[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v5 20/23] hw: i386: set ram_debug_ops when memory en
From: |
Brijesh Singh |
Subject: |
[Qemu-devel] [PATCH v5 20/23] hw: i386: set ram_debug_ops when memory encryption is enabled |
Date: |
Wed, 6 Dec 2017 14:03:43 -0600 |
When memory encryption is enabled, the guest RAM and boot flash ROM will
contain the encrypted data. By setting the debug ops allow us to invoke
encryption APIs when accessing the memory for the debug purposes.
Cc: Paolo Bonzini <address@hidden>
Cc: Richard Henderson <address@hidden>
Cc: Eduardo Habkost <address@hidden>
Cc: "Michael S. Tsirkin" <address@hidden>
Signed-off-by: Brijesh Singh <address@hidden>
---
hw/i386/pc.c | 9 +++++++++
hw/i386/pc_sysfw.c | 6 ++++++
2 files changed, 15 insertions(+)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 186545d2a4e5..937cf75d5545 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1355,6 +1355,15 @@ void pc_memory_init(PCMachineState *pcms,
e820_add_entry(0x100000000ULL, pcms->above_4g_mem_size, E820_RAM);
}
+ /*
+ * When memory encryption is enabled, the guest RAM will be encrypted with
+ * a guest unique key. Set the debug ops so that any debug access to the
+ * guest RAM will go through the memory encryption APIs.
+ */
+ if (kvm_memcrypt_enabled()) {
+ kvm_memcrypt_set_debug_ops(ram);
+ }
+
if (!pcmc->has_reserved_memory &&
(machine->ram_slots ||
(machine->maxram_size > machine->ram_size))) {
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
index 8ddbbf74d330..3d149b1c9f3c 100644
--- a/hw/i386/pc_sysfw.c
+++ b/hw/i386/pc_sysfw.c
@@ -180,6 +180,12 @@ static void pc_system_flash_init(MemoryRegion *rom_memory)
error_report("failed to encrypt pflash rom");
exit(1);
}
+
+ /*
+ * The pflash ROM is encrypted, set the debug ops so that any
+ * debug accesses will use memory encryption APIs.
+ */
+ kvm_memcrypt_set_debug_ops(flash_mem);
}
}
}
--
2.9.5
- [Qemu-devel] [PATCH v5 10/23] sev: add command to initialize the memory encryption context, (continued)
- [Qemu-devel] [PATCH v5 10/23] sev: add command to initialize the memory encryption context, Brijesh Singh, 2017/12/06
- [Qemu-devel] [PATCH v5 11/23] sev: register the guest memory range which may contain encrypted data, Brijesh Singh, 2017/12/06
- [Qemu-devel] [PATCH v5 12/23] kvm: introduce memory encryption APIs, Brijesh Singh, 2017/12/06
- [Qemu-devel] [PATCH v5 13/23] hmp: display memory encryption support in 'info kvm', Brijesh Singh, 2017/12/06
- [Qemu-devel] [PATCH v5 14/23] sev: add command to create launch memory encryption context, Brijesh Singh, 2017/12/06
- [Qemu-devel] [PATCH v5 15/23] sev: add command to encrypt guest memory region, Brijesh Singh, 2017/12/06
- [Qemu-devel] [PATCH v5 17/23] qapi: add SEV_MEASUREMENT event, Brijesh Singh, 2017/12/06
- [Qemu-devel] [PATCH v5 16/23] target/i386: encrypt bios rom, Brijesh Singh, 2017/12/06
- [Qemu-devel] [PATCH v5 18/23] sev: emit the SEV_MEASUREMENT event, Brijesh Singh, 2017/12/06
- [Qemu-devel] [PATCH v5 19/23] sev: Finalize the SEV guest launch flow, Brijesh Singh, 2017/12/06
- [Qemu-devel] [PATCH v5 20/23] hw: i386: set ram_debug_ops when memory encryption is enabled,
Brijesh Singh <=
- [Qemu-devel] [PATCH v5 21/23] sev: add debug encrypt and decrypt commands, Brijesh Singh, 2017/12/06
- [Qemu-devel] [PATCH v5 23/23] sev: add migration blocker, Brijesh Singh, 2017/12/06
- Re: [Qemu-devel] [PATCH v5 23/23] sev: add migration blocker, Brijesh Singh, 2017/12/07
[Qemu-devel] [PATCH v5 22/23] target/i386: clear C-bit when walking SEV guest page table, Brijesh Singh, 2017/12/06