diff mbox series

[RFC,v2,2/2] i386/sev: Allow measured direct kernel boot on SNP

Message ID 20230216084913.2148508-3-dovmurik@linux.ibm.com
State New
Headers show
Series i386/sev: Support measured direct kernel boot on SNP | expand

Commit Message

Dov Murik Feb. 16, 2023, 8:49 a.m. UTC 
In SNP, the hashes page is not included in the ranges to pre-validate
that appear in the SNP metadata published by AmdSev OVMF.

Therefore, if the user enabled kernel hashes (for measured direct boot),
QEMU should fill hashes table and encrypt the page.  Note that in SNP
(unlike SEV and SEV-ES) the measurements is done in whole 4KB pages.
Therefore QEMU zeros the whole page that includes the hashes table, and
fills in the kernel hashes area in that page, and then encrypts the
whole page.  The rest of the page is reserved for SEV launch secrets
which are not usable anyway on SNP.

If the user disabled kernel hashes, QEMU pre-validates the page as a
zero page.

Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
---
 target/i386/sev.c | 51 +++++++++++++++++++++++++++++++++++++----------
 1 file changed, 41 insertions(+), 10 deletions(-)
diff mbox series

Patch

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 6b8e85888f..c36ba9a541 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -2079,8 +2079,11 @@  bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
     uint8_t initrd_hash[HASH_SIZE];
     uint8_t kernel_hash[HASH_SIZE];
     uint8_t *hashp;
+    hwaddr mapped_gpa, mapped_offset, mapped_len, expected_mapped_len;
+    uint8_t *mapped_area = NULL;
+    MemoryRegion *mr = NULL;
+    void *hva;
     size_t hash_len = HASH_SIZE;
-    hwaddr mapped_len = sizeof(*padded_ht);
     MemTxAttrs attrs = { 0 };
     bool ret = true;
     SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs);
@@ -2090,6 +2093,25 @@  bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
      * stated kernel-hashes=on.
      */
     if (!sev_common->kernel_hashes) {
+        if (sev_snp_enabled()) {
+            /* Mark the hashes page (if defined) as a zero page */
+            if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) {
+                return false;
+            }
+
+            area = (SevHashTableDescriptor *)data;
+            if (!area->base || area->size < sizeof(PaddedSevHashTable)) {
+                return false;
+            }
+
+            mapped_gpa = area->base & TARGET_PAGE_MASK;
+            hva = gpa2hva(&mr, mapped_gpa, TARGET_PAGE_SIZE, NULL);
+            if (sev_snp_launch_update(SEV_SNP_GUEST(sev_common), mapped_gpa, hva,
+                                      TARGET_PAGE_SIZE, KVM_SEV_SNP_PAGE_TYPE_ZERO)) {
+                error_setg(errp, "SEV: error marking kernel hashes page as zero");
+            }
+            return false;
+        }
         return false;
     }
 
@@ -2099,10 +2121,6 @@  bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
         return false;
     }
 
-    if (sev_snp_enabled()) {
-        return false;
-    }
-
     area = (SevHashTableDescriptor *)data;
     if (!area->base || area->size < sizeof(PaddedSevHashTable)) {
         error_setg(errp, "SEV: guest firmware hashes table area is invalid "
@@ -2149,12 +2167,25 @@  bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
      * Populate the hashes table in the guest's memory at the OVMF-designated
      * area for the SEV hashes table
      */
-    padded_ht = address_space_map(&address_space_memory, area->base,
-                                  &mapped_len, true, attrs);
-    if (!padded_ht || mapped_len != sizeof(*padded_ht)) {
+    if (sev_snp_enabled()) {
+        /* SNP encrypts and measures memory in whole pages */
+        mapped_gpa = area->base & TARGET_PAGE_MASK;
+        mapped_offset = area->base & ~TARGET_PAGE_MASK;
+        mapped_len = TARGET_PAGE_SIZE;
+    } else {
+        mapped_gpa = area->base;
+        mapped_offset = 0;
+        mapped_len = sizeof(*padded_ht);
+    }
+    expected_mapped_len = mapped_len;
+    mapped_area = address_space_map(&address_space_memory, mapped_gpa,
+                                    &mapped_len, true, attrs);
+    if (!mapped_area || mapped_len != expected_mapped_len) {
         error_setg(errp, "SEV: cannot map hashes table guest memory area");
         return false;
     }
+    memset(mapped_area, 0, mapped_len);
+    padded_ht = (PaddedSevHashTable *)(mapped_area + mapped_offset);
     ht = &padded_ht->ht;
 
     ht->guid = sev_hash_table_header_guid;
@@ -2175,11 +2206,11 @@  bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)
     /* zero the excess data so the measurement can be reliably calculated */
     memset(padded_ht->padding, 0, sizeof(padded_ht->padding));
 
-    if (sev_encrypt_flash(area->base, (uint8_t *)padded_ht, sizeof(*padded_ht), errp) < 0) {
+    if (sev_encrypt_flash(mapped_gpa, mapped_area, mapped_len, errp) < 0) {
         ret = false;
     }
 
-    address_space_unmap(&address_space_memory, padded_ht,
+    address_space_unmap(&address_space_memory, mapped_area,
                         mapped_len, true, mapped_len);
 
     return ret;