From patchwork Mon Feb 12 15:36:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 872114 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amdcloud.onmicrosoft.com header.i=@amdcloud.onmicrosoft.com header.b="Fv9HJa/G"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zg9875fFkz9s7f for ; Tue, 13 Feb 2018 02:49:11 +1100 (AEDT) Received: from localhost ([::1]:45607 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1elGLt-0003Hd-GK for incoming@patchwork.ozlabs.org; Mon, 12 Feb 2018 10:49:09 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:55749) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1elGBQ-0003LZ-MJ for qemu-devel@nongnu.org; Mon, 12 Feb 2018 10:38:22 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1elGBO-00041J-9y for qemu-devel@nongnu.org; Mon, 12 Feb 2018 10:38:20 -0500 Received: from mail-by2nam01on0066.outbound.protection.outlook.com ([104.47.34.66]:9248 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1elGBN-0003yS-U8 for qemu-devel@nongnu.org; Mon, 12 Feb 2018 10:38:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=K0rG+9OhEX2pAYXJhYpkvMIzreLnbL1Kngbvv5Wp/bM=; b=Fv9HJa/GMWv5A+er/k8SY0OX8RB2ICKmspErGfbPDU4bprYRVLDIoTlulsgax9PHgI3Zc7SKuEtwwDMq5oU+JT+zlvfvB/kIvaWcjdRc7Rqymq20oPp46/VNH7Vug4Wd//nRan1i1KXmRq1EieOYVKq1T2exEZnfI/KMxk40Vb4= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by BY2PR12MB0146.namprd12.prod.outlook.com (10.162.82.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.485.10; Mon, 12 Feb 2018 15:38:13 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Mon, 12 Feb 2018 09:36:55 -0600 Message-Id: <20180212153715.87555-9-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180212153715.87555-1-brijesh.singh@amd.com> References: <20180212153715.87555-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0801CA0004.namprd08.prod.outlook.com (10.161.215.142) To BY2PR12MB0146.namprd12.prod.outlook.com (10.162.82.19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e1909b7c-683a-4aff-c24f-08d5722ea165 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:BY2PR12MB0146; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 3:tSj3noEpzs2EGt3DoTEwz9D8NCvs7N3qvbHvFRULxy/ldu/ju5HbSlZd4uKT00BZXX6FgmxC5qMOl+1nBMA5TNJd4vNBIgyhEFWH24gal1p99qgJlSY4uB8OOVDsJcu/KekjURQCDgYT8tO09UX8Z5SCdRumw/DwDPEqTbM4YTn1okQXDpId4V7VlqUYXPXO6npx1BRQxha3uhuyPDmjPidzuu2X1tzUOilJdseoHxK48QEVMKZT6ylwhtCbMWwr; 25:fvFunxPS1Qty3nWmvj39WrZTBfkfcwB8puGSjZHmPm8H3nIQ5VZxMFgEN7ut7DJrLA0Fon9fCnDtkh9BxcUZyc1RAMwkaqryBNneYig/E0CmhX0yCPTljDNUQxXkme5W+Dm96E4BVSVxcraYYe7y+3vPW40T3kqdB/6ITgv+6miqbZgcmElZRc3sM1SJiBsp2x7czoagXtYqyHkFb3neWe7IkiT2KMef5Fdo9iRa8Mvd04+oXSDaLofSZd3/VtW1j0iUQfG+1n3hnut1qtRSZdprb9aITjjem7CkIODduYjCXbMwEenQ+pl0rHACC1TeZYvpQbGQxWFj2oBiPrB2SQ==; 31:+3Ajh1uOqPWqBmBQ2lz2FFt5s0GOcK+S/MzwOzJ48AmHgzbyeHunsQGHzWdsF1JisV32qAytbHnFdOozImkDk3ULgUSb34T0G1UAgLJ/hLUuMQcwX/yEhqTA/WTVDe6TvM0TuRJLafK29UnArD/nTWd9PNhHB8MtaxirPSVFqkqaiAWA8KIsu9pp+CFk7IV+w/LHSNpw1VoWb+9+OoNMNZADWEUidyDSvsbdQxwf8Vo= X-MS-TrafficTypeDiagnostic: BY2PR12MB0146: X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 20:uCyQ3tDOtBD5g+ByWH/+ESA9vFYaOphVuktInA7KVY2B+yYVENtYfDCEm3w1ulLrY+WfFZJqdRx5Ixo2CtQJ6T5fxBduli5n3m7S6myeefKhgyFOEjo7xlAqLMjMlykzNeiz2JlzyfZQ6OvFgqgfRAv8bg0zHCN8ROUCj7sNkZbwcRNuLbGuomsNEw9i9I812zl+va/lSpWz78lZnN3zf9PON+txi9UKSRd2lAJmMeoe0xykjNImOSjTAls4sJVk4v2ohDMdFQIRtbsXKthYW1685xnjnhkNj6Q5uaeLmOZlipO42r7eMuhr3ZsJnGvJCxI3VsZVLoKSbv77BcTMJEY0Yy/hlittu1D2sRu/qws2ULGG6eT1YNcmG0grpS3X94WQXD39A6lWvN1NDTqqrFNMrFdaBrJGM/Z+jbpjmGqTDtDbfzVlGQh44aZGZv8bF70FvXFB4GNr1bD5S7TGADKc05qXvOaqjG+ZmWtNW2NhprEd736Be7uoNArci/KH; 4:cJVNrnZukXU6Wijn3FE75iKOBGYxo3DcO5pelfn9XuFUMNnSkzsPFNFIgGRAmsrn1b4S8Ys5TTv2Fd49Cwz2B4fejhIdFXQRlhhu7nJil1AVkxNJCwYvbiAOGFfT8CXu6cJOkKn6e5tsmufgu2uBae29I2rjbn4kO0YaWQdqE0tok9CXO3/IsM/JOiajWOFqA5QdxUd2IcTEM+Xdeb9aXnx1ozm/d+lk8HIFUTlavrsh3p7ikhL7shQOiGFlpQZ+d41aeTxQ4/6+Gul/rLeAQpr4QyxEPTWLk7bIt4x2gT/z2m0HbWoVvxUiA+bjrGX+ X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231101)(2400082)(944501161)(6055026)(6041288)(20161123564045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(6072148)(201708071742011); SRVR:BY2PR12MB0146; BCL:0; PCL:0; RULEID:; SRVR:BY2PR12MB0146; X-Forefront-PRVS: 0581B5AB35 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39380400002)(39860400002)(346002)(396003)(366004)(376002)(199004)(189003)(25786009)(53416004)(66066001)(8676002)(7416002)(105586002)(59450400001)(81156014)(76176011)(81166006)(5660300001)(97736004)(186003)(16526019)(8936002)(106356001)(50226002)(2361001)(6116002)(3846002)(47776003)(305945005)(1076002)(86362001)(26005)(2351001)(7736002)(478600001)(51416003)(36756003)(4326008)(2906002)(6306002)(53936002)(6666003)(2950100002)(8656006)(52116002)(6486002)(48376002)(966005)(39060400002)(1720100001)(68736007)(54906003)(16586007)(7696005)(386003)(316002)(6916009)(50466002)(8666007); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0146; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BY2PR12MB0146; 23:gVaemxuD473GUDpfHFvQNZizAGIz9TzDjsiWw2w7m?= /iL3CHUMv86/HOuIIyZRB7HCo8rd62T0xxJVPbA5Gw+UGJBXUjoY88As1zx+CVG9h+duN3PlLachNggMeA7Xw5beLqbhjiTkC/KkUHRMR69RxdIxS/VNZ8sghhILSPXmhu+LO3t2Y4AjvHJ60XXoi1l89xC83/HwJX50llx+ItSkcC81CFkAx9dJulNLiSciLxwBE7ChWEHLGzS0o+OLmff6Chfo5aZp+J1hCJwNLbNBzLymNeV+ZxlOdpkMhw/5mNfrfz5n7ClR5qLW/+JuarEUK2Zqb6EItGYOYuGMDwwuTImoQWzwKxi+SJl90A5PanLDrHIjjt+1J5h8/7EG/B0bmD51knRO5HC9zRA8SiTMqdCRewLrjRAcmCxfjhHIANOhHjz/Qqie+xBSQ9p7iQdMDZy7Vg67z1Qw63+vcyEMSwjCNUYfotYzKf9hbvGyI3qeytpO928LbnSADMnZXUnx5OOpMaR29IWoBiUVfL7zFYTuFW2z7B2AqMso35UTWiGvaKp0LJx5jH4svf5NwwkTBL7WNilplm+kXnt2w3n2FJY8jB+IeEUYxQHpXS7BC7J0clEz+u3ReIDs3fnAP+WGiXLxHHwO/fKajwZX/NcSzpxXT7LJBuqnH2obAtTP2Atp0q4CUCE2IjHdWTIswnjM1p8l1IXcaPUkA7BX3mP6AiduwMRpMxVBDy5YyAkppGpJI9neWDoejhviPGdR7yE3tG+t2GvldFcbjJ57UYKxpCBpo2PyW/CzD9Npwtz4r3RTdqNhfyZVR9SheovB98k6WxJj6ZvukibGZQx3iqtJAA32zKqwqrELYfUZj+xKe0AAf9rDnP1SdTf+qF5ypyYdymxXll+e8pjwZkf6sLc4Zawj0uz7qGZNzSTD9rPJKayH23gfyqTO+rvGaWk37T1HZoo4nI+xorA2gWUk6Nl5zszVMoPa2NFwT2Rpd17+FcslCQp/rWGWlo5bvaC5XaeNzi3g6zlHSEJjbkp/9C/vE7qCn7/FuC91HdYfCN77K6T7Z5cnYjjL2GO9rE3Im17m95nUmlJzwqDsEMkkkKmamOaoJvmUpWN3hRt4t9JPellrklFq4oRyVuSAck9++is2mlJjZmQqWJraiqUuPEfrsWhqZTwe+tiGNhF9d8h3CQSTc0syIbOilMFZiXZHor49GIlnryKe+PKi0NqWRhPdIPfQFBC2FkGSj97lGlyfFyA98TfIFs8AQaFpP6d6vVbxOoKSlQCvuv1itocrShbx559cjLhK0Y38/Spm18NMKNqb5nsXr5aHBn2zg6ixJGtARQGeval0g9pKDwVIrWjZQ== X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 6:qJhyz4trVqGBlV1LU7fR+G1qjdum2BDokz1JOOD1X+R0lR3z8RIs9kNkEJ9xwXnGF//I4TT/cIJQwyOQYRVs+I8Iq1uJXoca1qfT5c6UI0A1R4a2zmYKwmik25K2fT5nlWYYX777UaVCbrHe66AxEMfDeZK5hHmqGfr/vj/Q+vj5o9i3FBJRg6WIqflx6Ge3yiHzzofgODxALBFxp4Xk0GvkZiLNTwBlMGoCh4TdAge3Vk9kctt56SXKNWkN4FE2k9WUc7CWpljAbxMxqRx1cIHfQa/k0D582OpWB1yXIX9atVT6eEMWGtKwkXysE6qmq8R9nm/g2ovM25MVcOts89N0gx6EWlOz6E59mH27LZ8=; 5:7fWUKXwszlZkopYMDvotfRnm0JEDniu1goPay+mE9uYUdGMIhY5q0sAzYOKKpxt2t2JruJb+Rov1IK3GF4WTnSWoXQ8WgSwzt5j3yFq7vwe9CGW00CEeZkjiqtf0UDHMvaghoXLZcbSJptuIef/c2BAfzxwGZGKoKYyJ4TPQpoo=; 24:u72kRYPsFzphuD4JSorj1nqrUdILw+398a33Vlx0Ist34OxarsDLKoTgi3QipwAGBc3NwhuiU75aabAYe2QgnJ4yeXx3897jKpFWdSX3wg0=; 7:Bar7yoMrQ2dGYtxrCrs6C5frFmpcBqMm/kyQAxyYiMPKEMUIMPwHJqGAOCmez79eRLNbwk4DRxcOs6NAav5/dP7eIK+AsbhGYOe/PyQQXbWjxDn97iCUS+wH0kcqfs1HCrN3ikWk+A5qUYWe9AKwpBCcKZAiuVKprY5/zHmV4ZtJ/WSa2VLXezoK9t3hNU1GFiiQ0SLM0Hhf5Ch3NEzc9uDaQgIXp1KaaJ+MP+YTG67Kt3rxbKp6a1e8KnXoqSEL SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 20:u3/wh2Zq7x1w1ZFibsNCDxCNxf1m/2we4td6zJtOvucVl+uAm1egP6Th8jrr11DB9aIoqdhGZs0TzPMxeh1wdsZyfv+BYjtnoYHZ0n0LNbn7hy7TvhssyGUzyuoIW5FPMVC3xkC3pAeN6tPL/fQUkJTOyYEkRB1XKWPMAvW6jD7snyAi+JCURGUjMqIBsDcrrHCtQWB/jQEEOUSJVZd8SA/fAAYn7Ag+CX90/YXRhhfFa2ewJeRy45QMotmJ9TqH X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Feb 2018 15:38:13.0907 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e1909b7c-683a-4aff-c24f-08d5722ea165 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0146 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.34.66 Subject: [Qemu-devel] [PATCH v8 08/28] docs: add AMD Secure Encrypted Virtualization (SEV) X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Create a documentation entry to describe the AMD Secure Encrypted Virtualization (SEV) feature. Cc: Paolo Bonzini Signed-off-by: Brijesh Singh --- docs/amd-memory-encryption.txt | 92 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 docs/amd-memory-encryption.txt diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt new file mode 100644 index 000000000000..72a92b6c6353 --- /dev/null +++ b/docs/amd-memory-encryption.txt @@ -0,0 +1,92 @@ +Secure Encrypted Virtualization (SEV) is a feature found on AMD processors. + +SEV is an extension to the AMD-V architecture which supports running encrypted +virtual machine (VMs) under the control of KVM. Encrypted VMs have their pages +(code and data) secured such that only the guest itself has access to the +unencrypted version. Each encrypted VM is associated with a unique encryption +key; if its data is accessed to a different entity using a different key the +encrypted guests data will be incorrectly decrypted, leading to unintelligible +data. + +The key management of this feature is handled by separate processor known as +AMD secure processor (AMD-SP) which is present in AMD SOCs. Firmware running +inside the AMD-SP provide commands to support common VM lifecycle. This +includes commands for launching, snapshotting, migrating and debugging the +encrypted guest. Those SEV command can be issued via KVM_MEMORY_ENCRYPT_OP +ioctls. + +Launching +--------- +Boot images (such as bios) must be encrypted before guest can be booted. +MEMORY_ENCRYPT_OP ioctl provides commands to encrypt the images :LAUNCH_START, +LAUNCH_UPDATE_DATA, LAUNCH_MEASURE and LAUNCH_FINISH. These four commands +together generate a fresh memory encryption key for the VM, encrypt the boot +images and provide a measurement than can be used as an attestation of the +successful launch. + +LAUNCH_START is called first to create a cryptographic launch context within +the firmware. To create this context, guest owner must provides guest policy, +its public Diffie-Hellman key (PDH) and session parameters. These inputs +should be treated as binary blob and must be passed as-is to the SEV firmware. + +The guest policy is passed as plaintext and hypervisor may able to read it +but should not modify it (any modification of the policy bits will result +in bad measurement). The guest policy is a 4-byte data structure containing +several flags that restricts what can be done on running SEV guest. +See KM Spec section 3 and 6.2 for more details. + +Guest owners provided DH certificate and session parameters will be used to +establish a cryptographic session with the guest owner to negotiate keys used +for the attestation. + +LAUNCH_UPDATE_DATA encrypts the memory region using the cryptographic context +created via LAUNCH_START command. If required, this command can be called +multiple times to encrypt different memory regions. The command also calculates +the measurement of the memory contents as it encrypts. + +LAUNCH_MEASURE command can be used to retrieve the measurement of encrypted +memory. This measurement is a signature of the memory contents that can be +sent to the guest owner as an attestation that the memory was encrypted +correctly by the firmware. The guest owner may wait to provide the guest +confidential information until it can verify the attestation measurement. +Since the guest owner knows the initial contents of the guest at boot, the +attestation measurement can be verified by comparing it to what the guest owner +expects. + +LAUNCH_FINISH command finalizes the guest launch and destroy's the cryptographic +context. + +See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the +complete flow chart. + +Debugging +----------- +Since memory contents of SEV guest is encrypted hence hypervisor access to the +guest memory will get a cipher text. If guest policy allows debugging, then +hypervisor can use DEBUG_DECRYPT and DEBUG_ENCRYPT commands access the guest +memory region for debug purposes. + +Snapshot/Restore +----------------- +TODO + +Live Migration +---------------- +TODO + +References +----------------- + +AMD Memory Encryption whitepaper: +http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf + +Secure Encrypted Virutualization Key Management: +[1] http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf + +KVM Forum slides: +http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf + +AMD64 Architecture Programmer's Manual: + http://support.amd.com/TechDocs/24593.pdf + SME is section 7.10 + SEV is section 15.34