qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [RFC PATCH v3 00/18] x86: Secure Encrypted Virtualization (

From: Brijesh Singh
Subject: [Qemu-devel] [RFC PATCH v3 00/18] x86: Secure Encrypted Virtualization (AMD)
Date: Tue, 1 Nov 2016 11:51:49 -0400
User-agent: StGit/0.17.1-dirty 
This RFC series provides support for AMD's new Secure Encrypted 
Virtualization (SEV) feature. This RFC is based KVM RFC [1].

SEV is an extension to the AMD-V architecture which supports running
multiple VMs under the control of a hypervisor. The SEV feature allows
the memory contents of a virtual machine (VM) to be transparently encrypted
with a key unique to the guest VM. The memory controller contains a
high performance encryption engine which can be programmed with multiple
keys for use by a different VMs in the system. The programming and
management of these keys is handled by the AMD Secure Processor firmware
which exposes a commands for these tasks.

SEV is designed to protect guest VMs from a benign but vulnerable
(i.e. not fully malicious) hypervisor. In particular, it reduces the attack
surface of guest VMs and can prevent certain types of VM-escape bugs
(e.g. hypervisor read-anywhere) from being used to steal guest data.

The KVM RFC introduced a new ioctl (KVM_SEV_ISSUE_CMD) which can be
used by qemu to enable SEV for secure guest and assist performing common
hypervisor activities such as a launching, running, snapshooting, migration
and debugging a guests data.


The following links provide additional details:

AMD Memory Encryption whitepaper:
 
http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf

AMD64 Architecture Programmer's Manual:
    http://support.amd.com/TechDocs/24593.pdf
    SME is section 7.10
    SEV is section 15.34

Secure Encrypted Virutualization Key Management:
http://support.amd.com/TechDocs/55766_SEV-KM API_Spec.pdf

KVM Forum slides:
http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf

KVM RFC link:

[1] http://marc.info/?l=kvm&m=147191038624432&w=2

Video of the KVM Forum Talk:
https://www.youtube.com/watch?v=RcvQ1xN55Ew

---

The patch series implements booting SEV guest from unencrypted boot images
(BIOS, kernel, and initrd) received from the guest owner. In first phase 
we ignore the guest policy, key-sharing and measurements etc. Will extend
this later once the first part is reviewed and merged.

Based on feedback from Paolo, I have looked into integrating SEV support in
OVMF/EDK2 BIOS and will start discussion on edk2 mailing list.

The patches are based on (8ff7fd8)

Changes since v2:
- rename ram_ops to ram_debug_ops
- use '-' rather than '_' when adding new member in KvmInfo struct
- update sev object to use link properties when referencing other objects
- use ldq_phys_debug in tlb_info_64 and mem_info_64.
- remove sev-guest-policy object, we will revisit it after basic SEV
  guest support is merged.
- remove kernel API from doc and add SEV guest LAUNCH model. The doc will
  be updated as we integerate the remaining SEV APIs.

Changes since v1:
- Added Documentation
- Added security-policy object.
- Drop sev config parsing support and create new objects to get/set SEV
  specific parameters
- Added sev-guest-info object.
- Added sev-launch-info object.
- Added kvm_memory_encrytion_* APIs. The idea behind this was to allow adding
  a non SEV memory encrytion object without modifying interfaces.
- Drop patch to load OS image at fixed location.
- updated LAUNCH_FINISH command structure. Now the structure contains
  just 'measurement' field. Other fields are not used and will also be removed
  from newer SEV firmware API spec.

TODO:
- integrate SEV SEND_* command in vmsave code path.
- integerate SEV RECEIVE_* command in vm restore code path.
- virtio support in SEV guest.
- Integrate SEV SEND and RECEIVE command in live migration.

Brijesh Singh (18):
      memattrs: add debug attrs
      exec: add guest RAM read and write ops
      exec: add debug version of physical memory read and write apis
      monitor: use debug version of memory access apis
      core: add new security-policy object
      kvm: add memory encryption APIs
      sev: add Secure Encrypted Virtulization (SEV) support
      hmp: display memory encryption support in 'info kvm'
      core: loader: create memory encryption context before copying data
      sev: add LAUNCH_START command
      sev: add LAUNCH_UPDATE command
      sev: add LAUNCH_FINISH command
      sev: add DEBUG_DECRYPT command
      sev: add DEBUG_ENCRYPT command
      i386: register memory encryption ops
      target-i386: add cpuid Fn8000_001f
      i386: clear C-bit in SEV guest page table walk
      migration: disable save/restore and migration on SEV guest


 Makefile.target                  |    2 
 cpus.c                           |    2 
 disas.c                          |    2 
 docs/amd-memory-encryption.txt   |  153 +++++++++++
 exec.c                           |   94 ++++++-
 hmp.c                            |    2 
 hw/core/Makefile.objs            |    1 
 hw/core/loader.c                 |   22 ++
 hw/core/machine.c                |   22 ++
 hw/core/security-policy.c        |  166 ++++++++++++
 hw/i386/pc.c                     |    7 +
 hw/i386/pc_sysfw.c               |    4 
 include/exec/cpu-common.h        |   15 +
 include/exec/memattrs.h          |    4 
 include/exec/memory.h            |   25 ++
 include/hw/boards.h              |    1 
 include/sysemu/kvm.h             |    8 +
 include/sysemu/security-policy.h |   75 +++++
 include/sysemu/sev.h             |  112 ++++++++
 kvm-all.c                        |   90 ++++++
 migration/migration.c            |    7 +
 migration/savevm.c               |   11 +
 monitor.c                        |    2 
 qapi-schema.json                 |    5 
 qemu-options.hx                  |   55 ++++
 qmp.c                            |    1 
 sev.c                            |  528 ++++++++++++++++++++++++++++++++++++++
 target-i386/cpu.c                |    6 
 target-i386/helper.c             |   37 ++-
 target-i386/monitor.c            |   80 ++++--
 30 files changed, 1494 insertions(+), 45 deletions(-)
 create mode 100644 docs/amd-memory-encryption.txt
 create mode 100644 hw/core/security-policy.c
 create mode 100644 include/sysemu/security-policy.h
 create mode 100644 include/sysemu/sev.h
 create mode 100644 sev.c

-- 

Brijesh Singh
reply via email to
[Prev in Thread] Current Thread [Next in Thread]