[RFC kvmtool 13/31] arm64: Add --measurement-algo command line option for a realm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Christoffer Dall <christoffer.dall@xxxxxxx>

Add the command line option to specify the algorithm that will be used
to create the cryptographic measurement of the realm. Valid options are
"sha256" and "sha512". The final measurement will be a hash using the
selected algorithm

Signed-off-by: Christoffer Dall <christoffer.dall@xxxxxxx>
Signed-off-by: Alexandru Elisei <alexandru.elisei@xxxxxxx>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@xxxxxxx>
---
 arm/aarch64/include/kvm/kvm-config-arch.h |  5 ++++-
 arm/aarch64/kvm.c                         | 17 ++++++++++++++++-
 arm/include/arm-common/kvm-arch.h         |  1 +
 arm/include/arm-common/kvm-config-arch.h  |  1 +
 4 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/arm/aarch64/include/kvm/kvm-config-arch.h b/arm/aarch64/include/kvm/kvm-config-arch.h
index d2df850a..b93999b6 100644
--- a/arm/aarch64/include/kvm/kvm-config-arch.h
+++ b/arm/aarch64/include/kvm/kvm-config-arch.h
@@ -23,7 +23,10 @@ int vcpu_affinity_parser(const struct option *opt, const char *arg, int unset);
 	OPT_BOOLEAN('\0', "disable-sve", &(cfg)->disable_sve,		\
 			"Disable SVE"),					\
 	OPT_BOOLEAN('\0', "realm", &(cfg)->is_realm,			\
-			"Create VM running in a realm using Arm RME"),
+			"Create VM running in a realm using Arm RME"),	\
+	OPT_STRING('\0', "measurement-algo", &(cfg)->measurement_algo,	\
+			 "sha256, sha512",				\
+			 "Realm Measurement algorithm, default: sha256"),
 
 #include "arm-common/kvm-config-arch.h"
 
diff --git a/arm/aarch64/kvm.c b/arm/aarch64/kvm.c
index 5db4c572..a5a98b2e 100644
--- a/arm/aarch64/kvm.c
+++ b/arm/aarch64/kvm.c
@@ -53,12 +53,27 @@ static void validate_mem_cfg(struct kvm *kvm)
 
 static void validate_realm_cfg(struct kvm *kvm)
 {
-	if (!kvm->cfg.arch.is_realm)
+	if (!kvm->cfg.arch.is_realm) {
+		if (kvm->cfg.arch.measurement_algo)
+			die("--measurement-algo valid only with --realm");
 		return;
+	}
 
 	if (kvm->cfg.arch.aarch32_guest)
 		die("Realms supported only for 64bit guests");
 
+	if (kvm->cfg.arch.measurement_algo) {
+		if (strcmp(kvm->cfg.arch.measurement_algo, "sha256") == 0)
+			kvm->arch.measurement_algo = KVM_CAP_ARM_RME_MEASUREMENT_ALGO_SHA256;
+		else if (strcmp(kvm->cfg.arch.measurement_algo, "sha512") == 0)
+			kvm->arch.measurement_algo = KVM_CAP_ARM_RME_MEASUREMENT_ALGO_SHA512;
+		else
+			die("unknown realm measurement algorithm");
+	} else {
+		pr_debug("Realm Hash algorithm: Using default SHA256\n");
+		kvm->arch.measurement_algo = KVM_CAP_ARM_RME_MEASUREMENT_ALGO_SHA256;
+	}
+
 	die("Realms not supported");
 }
 
diff --git a/arm/include/arm-common/kvm-arch.h b/arm/include/arm-common/kvm-arch.h
index b2ae373c..68224b1c 100644
--- a/arm/include/arm-common/kvm-arch.h
+++ b/arm/include/arm-common/kvm-arch.h
@@ -113,6 +113,7 @@ struct kvm_arch {
 	u64	dtb_guest_start;
 
 	cpu_set_t *vcpu_affinity_cpuset;
+	u64	measurement_algo;
 };
 
 #endif /* ARM_COMMON__KVM_ARCH_H */
diff --git a/arm/include/arm-common/kvm-config-arch.h b/arm/include/arm-common/kvm-config-arch.h
index 5eb791da..a2faa3af 100644
--- a/arm/include/arm-common/kvm-config-arch.h
+++ b/arm/include/arm-common/kvm-config-arch.h
@@ -6,6 +6,7 @@
 struct kvm_config_arch {
 	const char	*dump_dtb_filename;
 	const char	*vcpu_affinity;
+	const char	*measurement_algo;
 	unsigned int	force_cntfrq;
 	bool		virtio_trans_pci;
 	bool		aarch32_guest;
-- 
2.34.1




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux