----- Original message -----
From: Greg Kurz <address@hidden>
To: "Dr. David Alan Gilbert" <address@hidden>
Cc: David Gibson <address@hidden>, address@hidden, address@hidden, address@hidden, address@hidden, address@hidden
Subject: [EXTERNAL] Re: [PATCH] spapr: Add capability for Secure (PEF) VMs
Date: Tue, May 5, 2020 2:11 AM
On Tue, 5 May 2020 09:17:19 +0100
"Dr. David Alan Gilbert" <address@hidden> wrote:
>> * David Gibson (address@hidden) wrote:
>> > On Fri, May 01, 2020 at 04:02:49PM +1000, David Gibson wrote:
>> > > Recent POWER9 machines have a system called PEF (Protected Execution
..snip....
>> > >
>> > > Signed-off-by: David Gibson <address@hidden>
>> >
>> > Hm, so. I'm reconsidering this. I'm thinking I should probably try
>> > to make this configuration more like what AMD SEV does, since this is
>> > a very similar functionality.
>>
>> Other than setting the 'we support PEF' flag, is there anything else
>> you're going to have to do - for example with SEV there's stuff to pass
>> a block of data and to do attestations and .... it's not just setting a
>> flag; but my understanding of PEF it's more driven from the guest.
>>
>Yeah, PEF is controlled by a small FW called ultravisor and driven by
>the guest. Here's a high level view:
>https://santoshs.github.io/images/ultra.png
>QEMU doesn't interact directly with the ultravisor, but KVM HV does.
>It has a KVM_CAP_PPC_SECURE_GUEST capability which can be used by
>QEMU to authorize/forbid the VM to be secure. Also when the VM is
>reset, QEMU needs to invoke a KVM_PPC_SVM_OFF ioctl for housekeeping
>purposes.
Correct.
And to elaborate Dr David's point on the attestation piece --
In the case of PEF, unlike SEV, the attestation is driven
from within the VM on PEF systems. When the VM decides to switch from normal VM to secureVM, the attestation
of the VM is triggered. Only on successful attestation, the VM is switched to SecureVM mode.
Qemu/KVM has no active role to play in the attestation.
RP
> --
> Dr. David Alan Gilbert / address@hidden / Manchester, UK
>