote/remote_daemon_dispatch.c | 47 ++++++++++++++ > src/remote/remote_driver.c | 42 ++++++++++++- > src/remote/remote_protocol.x | 20 +++++- > src/remote_protocol-structs | 11 ++++ > tests/genericxml2xmlindata/sev.xml | 20 ++++++ > tests/genericxml2xmloutdata/sev.xml | 22 +++++++ > tests/genericxml2xmltest.c | 2 + > tests/qemuxml2argvdata/sev.args | 24 ++++++++ > tests/qemuxml2argvdata/sev.xml | 35 +++++++++++ > tests/qemuxml2argvtest.c | 2 + > tests/qemuxml2xmloutdata/sev.xml | 39 ++++++++++++ > tests/qemuxml2xmltest.c | 2 + > tools/virsh-domain.c | 84 +++++++++++++++++++++++++ > 35 files changed, 1151 insertions(+), 2 deletions(-) > create mode 100644 tests/genericxml2xmlindata/sev.xml > create mode 100644 tests/genericxml2xmloutdata/sev.xml > create mode 100644 tests/qemuxml2argvdata/sev.args > create mode 100644 tests/qemuxml2argvdata/sev.xml > create mode 100644 tests/qemuxml2xmloutdata/sev.xml > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
