On Thu, 14 Jan 2021 10:58:01 +1100 David Gibson <david@xxxxxxxxxxxxxxxxxxxxx> wrote: > When AMD's SEV memory encryption is in use, flash memory banks (which are > initialed by pc_system_flash_map()) need to be encrypted with the guest's > key, so that the guest can read them. > > That's abstracted via the kvm_memcrypt_encrypt_data() callback in the KVM > state.. except, that it doesn't really abstract much at all. > > For starters, the only called is in code specific to the 'pc' family of s/called/call site/ > machine types, so it's obviously specific to those and to x86 to begin > with. But it makes a bunch of further assumptions that need not be true > about an arbitrary confidential guest system based on memory encryption, > let alone one based on other mechanisms: > > * it assumes that the flash memory is defined to be encrypted with the > guest key, rather than being shared with hypervisor > * it assumes that that hypervisor has some mechanism to encrypt data into > the guest, even though it can't decrypt it out, since that's the whole > point > * the interface assumes that this encrypt can be done in place, which > implies that the hypervisor can write into a confidential guests's > memory, even if what it writes isn't meaningful > > So really, this "abstraction" is actually pretty specific to the way SEV > works. So, this patch removes it and instead has the PC flash > initialization code call into a SEV specific callback. > > Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx> > --- > accel/kvm/kvm-all.c | 31 ++----------------------------- > accel/kvm/sev-stub.c | 9 ++------- > accel/stubs/kvm-stub.c | 10 ---------- > hw/i386/pc_sysfw.c | 17 ++++++----------- > include/sysemu/kvm.h | 16 ---------------- > include/sysemu/sev.h | 4 ++-- > target/i386/sev-stub.c | 5 +++++ > target/i386/sev.c | 24 ++++++++++++++---------- > 8 files changed, 31 insertions(+), 85 deletions(-) Reviewed-by: Cornelia Huck <cohuck@xxxxxxxxxx>
