[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [RFC PATCH v2 08/16] core: loader: create memory encryption
From: |
Brijesh Singh |
Subject: |
[Qemu-devel] [RFC PATCH v2 08/16] core: loader: create memory encryption context before copying data |
Date: |
Thu, 22 Sep 2016 10:53:10 -0400 |
User-agent: |
StGit/0.17.1-dirty |
During system boot, rom_reset copies bios binary from internal PC.BIOS
ROM to guest RAM (PC.RAM).
If memory encryption is enabled then we need to ensure that encryption
context is created before we start the copy process. When encryption is
enabled any data copy from PC.BIOS ROM to guest RAM will go through the
encryption routines which will encrypt the data as it copies into guest
memory. Similarly after we are done with copying destory the encryption
context.
Signed-off-by: Brijesh Singh <address@hidden>
---
hw/core/loader.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/hw/core/loader.c b/hw/core/loader.c
index 53e0e41..6e0be34 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -55,6 +55,7 @@
#include "exec/address-spaces.h"
#include "hw/boards.h"
#include "qemu/cutils.h"
+#include "sysemu/kvm.h"
#include <zlib.h>
@@ -997,6 +998,13 @@ static void rom_reset(void *unused)
{
Rom *rom;
+ /* create the memory encryption context before we copy any data
+ * from internal ROM to guest RAM.
+ */
+ if (kvm_memory_encryption_enabled()) {
+ kvm_memory_encryption_start();
+ }
+
QTAILQ_FOREACH(rom, &roms, next) {
if (rom->fw_file) {
continue;
@@ -1024,6 +1032,11 @@ static void rom_reset(void *unused)
*/
cpu_flush_icache_range(rom->addr, rom->datasize);
}
+
+ /* delete the memory encryption context after we are done with copying */
+ if (kvm_memory_encryption_enabled()) {
+ kvm_memory_encryption_finish();
+ }
}
int rom_check_and_register_reset(void)
- Re: [Qemu-devel] [RFC PATCH v2 02/16] exec: add guest RAM read and write ops, (continued)
- [Qemu-devel] [RFC PATCH v2 03/16] exec: add debug version of physical memory read and write apis, Brijesh Singh, 2016/09/22
- [Qemu-devel] [RFC PATCH v2 04/16] monitor: use debug version of memory access apis, Brijesh Singh, 2016/09/22
- [Qemu-devel] [RFC PATCH v2 05/16] core: add new security-policy object, Brijesh Singh, 2016/09/22
- [Qemu-devel] [RFC PATCH v2 06/16] sev: add Secure Encrypted Virtulization (SEV) support, Brijesh Singh, 2016/09/22
- [Qemu-devel] [RFC PATCH v2 07/16] hmp: display memory encryption support in 'info kvm', Brijesh Singh, 2016/09/22
- [Qemu-devel] [RFC PATCH v2 08/16] core: loader: create memory encryption context before copying data,
Brijesh Singh <=
- [Qemu-devel] [RFC PATCH v2 09/16] sev: add LAUNCH_START command, Brijesh Singh, 2016/09/22
- [Qemu-devel] [RFC PATCH v2 10/16] sev: add LAUNCH_UPDATE command, Brijesh Singh, 2016/09/22
- [Qemu-devel] [RFC PATCH v2 11/16] sev: add LAUNCH_FINISH command, Brijesh Singh, 2016/09/22
- [Qemu-devel] [RFC PATCH v2 12/16] sev: add DEBUG_DECRYPT command, Brijesh Singh, 2016/09/22
- [Qemu-devel] [RFC PATCH v2 13/16] sev: add DEBUG_ENCRYPT command, Brijesh Singh, 2016/09/22
- [Qemu-devel] [RFC PATCH v2 14/16] i386: set memory encryption ops for PC.BIOS and PC.RAM regions, Brijesh Singh, 2016/09/22
- [Qemu-devel] [RFC PATCH v2 15/16] target-i386: add cpuid Fn8000_001f, Brijesh Singh, 2016/09/22
- [Qemu-devel] [RFC PATCH v2 16/16] i386: clear C-bit in SEV guest page table walk, Brijesh Singh, 2016/09/22
- Re: [Qemu-devel] [RFC PATCH v2 00/16] x86: Secure Encrypted Virtualization (AMD), no-reply, 2016/09/22
- Re: [Qemu-devel] [RFC PATCH v2 00/16] x86: Secure Encrypted Virtualization (AMD), no-reply, 2016/09/22