[PATCH 0/7] x86: Multi-key Total Memory Encryption (Intel)

Larkins Carvalho <larkins.l.carvalho@xxxxxxxxx> · Fri, 17 May 2019 16:55:45 -0700

This patch series provides support for launching an encrypted guest using
Intel's Multi-key Total Memory Encryption (MKTME) feature.

The purpose of this review is to get initial feedback and to get on par with 
libvirt development process.
Considering we have not added tests, this is a preliminary patch 
and based on the community feedback, we expect more updates to follow.

Total Memory Encryption (TME) provides the capability to encrypt the
entirety of the physical memory of a system. MKTME builds on TME and
adds support for multiple encryption keys.

High Level flow:

1. Management tool calls virConnectGetDomainCapabilities which calls virNodeGetMKTMEInfo. 
This returns an XML document that includes the following:

<feature>
...
  <mktme supported='yes'>
    <keys_supported> </keys_supported>
  </mktme>
</feature>

2. If MKTME is supported management tool requests to start a guest calling virCreateXML(). 
The xml would include:

<launchSecurity type='mktme'>
  <id>m0</id>
  <key_type>user</key_type>
  <key>samplekey</key>
  <encryption_algorithm>aes-xts-128</encryption_algorithm>
</launchSecurity>

3. Libvirt makes system call with the provided information to generate a key handle using linux keyring services.
Qemu uses the key handle to launch the workload.

4. Libvirt generate the QEMU cli arg to enable the MKTME feature, a typical
args looks like this:

 # Qemu ...\
  -machine pc,memory-encryption=m0 -object mktme-guest,id=m0,handle=${serial}

Intel MKTME spec: https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf

TODO:
Add tests for launch security of type mktme.

WIP: Qemu and KVM patch to support Intel MKTME are in the process of upstreaming.

The complete git tree is available at:
https://github.com/larkinscarvalho/libvirt/tree/intel-mktme-patch-series

Larkins Carvalho (7):
  qemu: provide support to query the MKTME capability
  conf: Add MKTME feature in domain capabilities
  libvirt: add new public API to get MKTME Info
  remote: implement the remote protocol for virNodeMKTMEInfo()
  qemu: Add support to get the MKTME info
  conf: introduce launchSecurity element type mktme in domain
  qemu: add support to launch MKTME guest

 docs/formatdomain.html.in                     |   64 +-
 docs/formatdomaincaps.html.in                 |   20 +
 docs/schemas/domaincaps.rng                   |   14 +
 docs/schemas/domaincommon.rng                 |   87 +-
 include/libvirt/libvirt-host.h                |   18 +
 src/conf/domain_capabilities.c                |   30 +
 src/conf/domain_capabilities.h                |   12 +
 src/conf/domain_conf.c                        |  112 +-
 src/conf/domain_conf.h                        |   14 +
 src/conf/virconftypes.h                       |    3 +
 src/driver-hypervisor.h                       |    7 +
 src/libvirt-host.c                            |   49 +
 src/libvirt_private.syms                      |    4 +
 src/libvirt_public.syms                       |    5 +
 src/qemu/qemu_capabilities.c                  |  140 +-
 src/qemu/qemu_capabilities.h                  |    4 +
 src/qemu/qemu_capspriv.h                      |    4 +
 src/qemu/qemu_command.c                       |   40 +
 src/qemu/qemu_driver.c                        |   63 +
 src/qemu/qemu_monitor.c                       |   10 +
 src/qemu/qemu_monitor.h                       |    3 +
 src/qemu/qemu_monitor_json.c                  |   61 +
 src/qemu/qemu_monitor_json.h                  |    3 +
 src/remote/remote_daemon_dispatch.c           |   44 +
 src/remote/remote_driver.c                    |   41 +-
 src/remote/remote_protocol.x                  |   21 +-
 src/remote_protocol-structs                   |   12 +
 src/util/Makefile.inc.am                      |    2 +
 src/util/virmktme.c                           |  127 ++
 src/util/virmktme.h                           |   34 +
 .../bhyve_basic.x86_64.xml                    |    1 +
 .../bhyve_fbuf.x86_64.xml                     |    1 +
 .../bhyve_uefi.x86_64.xml                     |    1 +
 tests/domaincapsschemadata/empty.xml          |    1 +
 tests/domaincapsschemadata/libxl-xenfv.xml    |    1 +
 tests/domaincapsschemadata/libxl-xenpv.xml    |    1 +
 .../qemu_1.7.0.x86_64.xml                     |    1 +
 .../qemu_2.12.0-virt.aarch64.xml              |    1 +
 .../qemu_2.12.0.ppc64.xml                     |    1 +
 .../qemu_2.12.0.s390x.xml                     |    1 +
 .../qemu_2.12.0.x86_64.xml                    |    1 +
 .../qemu_2.6.0-virt.aarch64.xml               |    1 +
 .../qemu_2.6.0.aarch64.xml                    |    1 +
 .../domaincapsschemadata/qemu_2.6.0.ppc64.xml |    1 +
 .../qemu_2.6.0.x86_64.xml                     |    1 +
 .../domaincapsschemadata/qemu_2.7.0.s390x.xml |    1 +
 .../qemu_2.8.0-tcg.x86_64.xml                 |    1 +
 .../domaincapsschemadata/qemu_2.8.0.s390x.xml |    1 +
 .../qemu_2.8.0.x86_64.xml                     |    1 +
 .../qemu_2.9.0-q35.x86_64.xml                 |    1 +
 .../qemu_2.9.0-tcg.x86_64.xml                 |    1 +
 .../qemu_2.9.0.x86_64.xml                     |    1 +
 .../domaincapsschemadata/qemu_3.0.0.s390x.xml |    1 +
 .../qemu_3.1.0.x86_64.xml                     |    1 +
 .../domaincapsschemadata/qemu_4.0.0.s390x.xml |    1 +
 .../qemu_4.0.0.x86_64.xml                     |    1 +
 .../qemu_5.3.0.x86_64.xml                     |  164 ++
 tests/domaincapstest.c                        |    5 +
 .../caps_5.3.0.x86_64.xml                     | 1377 +++++++++++++++++
 59 files changed, 2579 insertions(+), 41 deletions(-)
 create mode 100644 src/util/virmktme.c
 create mode 100644 src/util/virmktme.h
 create mode 100644 tests/domaincapsschemadata/qemu_5.3.0.x86_64.xml
 create mode 100644 tests/qemucapabilitiesdata/caps_5.3.0.x86_64.xml

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list