On Tue, Jan 12, 2021 at 03:45:05PM +1100, David Gibson wrote:
> Some upcoming POWER machines have a system called PEF (Protected
> Execution Facility) which uses a small ultravisor to allow guests to
> run in a way that they can't be eavesdropped by the hypervisor. The
> effect is roughly similar to AMD SEV, although the mechanisms are
> quite different.
>
> Most of the work of this is done between the guest, KVM and the
> ultravisor, with little need for involvement by qemu. However qemu
> does need to tell KVM to allow secure VMs.
>
> Because the availability of secure mode is a guest visible difference
> which depends on having the right hardware and firmware, we don't
> enable this by default. In order to run a secure guest you need to
> create a "pef-guest" object and set the confidential-guest-support
> property to point to it.
>
> Note that this just *allows* secure guests, the architecture of PEF is
> such that the guest still needs to talk to the ultravisor to enter
> secure mode. Qemu has no directl way of knowing if the guest is in
> secure mode, and certainly can't know until well after machine
> creation time.
>
> To start a PEF-capable guest, use the command line options:
> -object pef-guest,id=pef0 -machine confidential-guest-support=pef0
>
> Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
> ---
> docs/confidential-guest-support.txt | 2 +
> docs/papr-pef.txt | 30 ++++++++
> hw/ppc/meson.build | 1 +
> hw/ppc/pef.c | 115 ++++++++++++++++++++++++++++
> hw/ppc/spapr.c | 10 +++
> include/hw/ppc/pef.h | 26 +++++++
> target/ppc/kvm.c | 18 -----
> target/ppc/kvm_ppc.h | 6 --
> 8 files changed, 184 insertions(+), 24 deletions(-)
> create mode 100644 docs/papr-pef.txt
> create mode 100644 hw/ppc/pef.c
> create mode 100644 include/hw/ppc/pef.h
>
> +static const TypeInfo pef_guest_info = {
> + .parent = TYPE_OBJECT,
> + .name = TYPE_PEF_GUEST,
> + .instance_size = sizeof(PefGuestState),
> + .interfaces = (InterfaceInfo[]) {
> + { TYPE_CONFIDENTIAL_GUEST_SUPPORT },
> + { TYPE_USER_CREATABLE },
> + { }
> + }
> +};
IIUC, the earlier patch defines TYPE_CONFIDENTIAL_GUEST_SUPPORT
as a object, but you're using it as an interface here. The later
s390 patch uses it as a parent, which makes more sense given it
is a declared as an object.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
