* fix vss-win32 compilation with clang++

* update Coverity model * add measurement calculation to amd-memory-encryption docs -----BEGIN PGP SIGNATURE----- iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmJMARMUHHBib256aW5p QHJlZGhhdC5jb20ACgkQv/vSX3jHroPOQAf/Y/peton1kjPBAbn4G6nD2qjpUoiW YDP0/q8D6GhHotnU3MStTc4ntJp9AElCEerUHEXp/bLnqlnnD9q5bRGk56X5NmKI x1BFLXEVuAtBnQ31Me5gTINtrlzVTXlJ2d2aePJOID4GSBalc3tj7nkVJ7CBbUIL BuTVmy+eDirllBelmLqjKjyeTsMbtj7VGfy+rG4mbLo9caQv/RJyrkU7JZ8DC5Oi p0iUWAL7JjApeBz2Ak4AQQzDQn6uhmmQbLUOdQ3WWzqds8Q3iCQQ8wceUrK7gHHC JnVkYVj5ku6YpX65TCYVG7dPQyNI3iAyT5Fu8WDLFve5YoTwE7w4hL+fmQ== =NO6n -----END PGP SIGNATURE----- Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging * fix vss-win32 compilation with clang++ * update Coverity model * add measurement calculation to amd-memory-encryption docs # gpg: Signature made Tue 05 Apr 2022 09:42:59 BST # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: docs/system/i386: Add measurement calculation details to amd-memory-encryption qga/vss-win32: fix compilation with clang++ coverity: update model for latest tools Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-04-05 16:14:28 +01:00 · 2022-04-05 16:14:28 +01:00 · f53faa70bb
parent 2e185fb65e 776a6a32b4
commit f53faa70bb
3 changed files with 54 additions and 6 deletions
--- a/docs/system/i386/amd-memory-encryption.rst
+++ b/docs/system/i386/amd-memory-encryption.rst
@ -47,7 +47,7 @@ The guest policy is passed as plaintext. A hypervisor may choose to read it,
 but should not modify it (any modification of the policy bits will result
 in bad measurement). The guest policy is a 4-byte data structure containing
 several flags that restricts what can be done on a running SEV guest.
-See KM Spec section 3 and 6.2 for more details.
+See SEV API Spec ([SEVAPI]_) section 3 and 6.2 for more details.

 The guest policy can be provided via the ``policy`` property::

@ -92,7 +92,7 @@ expects.
 ``LAUNCH_FINISH`` finalizes the guest launch and destroys the cryptographic
 context.

-See SEV KM API Spec ([SEVKM]_) 'Launching a guest' usage flow (Appendix A) for the
+See SEV API Spec ([SEVAPI]_) 'Launching a guest' usage flow (Appendix A) for the
 complete flow chart.

 To launch a SEV guest::
@ -118,6 +118,49 @@ a SEV-ES guest:
 - Requires in-kernel irqchip - the burden is placed on the hypervisor to
   manage booting APs.

+Calculating expected guest launch measurement
+---------------------------------------------
+
+In order to verify the guest launch measurement, The Guest Owner must compute
+it in the exact same way as it is calculated by the AMD-SP.  SEV API Spec
+([SEVAPI]_) section 6.5.1 describes the AMD-SP operations:
+
+    GCTX.LD is finalized, producing the hash digest of all plaintext data
+    imported into the guest.
+
+    The launch measurement is calculated as:
+
+    HMAC(0x04 || API_MAJOR || API_MINOR || BUILD || GCTX.POLICY || GCTX.LD || MNONCE; GCTX.TIK)
+
+    where "||" represents concatenation.
+
+The values of API_MAJOR, API_MINOR, BUILD, and GCTX.POLICY can be obtained
+from the ``query-sev`` qmp command.
+
+The value of MNONCE is part of the response of ``query-sev-launch-measure``: it
+is the last 16 bytes of the base64-decoded data field (see SEV API Spec
+([SEVAPI]_) section 6.5.2 Table 52: LAUNCH_MEASURE Measurement Buffer).
+
+The value of GCTX.LD is
+``SHA256(firmware_blob || kernel_hashes_blob || vmsas_blob)``, where:
+
+* ``firmware_blob`` is the content of the entire firmware flash file (for
+  example, ``OVMF.fd``).  Note that you must build a stateless firmware file
+  which doesn't use an NVRAM store, because the NVRAM area is not measured, and
+  therefore it is not secure to use a firmware which uses state from an NVRAM
+  store.
+* if kernel is used, and ``kernel-hashes=on``, then ``kernel_hashes_blob`` is
+  the content of PaddedSevHashTable (including the zero padding), which itself
+  includes the hashes of kernel, initrd, and cmdline that are passed to the
+  guest.  The PaddedSevHashTable struct is defined in ``target/i386/sev.c``.
+* if SEV-ES is enabled (``policy & 0x4 != 0``), ``vmsas_blob`` is the
+  concatenation of all VMSAs of the guest vcpus.  Each VMSA is 4096 bytes long;
+  its content is defined inside Linux kernel code as ``struct vmcb_save_area``,
+  or in AMD APM Volume 2 ([APMVOL2]_) Table B-2: VMCB Layout, State Save Area.
+
+If kernel hashes are not used, or SEV-ES is disabled, use empty blobs for
+``kernel_hashes_blob`` and ``vmsas_blob`` as needed.
+
 Debugging
 ---------

@ -142,8 +185,11 @@ References
 `AMD Memory Encryption whitepaper
 <https://developer.amd.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf>`_

-.. [SEVKM] `Secure Encrypted Virtualization Key Management
-   <http://developer.amd.com/wordpress/media/2017/11/55766_SEV-KM-API_Specification.pdf>`_
+.. [SEVAPI] `Secure Encrypted Virtualization API
+   <https://www.amd.com/system/files/TechDocs/55766_SEV-KM_API_Specification.pdf>`_
+
+.. [APMVOL2] `AMD64 Architecture Programmer's Manual Volume 2: System Programming
+   <https://www.amd.com/system/files/TechDocs/24593.pdf>`_

 KVM Forum slides:

--- a/qga/vss-win32/install.cpp
+++ b/qga/vss-win32/install.cpp
@ -46,7 +46,8 @@ void errmsg(DWORD err, const char *text)
     * If text doesn't contains '(', negative precision is given, which is
     * treated as though it were missing.
     */
-    char *msg = NULL, *nul = strchr(text, '(');
+    char *msg = NULL;
+    const char *nul = strchr(text, '(');
    int len = nul ? nul - text : -1;

    FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
--- a/scripts/coverity-scan/model.c
+++ b/scripts/coverity-scan/model.c
@ -356,7 +356,8 @@ int g_poll (GPollFD *fds, unsigned nfds, int timeout)
 typedef struct _GIOChannel GIOChannel;
 GIOChannel *g_io_channel_unix_new(int fd)
 {
-    GIOChannel *c = g_malloc0(sizeof(GIOChannel));
+    /* cannot use incomplete type, the actual struct is roughly this size.  */
+    GIOChannel *c = g_malloc0(20 * sizeof(void *));
    __coverity_escape__(fd);
    return c;
 }