Commit 65e38583 authored by Paolo Bonzini's avatar Paolo Bonzini Committed by Radim Krčmář

Merge branch 'sev-v9-p2' of https://github.com/codomania/kvm

This part of Secure Encrypted Virtualization (SEV) patch series focuses on KVM
changes required to create and manage SEV guests.

SEV is an extension to the AMD-V architecture which supports running encrypted
virtual machine (VMs) under the control of a hypervisor. Encrypted VMs have their
pages (code and data) secured such that only the guest itself has access to
unencrypted version. Each encrypted VM is associated with a unique encryption key;
if its data is accessed to a different entity using a different key the encrypted
guest's data will be incorrectly decrypted, leading to unintelligible data.
This security model ensures that hypervisor will no longer able to inspect or
alter any guest code or data.

The key management of this feature is handled by a separate processor known as
the AMD Secure Processor (AMD-SP) which is present on AMD SOCs. The SEV Key
Management Specification (see below) provides a set of commands which can be
used by hypervisor to load virtual machine keys through the AMD-SP driver.

The patch series adds a new ioctl in KVM driver (KVM_MEMORY_ENCRYPT_OP). The
ioctl will be used by qemu to issue SEV guest-specific commands defined in Key
Management Specification.

The following links provide additional details:

AMD Memory Encryption white paper:
http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf

AMD64 Architecture Programmer's Manual:
    http://support.amd.com/TechDocs/24593.pdf
    SME is section 7.10
    SEV is section 15.34

SEV Key Management:
http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf

KVM Forum Presentation:
http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf

SEV Guest BIOS support:
  SEV support has been add to EDKII/OVMF BIOS
  https://github.com/tianocore/edk2Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parents 476b7ada 00b10fe1
...@@ -26,3 +26,6 @@ s390-diag.txt ...@@ -26,3 +26,6 @@ s390-diag.txt
- Diagnose hypercall description (for IBM S/390) - Diagnose hypercall description (for IBM S/390)
timekeeping.txt timekeeping.txt
- timekeeping virtualization for x86-based architectures. - timekeeping virtualization for x86-based architectures.
amd-memory-encryption.txt
- notes on AMD Secure Encrypted Virtualization feature and SEV firmware
command description
======================================
Secure Encrypted Virtualization (SEV)
======================================
Overview
========
Secure Encrypted Virtualization (SEV) is a feature found on AMD processors.
SEV is an extension to the AMD-V architecture which supports running
virtual machines (VMs) under the control of a hypervisor. When enabled,
the memory contents of a VM will be transparently encrypted with a key
unique to that VM.
The hypervisor can determine the SEV support through the CPUID
instruction. The CPUID function 0x8000001f reports information related
to SEV::
0x8000001f[eax]:
Bit[1] indicates support for SEV
...
[ecx]:
Bits[31:0] Number of encrypted guests supported simultaneously
If support for SEV is present, MSR 0xc001_0010 (MSR_K8_SYSCFG) and MSR 0xc001_0015
(MSR_K7_HWCR) can be used to determine if it can be enabled::
0xc001_0010:
Bit[23] 1 = memory encryption can be enabled
0 = memory encryption can not be enabled
0xc001_0015:
Bit[0] 1 = memory encryption can be enabled
0 = memory encryption can not be enabled
When SEV support is available, it can be enabled in a specific VM by
setting the SEV bit before executing VMRUN.::
VMCB[0x90]:
Bit[1] 1 = SEV is enabled
0 = SEV is disabled
SEV hardware uses ASIDs to associate a memory encryption key with a VM.
Hence, the ASID for the SEV-enabled guests must be from 1 to a maximum value
defined in the CPUID 0x8000001f[ecx] field.
SEV Key Management
==================
The SEV guest key management is handled by a separate processor called the AMD
Secure Processor (AMD-SP). Firmware running inside the AMD-SP provides a secure
key management interface to perform common hypervisor activities such as
encrypting bootstrap code, snapshot, migrating and debugging the guest. For more
information, see the SEV Key Management spec [api-spec]_
KVM implements the following commands to support common lifecycle events of SEV
guests, such as launching, running, snapshotting, migrating and decommissioning.
1. KVM_SEV_INIT
---------------
The KVM_SEV_INIT command is used by the hypervisor to initialize the SEV platform
context. In a typical workflow, this command should be the first command issued.
Returns: 0 on success, -negative on error
2. KVM_SEV_LAUNCH_START
-----------------------
The KVM_SEV_LAUNCH_START command is used for creating the memory encryption
context. To create the encryption context, user must provide a guest policy,
the owner's public Diffie-Hellman (PDH) key and session information.
Parameters: struct kvm_sev_launch_start (in/out)
Returns: 0 on success, -negative on error
::
struct kvm_sev_launch_start {
__u32 handle; /* if zero then firmware creates a new handle */
__u32 policy; /* guest's policy */
__u64 dh_uaddr; /* userspace address pointing to the guest owner's PDH key */
__u32 dh_len;
__u64 session_addr; /* userspace address which points to the guest session information */
__u32 session_len;
};
On success, the 'handle' field contains a new handle and on error, a negative value.
For more details, see SEV spec Section 6.2.
3. KVM_SEV_LAUNCH_UPDATE_DATA
-----------------------------
The KVM_SEV_LAUNCH_UPDATE_DATA is used for encrypting a memory region. It also
calculates a measurement of the memory contents. The measurement is a signature
of the memory contents that can be sent to the guest owner as an attestation
that the memory was encrypted correctly by the firmware.
Parameters (in): struct kvm_sev_launch_update_data
Returns: 0 on success, -negative on error
::
struct kvm_sev_launch_update {
__u64 uaddr; /* userspace address to be encrypted (must be 16-byte aligned) */
__u32 len; /* length of the data to be encrypted (must be 16-byte aligned) */
};
For more details, see SEV spec Section 6.3.
4. KVM_SEV_LAUNCH_MEASURE
-------------------------
The KVM_SEV_LAUNCH_MEASURE command is used to retrieve the measurement of the
data encrypted by the KVM_SEV_LAUNCH_UPDATE_DATA command. The guest owner may
wait to provide the guest with confidential information until it can verify the
measurement. Since the guest owner knows the initial contents of the guest at
boot, the measurement can be verified by comparing it to what the guest owner
expects.
Parameters (in): struct kvm_sev_launch_measure
Returns: 0 on success, -negative on error
::
struct kvm_sev_launch_measure {
__u64 uaddr; /* where to copy the measurement */
__u32 len; /* length of measurement blob */
};
For more details on the measurement verification flow, see SEV spec Section 6.4.
5. KVM_SEV_LAUNCH_FINISH
------------------------
After completion of the launch flow, the KVM_SEV_LAUNCH_FINISH command can be
issued to make the guest ready for the execution.
Returns: 0 on success, -negative on error
6. KVM_SEV_GUEST_STATUS
-----------------------
The KVM_SEV_GUEST_STATUS command is used to retrieve status information about a
SEV-enabled guest.
Parameters (out): struct kvm_sev_guest_status
Returns: 0 on success, -negative on error
::
struct kvm_sev_guest_status {
__u32 handle; /* guest handle */
__u32 policy; /* guest policy */
__u8 state; /* guest state (see enum below) */
};
SEV guest state:
::
enum {
SEV_STATE_INVALID = 0;
SEV_STATE_LAUNCHING, /* guest is currently being launched */
SEV_STATE_SECRET, /* guest is being launched and ready to accept the ciphertext data */
SEV_STATE_RUNNING, /* guest is fully launched and running */
SEV_STATE_RECEIVING, /* guest is being migrated in from another SEV machine */
SEV_STATE_SENDING /* guest is getting migrated out to another SEV machine */
};
7. KVM_SEV_DBG_DECRYPT
----------------------
The KVM_SEV_DEBUG_DECRYPT command can be used by the hypervisor to request the
firmware to decrypt the data at the given memory region.
Parameters (in): struct kvm_sev_dbg
Returns: 0 on success, -negative on error
::
struct kvm_sev_dbg {
__u64 src_uaddr; /* userspace address of data to decrypt */
__u64 dst_uaddr; /* userspace address of destination */
__u32 len; /* length of memory region to decrypt */
};
The command returns an error if the guest policy does not allow debugging.
8. KVM_SEV_DBG_ENCRYPT
----------------------
The KVM_SEV_DEBUG_ENCRYPT command can be used by the hypervisor to request the
firmware to encrypt the data at the given memory region.
Parameters (in): struct kvm_sev_dbg
Returns: 0 on success, -negative on error
::
struct kvm_sev_dbg {
__u64 src_uaddr; /* userspace address of data to encrypt */
__u64 dst_uaddr; /* userspace address of destination */
__u32 len; /* length of memory region to encrypt */
};
The command returns an error if the guest policy does not allow debugging.
9. KVM_SEV_LAUNCH_SECRET
------------------------
The KVM_SEV_LAUNCH_SECRET command can be used by the hypervisor to inject secret
data after the measurement has been validated by the guest owner.
Parameters (in): struct kvm_sev_launch_secret
Returns: 0 on success, -negative on error
::
struct kvm_sev_launch_secret {
__u64 hdr_uaddr; /* userspace address containing the packet header */
__u32 hdr_len;
__u64 guest_uaddr; /* the guest memory region where the secret should be injected */
__u32 guest_len;
__u64 trans_uaddr; /* the hypervisor memory region which contains the secret */
__u32 trans_len;
};
References
==========
.. [white-paper] http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
.. [api-spec] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
.. [amd-apm] http://support.amd.com/TechDocs/24593.pdf (section 15.34)
.. [kvm-forum] http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf
...@@ -3403,6 +3403,56 @@ invalid, if invalid pages are written to (e.g. after the end of memory) ...@@ -3403,6 +3403,56 @@ invalid, if invalid pages are written to (e.g. after the end of memory)
or if no page table is present for the addresses (e.g. when using or if no page table is present for the addresses (e.g. when using
hugepages). hugepages).
4.109 KVM_MEMORY_ENCRYPT_OP
Capability: basic
Architectures: x86
Type: system
Parameters: an opaque platform specific structure (in/out)
Returns: 0 on success; -1 on error
If the platform supports creating encrypted VMs then this ioctl can be used
for issuing platform-specific memory encryption commands to manage those
encrypted VMs.
Currently, this ioctl is used for issuing Secure Encrypted Virtualization
(SEV) commands on AMD Processors. The SEV commands are defined in
Documentation/virtual/kvm/amd-memory-encryption.txt.
4.110 KVM_MEMORY_ENCRYPT_REG_REGION
Capability: basic
Architectures: x86
Type: system
Parameters: struct kvm_enc_region (in)
Returns: 0 on success; -1 on error
This ioctl can be used to register a guest memory region which may
contain encrypted data (e.g. guest RAM, SMRAM etc).
It is used in the SEV-enabled guest. When encryption is enabled, a guest
memory region may contain encrypted data. The SEV memory encryption
engine uses a tweak such that two identical plaintext pages, each at
different locations will have differing ciphertexts. So swapping or
moving ciphertext of those pages will not result in plaintext being
swapped. So relocating (or migrating) physical backing pages for the SEV
guest will require some additional steps.
Note: The current SEV key management spec does not provide commands to
swap or migrate (move) ciphertext pages. Hence, for now we pin the guest
memory region registered with the ioctl.
4.111 KVM_MEMORY_ENCRYPT_UNREG_REGION
Capability: basic
Architectures: x86
Type: system
Parameters: struct kvm_enc_region (in)
Returns: 0 on success; -1 on error
This ioctl can be used to unregister the guest memory region registered
with KVM_MEMORY_ENCRYPT_REG_REGION ioctl above.
5. The kvm_run structure 5. The kvm_run structure
------------------------ ------------------------
......
...@@ -201,6 +201,7 @@ ...@@ -201,6 +201,7 @@
#define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */ #define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */
#define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */ #define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */
#define X86_FEATURE_SME ( 7*32+10) /* AMD Secure Memory Encryption */ #define X86_FEATURE_SME ( 7*32+10) /* AMD Secure Memory Encryption */
#define X86_FEATURE_SEV ( 7*32+11) /* AMD Secure Encrypted Virtualization */
#define X86_FEATURE_INTEL_PPIN ( 7*32+14) /* Intel Processor Inventory Number */ #define X86_FEATURE_INTEL_PPIN ( 7*32+14) /* Intel Processor Inventory Number */
#define X86_FEATURE_INTEL_PT ( 7*32+15) /* Intel Processor Trace */ #define X86_FEATURE_INTEL_PT ( 7*32+15) /* Intel Processor Trace */
......
...@@ -761,6 +761,15 @@ enum kvm_irqchip_mode { ...@@ -761,6 +761,15 @@ enum kvm_irqchip_mode {
KVM_IRQCHIP_SPLIT, /* created with KVM_CAP_SPLIT_IRQCHIP */ KVM_IRQCHIP_SPLIT, /* created with KVM_CAP_SPLIT_IRQCHIP */
}; };
struct kvm_sev_info {
bool active; /* SEV enabled guest */
unsigned int asid; /* ASID used for this guest */
unsigned int handle; /* SEV firmware handle */
int fd; /* SEV device fd */
unsigned long pages_locked; /* Number of pages locked */
struct list_head regions_list; /* List of registered regions */
};
struct kvm_arch { struct kvm_arch {
unsigned int n_used_mmu_pages; unsigned int n_used_mmu_pages;
unsigned int n_requested_mmu_pages; unsigned int n_requested_mmu_pages;
...@@ -848,6 +857,8 @@ struct kvm_arch { ...@@ -848,6 +857,8 @@ struct kvm_arch {
bool x2apic_format; bool x2apic_format;
bool x2apic_broadcast_quirk_disabled; bool x2apic_broadcast_quirk_disabled;
struct kvm_sev_info sev_info;
}; };
struct kvm_vm_stat { struct kvm_vm_stat {
...@@ -1081,6 +1092,10 @@ struct kvm_x86_ops { ...@@ -1081,6 +1092,10 @@ struct kvm_x86_ops {
int (*pre_enter_smm)(struct kvm_vcpu *vcpu, char *smstate); int (*pre_enter_smm)(struct kvm_vcpu *vcpu, char *smstate);
int (*pre_leave_smm)(struct kvm_vcpu *vcpu, u64 smbase); int (*pre_leave_smm)(struct kvm_vcpu *vcpu, u64 smbase);
int (*enable_smi_window)(struct kvm_vcpu *vcpu); int (*enable_smi_window)(struct kvm_vcpu *vcpu);
int (*mem_enc_op)(struct kvm *kvm, void __user *argp);
int (*mem_enc_reg_region)(struct kvm *kvm, struct kvm_enc_region *argp);
int (*mem_enc_unreg_region)(struct kvm *kvm, struct kvm_enc_region *argp);
}; };
struct kvm_arch_async_pf { struct kvm_arch_async_pf {
......
...@@ -382,6 +382,8 @@ ...@@ -382,6 +382,8 @@
#define MSR_K7_PERFCTR3 0xc0010007 #define MSR_K7_PERFCTR3 0xc0010007
#define MSR_K7_CLK_CTL 0xc001001b #define MSR_K7_CLK_CTL 0xc001001b
#define MSR_K7_HWCR 0xc0010015 #define MSR_K7_HWCR 0xc0010015
#define MSR_K7_HWCR_SMMLOCK_BIT 0
#define MSR_K7_HWCR_SMMLOCK BIT_ULL(MSR_K7_HWCR_SMMLOCK_BIT)
#define MSR_K7_FID_VID_CTL 0xc0010041 #define MSR_K7_FID_VID_CTL 0xc0010041
#define MSR_K7_FID_VID_STATUS 0xc0010042 #define MSR_K7_FID_VID_STATUS 0xc0010042
......
...@@ -146,6 +146,9 @@ struct __attribute__ ((__packed__)) vmcb_control_area { ...@@ -146,6 +146,9 @@ struct __attribute__ ((__packed__)) vmcb_control_area {
#define SVM_VM_CR_SVM_LOCK_MASK 0x0008ULL #define SVM_VM_CR_SVM_LOCK_MASK 0x0008ULL
#define SVM_VM_CR_SVM_DIS_MASK 0x0010ULL #define SVM_VM_CR_SVM_DIS_MASK 0x0010ULL
#define SVM_NESTED_CTL_NP_ENABLE BIT(0)
#define SVM_NESTED_CTL_SEV_ENABLE BIT(1)
struct __attribute__ ((__packed__)) vmcb_seg { struct __attribute__ ((__packed__)) vmcb_seg {
u16 selector; u16 selector;
u16 attrib; u16 attrib;
......
...@@ -556,6 +556,51 @@ static void bsp_init_amd(struct cpuinfo_x86 *c) ...@@ -556,6 +556,51 @@ static void bsp_init_amd(struct cpuinfo_x86 *c)
} }
} }
static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
{
u64 msr;
/*
* BIOS support is required for SME and SEV.
* For SME: If BIOS has enabled SME then adjust x86_phys_bits by
* the SME physical address space reduction value.
* If BIOS has not enabled SME then don't advertise the
* SME feature (set in scattered.c).
* For SEV: If BIOS has not enabled SEV then don't advertise the
* SEV feature (set in scattered.c).
*
* In all cases, since support for SME and SEV requires long mode,
* don't advertise the feature under CONFIG_X86_32.
*/
if (cpu_has(c, X86_FEATURE_SME) || cpu_has(c, X86_FEATURE_SEV)) {
/* Check if memory encryption is enabled */
rdmsrl(MSR_K8_SYSCFG, msr);
if (!(msr & MSR_K8_SYSCFG_MEM_ENCRYPT))
goto clear_all;
/*
* Always adjust physical address bits. Even though this
* will be a value above 32-bits this is still done for
* CONFIG_X86_32 so that accurate values are reported.
*/
c->x86_phys_bits -= (cpuid_ebx(0x8000001f) >> 6) & 0x3f;
if (IS_ENABLED(CONFIG_X86_32))
goto clear_all;
rdmsrl(MSR_K7_HWCR, msr);
if (!(msr & MSR_K7_HWCR_SMMLOCK))
goto clear_sev;
return;
clear_all:
clear_cpu_cap(c, X86_FEATURE_SME);
clear_sev:
clear_cpu_cap(c, X86_FEATURE_SEV);
}
}
static void early_init_amd(struct cpuinfo_x86 *c) static void early_init_amd(struct cpuinfo_x86 *c)
{ {
u32 dummy; u32 dummy;
...@@ -627,26 +672,7 @@ static void early_init_amd(struct cpuinfo_x86 *c) ...@@ -627,26 +672,7 @@ static void early_init_amd(struct cpuinfo_x86 *c)
if (cpu_has_amd_erratum(c, amd_erratum_400)) if (cpu_has_amd_erratum(c, amd_erratum_400))
set_cpu_bug(c, X86_BUG_AMD_E400); set_cpu_bug(c, X86_BUG_AMD_E400);
/* early_detect_mem_encrypt(c);
* BIOS support is required for SME. If BIOS has enabled SME then
* adjust x86_phys_bits by the SME physical address space reduction
* value. If BIOS has not enabled SME then don't advertise the
* feature (set in scattered.c). Also, since the SME support requires
* long mode, don't advertise the feature under CONFIG_X86_32.
*/
if (cpu_has(c, X86_FEATURE_SME)) {
u64 msr;
/* Check if SME is enabled */
rdmsrl(MSR_K8_SYSCFG, msr);
if (msr & MSR_K8_SYSCFG_MEM_ENCRYPT) {
c->x86_phys_bits -= (cpuid_ebx(0x8000001f) >> 6) & 0x3f;
if (IS_ENABLED(CONFIG_X86_32))
clear_cpu_cap(c, X86_FEATURE_SME);
} else {
clear_cpu_cap(c, X86_FEATURE_SME);
}
}
} }
static void init_amd_k8(struct cpuinfo_x86 *c) static void init_amd_k8(struct cpuinfo_x86 *c)
......
...@@ -32,6 +32,7 @@ static const struct cpuid_bit cpuid_bits[] = { ...@@ -32,6 +32,7 @@ static const struct cpuid_bit cpuid_bits[] = {
{ X86_FEATURE_CPB, CPUID_EDX, 9, 0x80000007, 0 }, { X86_FEATURE_CPB, CPUID_EDX, 9, 0x80000007, 0 },
{ X86_FEATURE_PROC_FEEDBACK, CPUID_EDX, 11, 0x80000007, 0 }, { X86_FEATURE_PROC_FEEDBACK, CPUID_EDX, 11, 0x80000007, 0 },
{ X86_FEATURE_SME, CPUID_EAX, 0, 0x8000001f, 0 }, { X86_FEATURE_SME, CPUID_EAX, 0, 0x8000001f, 0 },
{ X86_FEATURE_SEV, CPUID_EAX, 1, 0x8000001f, 0 },
{ 0, 0, 0, 0, 0 } { 0, 0, 0, 0, 0 }
}; };
......
...@@ -81,6 +81,16 @@ config KVM_AMD ...@@ -81,6 +81,16 @@ config KVM_AMD
To compile this as a module, choose M here: the module To compile this as a module, choose M here: the module
will be called kvm-amd. will be called kvm-amd.
config KVM_AMD_SEV
def_bool y
bool "AMD Secure Encrypted Virtualization (SEV) support"
depends on KVM_AMD && X86_64
select CRYPTO_DEV_CCP
select CRYPTO_DEV_CCP_DD
select CRYPTO_DEV_SP_PSP
---help---
Provides support for launching Encrypted VMs on AMD processors.
config KVM_MMU_AUDIT config KVM_MMU_AUDIT
bool "Audit KVM MMU" bool "Audit KVM MMU"
depends on KVM && TRACEPOINTS depends on KVM && TRACEPOINTS
......
...@@ -613,7 +613,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function, ...@@ -613,7 +613,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
entry->edx = 0; entry->edx = 0;
break; break;
case 0x80000000: case 0x80000000:
entry->eax = min(entry->eax, 0x8000001a); entry->eax = min(entry->eax, 0x8000001f);
break; break;
case 0x80000001: case 0x80000001:
entry->edx &= kvm_cpuid_8000_0001_edx_x86_features; entry->edx &= kvm_cpuid_8000_0001_edx_x86_features;
......
...@@ -4950,6 +4950,16 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code, ...@@ -4950,6 +4950,16 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code,
if (mmio_info_in_cache(vcpu, cr2, direct)) if (mmio_info_in_cache(vcpu, cr2, direct))
emulation_type = 0; emulation_type = 0;
emulate: emulate:
/*
* On AMD platforms, under certain conditions insn_len may be zero on #NPF.
* This can happen if a guest gets a page-fault on data access but the HW
* table walker is not able to read the instruction page (e.g instruction
* page is not present in memory). In those cases we simply restart the
* guest.
*/
if (unlikely(insn && !insn_len))
return 1;
er = x86_emulate_instruction(vcpu, cr2, emulation_type, insn, insn_len); er = x86_emulate_instruction(vcpu, cr2, emulation_type, insn, insn_len);
switch (er) { switch (er) {
......
This diff is collapsed.
...@@ -4335,6 +4335,36 @@ long kvm_arch_vm_ioctl(struct file *filp, ...@@ -4335,6 +4335,36 @@ long kvm_arch_vm_ioctl(struct file *filp,
r = kvm_vm_ioctl_enable_cap(kvm, &cap); r = kvm_vm_ioctl_enable_cap(kvm, &cap);
break; break;
} }
case KVM_MEMORY_ENCRYPT_OP: {
r = -ENOTTY;
if (kvm_x86_ops->mem_enc_op)
r = kvm_x86_ops->mem_enc_op(kvm, argp);
break;
}
case KVM_MEMORY_ENCRYPT_REG_REGION: {
struct kvm_enc_region region;
r = -EFAULT;
if (copy_from_user(&region, argp, sizeof(region)))
goto out;
r = -ENOTTY;
if (kvm_x86_ops->mem_enc_reg_region)
r = kvm_x86_ops->mem_enc_reg_region(kvm, &region);
break;
}
case KVM_MEMORY_ENCRYPT_UNREG_REGION: {
struct kvm_enc_region region;
r = -EFAULT;
if (copy_from_user(&region, argp, sizeof(region)))
goto out;
r = -ENOTTY;
if (kvm_x86_ops->mem_enc_unreg_region)
r = kvm_x86_ops->mem_enc_unreg_region(kvm, &region);
break;
}
default: default:
r = -ENOTTY; r = -ENOTTY;
} }
......
config CRYPTO_DEV_CCP_DD config CRYPTO_DEV_CCP_DD
tristate "Secure Processor device driver" tristate "Secure Processor device driver"
depends on CPU_SUP_AMD || ARM64
default m default m
help help
Provides AMD Secure Processor device driver. Provides AMD Secure Processor device driver.
...@@ -32,3 +33,14 @@ config CRYPTO_DEV_CCP_CRYPTO ...@@ -32,3 +33,14 @@ config CRYPTO_DEV_CCP_CRYPTO
Support for using the cryptographic API with the AMD Cryptographic Support for using the cryptographic API with the AMD Cryptographic
Coprocessor. This module supports offload of SHA and AES algorithms. Coprocessor. This module supports offload of SHA and AES algorithms.
If you choose 'M' here, this module will be called ccp_crypto. If you choose 'M' here, this module will be called ccp_crypto.
config CRYPTO_DEV_SP_PSP
bool "Platform Security Processor (PSP) device"
default y
depends on CRYPTO_DEV_CCP_DD && X86_64
help
Provide support for the AMD Platform Security Processor (PSP).
The PSP is a dedicated processor that provides support for key
management commands in Secure Encrypted Virtualization (SEV) mode,
along with software-based Trusted Execution Environment (TEE) to
enable third-party trusted applications.
...@@ -8,6 +8,7 @@ ccp-$(CONFIG_CRYPTO_DEV_SP_CCP) += ccp-dev.o \ ...@@ -8,6 +8,7 @@ ccp-$(CONFIG_CRYPTO_DEV_SP_CCP) += ccp-dev.o \
ccp-dmaengine.o \ ccp-dmaengine.o \
ccp-debugfs.o ccp-debugfs.o
ccp-$(CONFIG_PCI) += sp-pci.o ccp-$(CONFIG_PCI) += sp-pci.o
ccp-$(CONFIG_CRYPTO_DEV_SP_PSP) += psp-dev.o
obj-$(CONFIG_CRYPTO_DEV_CCP_CRYPTO) += ccp-crypto.o obj-$(CONFIG_CRYPTO_DEV_CCP_CRYPTO) += ccp-crypto.o
ccp-crypto-objs := ccp-crypto-main.o \ ccp-crypto-objs := ccp-crypto-main.o \
......
This diff is collapsed.
/*
* AMD Platform Security Processor (PSP) interface driver
*
* Copyright (C) 2017 Advanced Micro Devices, Inc.
*
* Author: Brijesh Singh <brijesh.singh@amd.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
#ifndef __PSP_DEV_H__
#define __PSP_DEV_H__
#include <linux/device.h>
#include <linux/pci.h>
#include <linux/spinlock.h>
#include <linux/mutex.h>
#include <linux/list.h>
#include <linux/wait.h>
#include <linux/dmapool.h>
#include <linux/hw_random.h>
#include <linux/bitops.h>
#include <linux/interrupt.h>
#include <linux/irqreturn.h>
#include <linux/dmaengine.h>
#include <linux/psp-sev.h>
#include <linux/miscdevice.h>
#include "sp-dev.h"
#define PSP_C2PMSG(_num) ((_num) << 2)
#define PSP_CMDRESP PSP_C2PMSG(32)
#define PSP_CMDBUFF_ADDR_LO PSP_C2PMSG(56)
#define PSP_CMDBUFF_ADDR_HI PSP_C2PMSG(57)
#define PSP_FEATURE_REG PSP_C2PMSG(63)
#define PSP_P2CMSG(_num) ((_num) << 2)
#define PSP_CMD_COMPLETE_REG 1
#define PSP_CMD_COMPLETE PSP_P2CMSG(PSP_CMD_COMPLETE_REG)
#define PSP_P2CMSG_INTEN 0x0110
#define PSP_P2CMSG_INTSTS 0x0114
#define PSP_C2PMSG_ATTR_0 0x0118
#define PSP_C2PMSG_ATTR_1 0x011c
#define PSP_C2PMSG_ATTR_2 0x0120
#define PSP_C2PMSG_ATTR_3 0x0124
#define PSP_P2CMSG_ATTR_0 0x0128
#define PSP_CMDRESP_CMD_SHIFT 16
#define PSP_CMDRESP_IOC BIT(0)
#define PSP_CMDRESP_RESP BIT(31)
#define PSP_CMDRESP_ERR_MASK 0xffff
#define MAX_PSP_NAME_LEN 16
struct sev_misc_dev {
struct kref refcount;
struct miscdevice misc;
};
struct psp_device {
struct list_head entry;
struct psp_vdata *vdata;
char name[MAX_PSP_NAME_LEN];
struct device *dev;
struct sp_device *sp;
void __iomem *io_regs;
int sev_state;
unsigned int sev_int_rcvd;
wait_queue_head_t sev_int_queue;
struct sev_misc_dev *sev_misc;
struct sev_user_data_status status_cmd_buf;
struct sev_data_init init_cmd_buf;
};
#endif /* __PSP_DEV_H */
...@@ -198,6 +198,8 @@ int sp_init(struct sp_device *sp) ...@@ -198,6 +198,8 @@ int sp_init(struct sp_device *sp)
if (sp->dev_vdata->ccp_vdata) if (sp->dev_vdata->ccp_vdata)
ccp_dev_init(sp); ccp_dev_init(sp);
if (sp->dev_vdata->psp_vdata)
psp_dev_init(sp);
return 0; return 0;
} }
...@@ -206,6 +208,9 @@ void sp_destroy(struct sp_device *sp) ...@@ -206,6 +208,9 @@ void sp_destroy(struct sp_device *sp)
if (sp->dev_vdata->ccp_vdata) if (sp->dev_vdata->ccp_vdata)
ccp_dev_destroy(sp); ccp_dev_destroy(sp);
if (sp->dev_vdata->psp_vdata)
psp_dev_destroy(sp);
sp_del_device(sp); sp_del_device(sp);
} }
...@@ -237,6 +242,27 @@ int sp_resume(struct sp_device *sp) ...@@ -237,6 +242,27 @@ int sp_resume(struct sp_device *sp)
} }
#endif #endif
struct sp_device *sp_get_psp_master_device(void)
{
struct sp_device *i, *ret = NULL;
unsigned long flags;
write_lock_irqsave(&sp_unit_lock, flags);
if (list_empty(&sp_units))
goto unlock;
list_for_each_entry(i, &sp_units, entry) {
if (i->psp_data)
break;
}
if (i->get_psp_master_device)
ret = i->get_psp_master_device();
unlock:
write_unlock_irqrestore(&sp_unit_lock, flags);
return ret;
}
static int __init sp_mod_init(void) static int __init sp_mod_init(void)
{ {
#ifdef CONFIG_X86 #ifdef CONFIG_X86
...@@ -246,6 +272,10 @@ static int __init sp_mod_init(void) ...@@ -246,6 +272,10 @@ static int __init sp_mod_init(void)
if (ret) if (ret)
return ret; return ret;
#ifdef CONFIG_CRYPTO_DEV_SP_PSP
psp_pci_init();
#endif
return 0; return 0;
#endif #endif
...@@ -265,6 +295,11 @@ static int __init sp_mod_init(void) ...@@ -265,6 +295,11 @@ static int __init sp_mod_init(void)
static void __exit sp_mod_exit(void) static void __exit sp_mod_exit(void)
{ {
#ifdef CONFIG_X86 #ifdef CONFIG_X86
#ifdef CONFIG_CRYPTO_DEV_SP_PSP
psp_pci_exit();
#endif
sp_pci_exit(); sp_pci_exit();
#endif #endif
......
...@@ -42,12 +42,17 @@ struct ccp_vdata { ...@@ -42,12 +42,17 @@ struct ccp_vdata {
const unsigned int offset; const unsigned int offset;
const unsigned int rsamax; const unsigned int rsamax;
}; };
struct psp_vdata {
const unsigned int offset;
};
/* Structure to hold SP device data */ /* Structure to hold SP device data */
struct sp_dev_vdata { struct sp_dev_vdata {
const unsigned int bar; const unsigned int bar;
const struct ccp_vdata *ccp_vdata; const struct ccp_vdata *ccp_vdata;
void *psp_vdata; const struct psp_vdata *psp_vdata;
}; };
struct sp_device { struct sp_device {
...@@ -68,6 +73,10 @@ struct sp_device { ...@@ -68,6 +73,10 @@ struct sp_device {
/* DMA caching attribute support */ /* DMA caching attribute support */
unsigned int axcache; unsigned int axcache;
/* get and set master device */
struct sp_device*(*get_psp_master_device)(void);
void (*set_psp_master_device)(struct sp_device *);
bool irq_registered; bool irq_registered;
bool use_tasklet; bool use_tasklet;
...@@ -103,6 +112,7 @@ void sp_free_ccp_irq(struct sp_device *sp, void *data); ...@@ -103,6 +112,7 @@ void sp_free_ccp_irq(struct sp_device *sp, void *data);
int sp_request_psp_irq(struct sp_device *sp, irq_handler_t handler, int sp_request_psp_irq(struct sp_device *sp, irq_handler_t handler,
const char *name, void *data); const char *name, void *data);
void sp_free_psp_irq(struct sp_device *sp, void *data); void sp_free_psp_irq(struct sp_device *sp, void *data);
struct sp_device *sp_get_psp_master_device(void);
#ifdef CONFIG_CRYPTO_DEV_SP_CCP #ifdef CONFIG_CRYPTO_DEV_SP_CCP
...@@ -130,4 +140,20 @@ static inline int ccp_dev_resume(struct sp_device *sp) ...@@ -130,4 +140,20 @@ static inline int ccp_dev_resume(struct sp_device *sp)
} }
#endif /* CONFIG_CRYPTO_DEV_SP_CCP */ #endif /* CONFIG_CRYPTO_DEV_SP_CCP */
#ifdef CONFIG_CRYPTO_DEV_SP_PSP
int psp_dev_init(struct sp_device *sp);
void psp_pci_init(void);
void psp_dev_destroy(struct sp_device *sp);
void psp_pci_exit(void);
#else /* !CONFIG_CRYPTO_DEV_SP_PSP */
static inline int psp_dev_init(struct sp_device *sp) { return 0; }
static inline void psp_pci_init(void) { }
static inline void psp_dev_destroy(struct sp_device *sp) { }
static inline void psp_pci_exit(void) { }
#endif /* CONFIG_CRYPTO_DEV_SP_PSP */
#endif #endif
...@@ -25,6 +25,7 @@ ...@@ -25,6 +25,7 @@
#include <linux/ccp.h> #include <linux/ccp.h>
#include "ccp-dev.h" #include "ccp-dev.h"
#include "psp-dev.h"
#define MSIX_VECTORS 2 #define MSIX_VECTORS 2
...@@ -32,6 +33,7 @@ struct sp_pci { ...@@ -32,6 +33,7 @@ struct sp_pci {
int msix_count; int msix_count;
struct msix_entry msix_entry[MSIX_VECTORS]; struct msix_entry msix_entry[MSIX_VECTORS];
}; };
static struct sp_device *sp_dev_master;
static int sp_get_msix_irqs(struct sp_device *sp) static int sp_get_msix_irqs(struct sp_device *sp)
{ {
...@@ -108,6 +110,45 @@ static void sp_free_irqs(struct sp_device *sp) ...@@ -108,6 +110,45 @@ static void sp_free_irqs(struct sp_device *sp)
sp->psp_irq = 0; sp->psp_irq = 0;
} }
static bool sp_pci_is_master(struct sp_device *sp)
{
struct device *dev_cur, *dev_new;
struct pci_dev *pdev_cur, *pdev_new;
dev_new = sp->dev;
dev_cur = sp_dev_master->dev;
pdev_new = to_pci_dev(dev_new);
pdev_cur = to_pci_dev(dev_cur);
if (pdev_new->bus->number < pdev_cur->bus->number)
return true;
if (PCI_SLOT(pdev_new->devfn) < PCI_SLOT(pdev_cur->devfn))
return true;
if (PCI_FUNC(pdev_new->devfn) < PCI_FUNC(pdev_cur->devfn))
return true;
return false;
}
static void psp_set_master(struct sp_device *sp)
{
if (!sp_dev_master) {
sp_dev_master = sp;
return;
}
if (sp_pci_is_master(sp))
sp_dev_master = sp;
}
static struct sp_device *psp_get_master(void)
{
return sp_dev_master;
}
static int sp_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id) static int sp_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
{ {
struct sp_device *sp; struct sp_device *sp;
...@@ -166,6 +207,8 @@ static int sp_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id) ...@@ -166,6 +207,8 @@ static int sp_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
goto e_err; goto e_err;
pci_set_master(pdev); pci_set_master(pdev);
sp->set_psp_master_device = psp_set_master;
sp->get_psp_master_device = psp_get_master;
ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(48)); ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(48));
if (ret) { if (ret) {
...@@ -225,6 +268,12 @@ static int sp_pci_resume(struct pci_dev *pdev) ...@@ -225,6 +268,12 @@ static int sp_pci_resume(struct pci_dev *pdev)
} }
#endif #endif
#ifdef CONFIG_CRYPTO_DEV_SP_PSP
static const struct psp_vdata psp_entry = {
.offset = 0x10500,
};
#endif
static const struct sp_dev_vdata dev_vdata[] = { static const struct sp_dev_vdata dev_vdata[] = {
{ {
.bar = 2, .bar = 2,
...@@ -236,6 +285,9 @@ static const struct sp_dev_vdata dev_vdata[] = { ...@@ -236,6 +285,9 @@ static const struct sp_dev_vdata dev_vdata[] = {
.bar = 2, .bar = 2,
#ifdef CONFIG_CRYPTO_DEV_SP_CCP #ifdef CONFIG_CRYPTO_DEV_SP_CCP
.ccp_vdata = &ccpv5a, .ccp_vdata = &ccpv5a,
#endif
#ifdef CONFIG_CRYPTO_DEV_SP_PSP
.psp_vdata = &psp_entry
#endif #endif
}, },
{ {
......
This diff is collapsed.
...@@ -1358,6 +1358,96 @@ struct kvm_s390_ucas_mapping { ...@@ -1358,6 +1358,96 @@ struct kvm_s390_ucas_mapping {
/* Available with KVM_CAP_S390_CMMA_MIGRATION */ /* Available with KVM_CAP_S390_CMMA_MIGRATION */
#define KVM_S390_GET_CMMA_BITS _IOWR(KVMIO, 0xb8, struct kvm_s390_cmma_log) #define KVM_S390_GET_CMMA_BITS _IOWR(KVMIO, 0xb8, struct kvm_s390_cmma_log)
#define KVM_S390_SET_CMMA_BITS _IOW(KVMIO, 0xb9, struct kvm_s390_cmma_log) #define KVM_S390_SET_CMMA_BITS _IOW(KVMIO, 0xb9, struct kvm_s390_cmma_log)
/* Memory Encryption Commands */
#define KVM_MEMORY_ENCRYPT_OP _IOWR(KVMIO, 0xba, unsigned long)
struct kvm_enc_region {
__u64 addr;
__u64 size;
};
#define KVM_MEMORY_ENCRYPT_REG_REGION _IOR(KVMIO, 0xbb, struct kvm_enc_region)
#define KVM_MEMORY_ENCRYPT_UNREG_REGION _IOR(KVMIO, 0xbc, struct kvm_enc_region)
/* Secure Encrypted Virtualization command */
enum sev_cmd_id {
/* Guest initialization commands */
KVM_SEV_INIT = 0,
KVM_SEV_ES_INIT,
/* Guest launch commands */
KVM_SEV_LAUNCH_START,
KVM_SEV_LAUNCH_UPDATE_DATA,
KVM_SEV_LAUNCH_UPDATE_VMSA,
KVM_SEV_LAUNCH_SECRET,
KVM_SEV_LAUNCH_MEASURE,
KVM_SEV_LAUNCH_FINISH,
/* Guest migration commands (outgoing) */
KVM_SEV_SEND_START,
KVM_SEV_SEND_UPDATE_DATA,
KVM_SEV_SEND_UPDATE_VMSA,
KVM_SEV_SEND_FINISH,
/* Guest migration commands (incoming) */
KVM_SEV_RECEIVE_START,
KVM_SEV_RECEIVE_UPDATE_DATA,
KVM_SEV_RECEIVE_UPDATE_VMSA,
KVM_SEV_RECEIVE_FINISH,
/* Guest status and debug commands */
KVM_SEV_GUEST_STATUS,
KVM_SEV_DBG_DECRYPT,
KVM_SEV_DBG_ENCRYPT,
/* Guest certificates commands */
KVM_SEV_CERT_EXPORT,
KVM_SEV_NR_MAX,
};
struct kvm_sev_cmd {
__u32 id;
__u64 data;
__u32 error;
__u32 sev_fd;
};
struct kvm_sev_launch_start {
__u32 handle;
__u32 policy;
__u64 dh_uaddr;
__u32 dh_len;
__u64 session_uaddr;
__u32 session_len;
};
struct kvm_sev_launch_update_data {
__u64 uaddr;
__u32 len;
};
struct kvm_sev_launch_secret {
__u64 hdr_uaddr;
__u32 hdr_len;
__u64 guest_uaddr;
__u32 guest_len;
__u64 trans_uaddr;
__u32 trans_len;
};
struct kvm_sev_launch_measure {
__u64 uaddr;
__u32 len;
};
struct kvm_sev_guest_status {
__u32 handle;
__u32 policy;
__u32 state;
};
struct kvm_sev_dbg {
__u64 src_uaddr;
__u64 dst_uaddr;
__u32 len;
};
#define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0)
#define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
......
/*
* Userspace interface for AMD Secure Encrypted Virtualization (SEV)
* platform management commands.
*
* Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
*
* Author: Brijesh Singh <brijesh.singh@amd.com>
*
* SEV spec 0.14 is available at:
* http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
#ifndef __PSP_SEV_USER_H__
#define __PSP_SEV_USER_H__
#include <linux/types.h>
/**
* SEV platform commands
*/
enum {
SEV_FACTORY_RESET = 0,
SEV_PLATFORM_STATUS,
SEV_PEK_GEN,
SEV_PEK_CSR,
SEV_PDH_GEN,
SEV_PDH_CERT_EXPORT,
SEV_PEK_CERT_IMPORT,
SEV_MAX,
};
/**
* SEV Firmware status code
*/
typedef enum {
SEV_RET_SUCCESS = 0,
SEV_RET_INVALID_PLATFORM_STATE,
SEV_RET_INVALID_GUEST_STATE,
SEV_RET_INAVLID_CONFIG,
SEV_RET_INVALID_len,
SEV_RET_ALREADY_OWNED,
SEV_RET_INVALID_CERTIFICATE,
SEV_RET_POLICY_FAILURE,
SEV_RET_INACTIVE,
SEV_RET_INVALID_ADDRESS,
SEV_RET_BAD_SIGNATURE,
SEV_RET_BAD_MEASUREMENT,
SEV_RET_ASID_OWNED,
SEV_RET_INVALID_ASID,
SEV_RET_WBINVD_REQUIRED,
SEV_RET_DFFLUSH_REQUIRED,
SEV_RET_INVALID_GUEST,
SEV_RET_INVALID_COMMAND,
SEV_RET_ACTIVE,
SEV_RET_HWSEV_RET_PLATFORM,
SEV_RET_HWSEV_RET_UNSAFE,
SEV_RET_UNSUPPORTED,
SEV_RET_MAX,
} sev_ret_code;
/**
* struct sev_user_data_status - PLATFORM_STATUS command parameters
*
* @major: major API version
* @minor: minor API version
* @state: platform state
* @flags: platform config flags
* @build: firmware build id for API version
* @guest_count: number of active guests
*/
struct sev_user_data_status {
__u8 api_major; /* Out */
__u8 api_minor; /* Out */
__u8 state; /* Out */
__u32 flags; /* Out */
__u8 build; /* Out */
__u32 guest_count; /* Out */
} __packed;
/**
* struct sev_user_data_pek_csr - PEK_CSR command parameters
*
* @address: PEK certificate chain
* @length: length of certificate
*/
struct sev_user_data_pek_csr {
__u64 address; /* In */
__u32 length; /* In/Out */
} __packed;
/**
* struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters
*
* @pek_address: PEK certificate chain
* @pek_len: length of PEK certificate
* @oca_address: OCA certificate chain
* @oca_len: length of OCA certificate
*/
struct sev_user_data_pek_cert_import {
__u64 pek_cert_address; /* In */
__u32 pek_cert_len; /* In */
__u64 oca_cert_address; /* In */
__u32 oca_cert_len; /* In */
} __packed;
/**
* struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
*
* @pdh_address: PDH certificate address
* @pdh_len: length of PDH certificate
* @cert_chain_address: PDH certificate chain
* @cert_chain_len: length of PDH certificate chain
*/
struct sev_user_data_pdh_cert_export {
__u64 pdh_cert_address; /* In */
__u32 pdh_cert_len; /* In/Out */
__u64 cert_chain_address; /* In */
__u32 cert_chain_len; /* In/Out */
} __packed;
/**
* struct sev_issue_cmd - SEV ioctl parameters
*
* @cmd: SEV commands to execute
* @opaque: pointer to the command structure
* @error: SEV FW return code on failure
*/
struct sev_issue_cmd {
__u32 cmd; /* In */
__u64 data; /* In */
__u32 error; /* Out */
} __packed;
#define SEV_IOC_TYPE 'S'
#define SEV_ISSUE_CMD _IOWR(SEV_IOC_TYPE, 0x0, struct sev_issue_cmd)
#endif /* __PSP_USER_SEV_H */
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment