These patches implement SEV-SNP base support along with CPUID enforcement support for QEMU, and are also available at: https://github.com/pagupta/qemu/tree/snp_v4 Latest version of kvm changes are posted here [2] and also queued in kvm/next. Patch Layout ------------ 01-03: 'error_setg' independent fix, kvm/next header sync & patch from Xiaoyao's TDX v5 patchset. 04-29: Introduction of sev-snp-guest object and various configuration requirements for SNP. Support for creating a cryptographic "launch" context and populating various OVMF metadata pages, BIOS regions, and vCPU/VMSA pages with the initial encrypted/measured/validated launch data prior to launching the SNP guest. 30-31: Handling for KVM_HC_MAP_GPA_RANGE hypercall for userspace VMEXIT. Testing ------- This series has been tested against the kvm/next tree and the AMDSEV tree [1]. [1] https://github.com/AMDESE/linux/commits/snp-host-latest/ Below version of OVMF is used to test the changes. https://github.com/mdroth/edk2/commits/apic-mmio-fix1d/ A basic command-line invocation for SNP would be: qemu-system-x86_64 -smp 32,maxcpus=255 -cpu EPYC-Milan-v2 -machine q35,confidential-guest-support=sev0,memory-backend=ram1 -object memory-backend-memfd,id=ram1,size=4G,share=true,reserve=false -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,id-auth= -bios OVMF_CODE-upstream-20240410-apic-mmio-fix1d-AmdSevX64.fd With kernel-hashing and certificate data supplied: qemu-system-x86_64 -smp 32,maxcpus=255 -cpu EPYC-Milan-v2 -machine q35,confidential-guest-support=sev0,memory-backend=ram1 -object memory-backend-memfd,id=ram1,size=4G,share=true,reserve=false -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,id-auth=,kernel-hashes=on -bios OVMF_CODE-upstream-20240410-apic-mmio-fix1d-AmdSevX64.fd -kernel /boot/vmlinuz-$ver -initrd /boot/initrd.img-$ver -append "root=UUID=d72a6d1c-06cf-4b79-af43-f1bac4f620f9 ro console=ttyS0,115200n8" With standard X64 OVMF package with separate image for persistent NVRAM: qemu-system-x86_64 -smp 32,maxcpus=255 -cpu EPYC-Milan-v2 -machine q35,confidential-guest-support=sev0,memory-backend=ram1 -object memory-backend-memfd,id=ram1,size=4G,share=true,reserve=false -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,id-auth= -bios OVMF_CODE-upstream-20240410-apic-mmio-fix1d.fd -drive if=pflash,format=raw,unit=0,file=OVMF_VARS-upstream-20240410-apic-mmio-fix1d.fd,readonly=off: Any comments/feedback would be very much appreciated. [2] https://lore.kernel.org/all/20240501085210.2213060-1-michael.roth@xxxxxxx/ -------------- Changes since rfc3: - added class methods (SEV & SNP) for functions changes suggested in RFC v3: launch_start(), launch_update_data(), launch_finish(), kvm_init(), kvm_type() (Paolo) - improved qom.json, query-sev QAPI text suggestions (Daniel & Markus). - moved 'pc_system_parse_sev_metadata' to 'target/i386/sev.c' (Isaku). - moved SNP specific methods (set guest_mem_fd, no smm check, no disable block discard) to sev_snp_kvm_init(). - squashed qapi changes for SecCommonProperties into 'sev-guest-common' patch (Daniel, Markus) - made legacy bios support to SNP only. - switch to using KVM_HC_MAP_GPA_RANGE to handle page-state change requests rather than directly processing GHCB page-state change buffer - drop attestation certificate support, will revisit once the KVM_EXIT_* event mechanism is finalized - sync headers with kvm/next, which now contains base KVM SNP support - some more fixes including missing 'return', length checks, monitor logs improvements. (Daniel, Markus) Changes since rfc2: - reworked on top of guest_memfd support - added handling for various KVM_EXIT_VMGEXIT events - various changes/considerations for PCI passthrough support - general bugfixes/hardening/cleanups - qapi cmdline doc fixes/rework (Dov, Markus) - switch to qbase64_decode, more error-checking for cmdline opts (Dov) - unset id_block_en for 0 input (Dov) - use error_setg in snp init (Dov) - report more info in trace_kvm_sev_init (Dov) - rework bounds-checking for kvm_cpuid_info, rework existing checks for readability, add additional checks (Dov) - fixups for validated_ranges handling (Dov) - rename 'policy' field to 'snp-policy' in query-sev when sev-type is SNP Changes since rfc1: - rebased onto latest master - drop SNP config file in favor of a new 'sev-snp-guest' object where all SNP-related params are passed as strings/integers via command-line - report specific error if BIOS reports invalid address/len for reserved/pre-validated regions (Connor) - use Range helpers for handling validated region overlaps (Dave) - simplify error handling in sev_snp_launch_start, and report the correct return code when handling LAUNCH_START failures (Dov) - add SEV-SNP bit to CPUID 0x8000001f when SNP enabled - updated query-sev to handle differences between SEV and SEV-SNP - updated to work against v5 of SEV-SNP host kernel / hypervisor patches Brijesh Singh (6): i386/sev: Introduce 'sev-snp-guest' object i386/sev: Add the SNP launch start context i386/sev: Add handling to encrypt/finalize guest launch data hw/i386/sev: Add function to get SEV metadata from OVMF header i386/sev: Add support for populating OVMF metadata pages hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled Dov Murik (3): i386/sev: Extract build_kernel_loader_hashes i386/sev: Reorder struct declarations i386/sev: Allow measured direct kernel boot on SNP Michael Roth (12): i386/sev: Introduce "sev-common" type to encapsulate common SEV state i386/sev: Add a sev_snp_enabled() helper i386/cpu: Set SEV-SNP CPUID bit when SNP enabled i386/sev: Don't return launch measurements for SEV-SNP guests i386/sev: Update query-sev QAPI format to handle SEV-SNP i386/sev: Set CPU state to protected once SNP guest payload is finalized i386/sev: Add support for SNP CPUID validation hw/i386/sev: Use guest_memfd for legacy ROMs hw/i386: Add support for loading BIOS using guest_memfd hw/i386/sev: Allow use of pflash in conjunction with -bios i386/kvm: Add KVM_EXIT_HYPERCALL handling for KVM_HC_MAP_GPA_RANGE i386/sev: Enable KVM_HC_MAP_GPA_RANGE hcall for SNP guests Pankaj Gupta (9): i386/sev: Replace error_report with error_setg linux-headers: Update to current kvm/next i386/sev: Move sev_launch_update to separate class method i386/sev: Move sev_launch_finish to separate class method i386/sev: Add sev_kvm_init() override for SEV class i386/sev: Add snp_kvm_init() override for SNP class i386/sev: Add a class method to determine KVM VM type for SNP guests i386/sev: Invoke launch_updata_data() for SEV class i386/sev: Invoke launch_updata_data() for SNP class Xiaoyao Li (1): memory: Introduce memory_region_init_ram_guest_memfd() docs/system/i386/amd-memory-encryption.rst | 70 +- hw/i386/pc.c | 14 +- hw/i386/pc_sysfw.c | 76 +- hw/i386/x86-common.c | 24 +- include/exec/memory.h | 6 + include/hw/i386/pc.h | 28 + include/hw/i386/x86.h | 2 +- linux-headers/asm-loongarch/bitsperlong.h | 23 + linux-headers/asm-loongarch/kvm.h | 4 + linux-headers/asm-loongarch/mman.h | 9 + linux-headers/asm-riscv/kvm.h | 1 + linux-headers/asm-riscv/mman.h | 36 +- linux-headers/asm-s390/mman.h | 36 +- linux-headers/asm-x86/kvm.h | 52 +- linux-headers/linux/vhost.h | 15 +- qapi/misc-target.json | 72 +- qapi/qom.json | 97 +- system/memory.c | 24 + target/i386/cpu.c | 1 + target/i386/kvm/kvm.c | 55 + target/i386/kvm/kvm_i386.h | 1 + target/i386/kvm/trace-events | 1 + target/i386/sev-sysemu-stub.c | 2 +- target/i386/sev.c | 1588 +++++++++++++++----- target/i386/sev.h | 13 +- target/i386/trace-events | 3 + 26 files changed, 1833 insertions(+), 420 deletions(-) -- 2.34.1
