On 5/21/21 12:19 AM, James Bottomley wrote:
> On Thu, 2021-05-20 at 23:36 +0200, Philippe Mathieu-Daudé wrote:
>> On 2/15/21 2:16 PM, Paolo Bonzini wrote:
>>> From: James Bottomley <j...@linux.ibm.com>
>>>
>>> If the gpa isn't specified, it's value is extracted from the OVMF
>>> properties table located below the reset vector (and if this
>>> doesn't
>>> exist, an error is returned). OVMF has defined the GUID for the
>>> SEV
>>> secret area as 4c2eb361-7d9b-4cc3-8081-127c90d3d294 and the format
>>> of
>>> the <data> is: <base>|<size> where both are uint32_t. We extract
>>> <base> and use it as the gpa for the injection.
>>>
>>> Note: it is expected that the injected secret will also be GUID
>>> described but since qemu can't interpret it, the format is left
>>> undefined here.
>>>
>>> Signed-off-by: James Bottomley <j...@linux.ibm.com>
>>>
>>> Reviewed-by: Dr. David Alan Gilbert <dgilb...@redhat.com>
>>> Message-Id: <20210204193939.16617-3-j...@linux.ibm.com>
>>> Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
>>> ---
>>> qapi/misc-target.json | 2 +-
>>> target/i386/monitor.c | 23 ++++++++++++++++++++++-
>>> 2 files changed, 23 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/qapi/misc-target.json b/qapi/misc-target.json
>>> index 06ef8757f0..0c7491cd82 100644
>>> --- a/qapi/misc-target.json
>>> +++ b/qapi/misc-target.json
>>> @@ -216,7 +216,7 @@
>>> #
>>> ##
>>> { 'command': 'sev-inject-launch-secret',
>>> - 'data': { 'packet-header': 'str', 'secret': 'str', 'gpa':
>>> 'uint64' },
>>> + 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa':
>>> 'uint64' },
>>> 'if': 'defined(TARGET_I386)' }
>>>
>>> ##
>>> diff --git a/target/i386/monitor.c b/target/i386/monitor.c
>>> index 1bc91442b1..5994408bee 100644
>>> --- a/target/i386/monitor.c
>>> +++ b/target/i386/monitor.c
>>> @@ -34,6 +34,7 @@
>>> #include "sev_i386.h"
>>> #include "qapi/qapi-commands-misc-target.h"
>>> #include "qapi/qapi-commands-misc.h"
>>> +#include "hw/i386/pc.h"
>>>
>>> /* Perform linear address sign extension */
>>> static hwaddr addr_canonical(CPUArchState *env, hwaddr addr)
>>> @@ -730,9 +731,29 @@ SevCapability
>>> *qmp_query_sev_capabilities(Error **errp)
>>> return sev_get_capabilities(errp);
>>> }
>>>
>>> +#define SEV_SECRET_GUID "4c2eb361-7d9b-4cc3-8081-127c90d3d294"
>>> +struct sev_secret_area {
>>> + uint32_t base;
>>> + uint32_t size;
>>> +};
>>> +
>>> void qmp_sev_inject_launch_secret(const char *packet_hdr,
>>> - const char *secret, uint64_t
>>> gpa,
>>> + const char *secret,
>>> + bool has_gpa, uint64_t gpa,
>>> Error **errp)
>>> {
>>> + if (!has_gpa) {
>>> + uint8_t *data;
>>> + struct sev_secret_area *area;
>>> +
>>> + if (!pc_system_ovmf_table_find(SEV_SECRET_GUID, &data,
>>> NULL)) {
>>
>> FYI trying to build MicroVM standalone (--without-default-devices):
>>
>> /usr/bin/ld: libqemu-i386-softmmu.fa.p/target_i386_monitor.c.o: in
>> function `qmp_sev_inject_launch_secret':
>> target/i386/monitor.c:749: undefined reference to
>> `pc_system_ovmf_table_find'
>>
>> I'm adding this to my TODO list.
>
> I'm pretty clueless with the new meson build system but I think this is
> something to do with CONFIG_PC not being defined ... can you verify? in
> which case it could be fixed with a pc_sysfw-stub.c that builds it as a
> function returning false.
Oh actually I wrote the fix this morning, but haven't posted it yet.
Beside what you said, I added a X86_FW_OVMF symbol and have SEV
depends on it.
I'll cc you when posting.
Regards,
Phil.
