[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v9 20/29] hw/i386: set ram_debug_ops when memory enc
From: |
Brijesh Singh |
Subject: |
[Qemu-devel] [PATCH v9 20/29] hw/i386: set ram_debug_ops when memory encryption is enabled |
Date: |
Thu, 15 Feb 2018 09:39:46 -0600 |
When memory encryption is enabled, the guest RAM and boot flash ROM will
contain the encrypted data. By setting the debug ops allow us to invoke
encryption APIs when accessing the memory for the debug purposes.
Cc: Paolo Bonzini <address@hidden>
Cc: Richard Henderson <address@hidden>
Cc: Eduardo Habkost <address@hidden>
Cc: "Michael S. Tsirkin" <address@hidden>
Signed-off-by: Brijesh Singh <address@hidden>
---
hw/i386/pc.c | 9 +++++++++
hw/i386/pc_sysfw.c | 6 ++++++
2 files changed, 15 insertions(+)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 55e69d66fe6f..53ddecef369c 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1360,6 +1360,15 @@ void pc_memory_init(PCMachineState *pcms,
e820_add_entry(0x100000000ULL, pcms->above_4g_mem_size, E820_RAM);
}
+ /*
+ * When memory encryption is enabled, the guest RAM will be encrypted with
+ * a guest unique key. Set the debug ops so that any debug access to the
+ * guest RAM will go through the memory encryption APIs.
+ */
+ if (kvm_memcrypt_enabled()) {
+ kvm_memcrypt_set_debug_ops(ram);
+ }
+
if (!pcmc->has_reserved_memory &&
(machine->ram_slots ||
(machine->maxram_size > machine->ram_size))) {
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
index 73ac783f2055..845240f97293 100644
--- a/hw/i386/pc_sysfw.c
+++ b/hw/i386/pc_sysfw.c
@@ -181,6 +181,12 @@ static void pc_system_flash_init(MemoryRegion *rom_memory)
error_report("failed to encrypt pflash rom");
exit(1);
}
+
+ /*
+ * The pflash ROM is encrypted, set the debug ops so that any
+ * debug accesses will use memory encryption APIs.
+ */
+ kvm_memcrypt_set_debug_ops(flash_mem);
}
}
}
--
2.14.3
- [Qemu-devel] [PATCH v9 07/29] docs: add AMD Secure Encrypted Virtualization (SEV), (continued)
- [Qemu-devel] [PATCH v9 07/29] docs: add AMD Secure Encrypted Virtualization (SEV), Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 09/29] qmp: add query-sev command, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 10/29] sev/i386: add command to initialize the memory encryption context, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 12/29] sev/i386: register the guest memory range which may contain encrypted data, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 11/29] qmp: populate SevInfo fields with SEV guest information, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 15/29] sev/i386: add command to create launch memory encryption context, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 14/29] hmp: add 'info sev' command, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 13/29] kvm: introduce memory encryption APIs, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 16/29] sev/i386: add command to encrypt guest memory region, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 18/29] sev/i386: add support to LAUNCH_MEASURE command, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 20/29] hw/i386: set ram_debug_ops when memory encryption is enabled,
Brijesh Singh <=
- [Qemu-devel] [PATCH v9 17/29] target/i386: encrypt bios rom, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 19/29] sev/i386: finalize the SEV guest launch flow, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 21/29] sev/i386: add debug encrypt and decrypt commands, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 22/29] target/i386: clear C-bit when walking SEV guest page table, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 25/29] sev/i386: add support to KVM_SEV_GUEST_STATUS, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 23/29] include: add psp-sev.h header file, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 26/29] qmp: add query-sev-launch-measure command, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 27/29] tests/qmp-test: blacklist query-sev-launch-measure command, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 28/29] sev/i386: add migration blocker, Brijesh Singh, 2018/02/15
- [Qemu-devel] [PATCH v9 29/29] cpu/i386: populate CPUID 0x8000_001F when SEV is active, Brijesh Singh, 2018/02/15