ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sev/i386: add command to encrypt guest memory region 

The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory
region using the VM Encryption Key created using LAUNCH_START.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Brijesh Singh 2018-03-08 06:48:49 -06:00 committed by Paolo Bonzini
parent 620fd55c24
commit b738d6300d
2 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
target/i386/sev.c
View File

@ -105,6 +105,13 @@ fw_error_to_str(int code)
return sev_fw_errlist[code]; return sev_fw_errlist[code];
} }
static bool
sev_check_state(SevState state)
{
assert(sev_state);
return sev_state->state == state ? true : false;
}
static void static void
sev_set_guest_state(SevState new_state) sev_set_guest_state(SevState new_state)
{ {
@ -486,6 +493,29 @@ sev_launch_start(SEVState *s)
return 0; return 0;
} }
static int
sev_launch_update_data(uint8_t *addr, uint64_t len)
{
int ret, fw_error;
struct kvm_sev_launch_update_data update;
if (!addr || !len) {
return 1;
}
update.uaddr = (__u64)(unsigned long)addr;
update.len = len;
trace_kvm_sev_launch_update_data(addr, len);
ret = sev_ioctl(sev_state->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA,
&update, &fw_error);
if (ret) {
error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'",
__func__, ret, fw_error, fw_error_to_str(fw_error));
}
return ret;
}
void * void *
sev_guest_init(const char *id) sev_guest_init(const char *id)
{ {
@ -571,6 +601,19 @@ err:
return NULL; return NULL;
} }
int
sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len)
{
assert(handle);
/* if SEV is in update state then encrypt the data else do nothing */
if (sev_check_state(SEV_STATE_LAUNCH_UPDATE)) {
return sev_launch_update_data(ptr, len);
}
return 0;
}
static void static void
sev_register_types(void) sev_register_types(void)
{ {

1
target/i386/trace-events
View File

@ -12,3 +12,4 @@ kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%zu"
kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%zu" kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%zu"
kvm_sev_change_state(const char *old, const char *new) "%s -> %s" kvm_sev_change_state(const char *old, const char *new) "%s -> %s"
kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p" kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x session %p pdh %p"
kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64