This RFC series provides support for AMD's new Secure Encrypted Virtualization (SEV) feature. This RFC is based KVM RFC [1].
SEV is an extension to the AMD-V architecture which supports running multiple VMs under the control of a hypervisor. The SEV feature allows the memory contents of a virtual machine (VM) to be transparently encrypted with a key unique to the guest VM. The memory controller contains a high performance encryption engine which can be programmed with multiple keys for use by a different VMs in the system. The programming and management of these keys is handled by the AMD Secure Processor firmware which exposes a commands for these tasks. SEV is designed to protect guest VMs from a benign but vulnerable (i.e. not fully malicious) hypervisor. In particular, it reduces the attack surface of guest VMs and can prevent certain types of VM-escape bugs (e.g. hypervisor read-anywhere) from being used to steal guest data. The KVM RFC introduced a new ioctl (KVM_SEV_ISSUE_CMD) which can be used by qemu to enable SEV for secure guest and assist performing common hypervisor activities such as a launching, running, snapshooting, migration and debugging a guests data. The following links provide additional details: AMD Memory Encryption whitepaper: http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf AMD64 Architecture Programmer's Manual: http://support.amd.com/TechDocs/24593.pdf SME is section 7.10 SEV is section 15.34 Secure Encrypted Virutualization Key Management: http://support.amd.com/TechDocs/55766_SEV-KM API_Spec.pdf KVM Forum slides: http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf KVM RFC link: [1] http://marc.info/?l=kvm&m=147191038624432&w=2 Video of the KVM Forum Talk: https://www.youtube.com/watch?v=RcvQ1xN55Ew --- The patch series implements booting SEV guest from unencrypted boot images (BIOS, kernel, and initrd) received from the guest owner. In first phase we ignore the guest policy, key-sharing and measurements etc. Will extend this later once the first part is reviewed and merged. Based on feedback from Paolo, I have looked into integrating SEV support in OVMF/EDK2 BIOS and will start discussion on edk2 mailing list. The patches are based on (8ff7fd8) Changes since v2: - rename ram_ops to ram_debug_ops - use '-' rather than '_' when adding new member in KvmInfo struct - update sev object to use link properties when referencing other objects - use ldq_phys_debug in tlb_info_64 and mem_info_64. - remove sev-guest-policy object, we will revisit it after basic SEV guest support is merged. - remove kernel API from doc and add SEV guest LAUNCH model. The doc will be updated as we integerate the remaining SEV APIs. Changes since v1: - Added Documentation - Added security-policy object. - Drop sev config parsing support and create new objects to get/set SEV specific parameters - Added sev-guest-info object. - Added sev-launch-info object. - Added kvm_memory_encrytion_* APIs. The idea behind this was to allow adding a non SEV memory encrytion object without modifying interfaces. - Drop patch to load OS image at fixed location. - updated LAUNCH_FINISH command structure. Now the structure contains just 'measurement' field. Other fields are not used and will also be removed from newer SEV firmware API spec. TODO: - integrate SEV SEND_* command in vmsave code path. - integerate SEV RECEIVE_* command in vm restore code path. - virtio support in SEV guest. - Integrate SEV SEND and RECEIVE command in live migration. Brijesh Singh (18): memattrs: add debug attrs exec: add guest RAM read and write ops exec: add debug version of physical memory read and write apis monitor: use debug version of memory access apis core: add new security-policy object kvm: add memory encryption APIs sev: add Secure Encrypted Virtulization (SEV) support hmp: display memory encryption support in 'info kvm' core: loader: create memory encryption context before copying data sev: add LAUNCH_START command sev: add LAUNCH_UPDATE command sev: add LAUNCH_FINISH command sev: add DEBUG_DECRYPT command sev: add DEBUG_ENCRYPT command i386: register memory encryption ops target-i386: add cpuid Fn8000_001f i386: clear C-bit in SEV guest page table walk migration: disable save/restore and migration on SEV guest Makefile.target | 2 cpus.c | 2 disas.c | 2 docs/amd-memory-encryption.txt | 153 +++++++++++ exec.c | 94 ++++++- hmp.c | 2 hw/core/Makefile.objs | 1 hw/core/loader.c | 22 ++ hw/core/machine.c | 22 ++ hw/core/security-policy.c | 166 ++++++++++++ hw/i386/pc.c | 7 + hw/i386/pc_sysfw.c | 4 include/exec/cpu-common.h | 15 + include/exec/memattrs.h | 4 include/exec/memory.h | 25 ++ include/hw/boards.h | 1 include/sysemu/kvm.h | 8 + include/sysemu/security-policy.h | 75 +++++ include/sysemu/sev.h | 112 ++++++++ kvm-all.c | 90 ++++++ migration/migration.c | 7 + migration/savevm.c | 11 + monitor.c | 2 qapi-schema.json | 5 qemu-options.hx | 55 ++++ qmp.c | 1 sev.c | 528 ++++++++++++++++++++++++++++++++++++++ target-i386/cpu.c | 6 target-i386/helper.c | 37 ++- target-i386/monitor.c | 80 ++++-- 30 files changed, 1494 insertions(+), 45 deletions(-) create mode 100644 docs/amd-memory-encryption.txt create mode 100644 hw/core/security-policy.c create mode 100644 include/sysemu/security-policy.h create mode 100644 include/sysemu/sev.h create mode 100644 sev.c -- Brijesh Singh
