* fix vss-win32 compilation with clang++
* update Coverity model * add measurement calculation to amd-memory-encryption docs -----BEGIN PGP SIGNATURE----- iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmJMARMUHHBib256aW5p QHJlZGhhdC5jb20ACgkQv/vSX3jHroPOQAf/Y/peton1kjPBAbn4G6nD2qjpUoiW YDP0/q8D6GhHotnU3MStTc4ntJp9AElCEerUHEXp/bLnqlnnD9q5bRGk56X5NmKI x1BFLXEVuAtBnQ31Me5gTINtrlzVTXlJ2d2aePJOID4GSBalc3tj7nkVJ7CBbUIL BuTVmy+eDirllBelmLqjKjyeTsMbtj7VGfy+rG4mbLo9caQv/RJyrkU7JZ8DC5Oi p0iUWAL7JjApeBz2Ak4AQQzDQn6uhmmQbLUOdQ3WWzqds8Q3iCQQ8wceUrK7gHHC JnVkYVj5ku6YpX65TCYVG7dPQyNI3iAyT5Fu8WDLFve5YoTwE7w4hL+fmQ== =NO6n -----END PGP SIGNATURE----- Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging * fix vss-win32 compilation with clang++ * update Coverity model * add measurement calculation to amd-memory-encryption docs # gpg: Signature made Tue 05 Apr 2022 09:42:59 BST # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: docs/system/i386: Add measurement calculation details to amd-memory-encryption qga/vss-win32: fix compilation with clang++ coverity: update model for latest tools Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell
commit
f53faa70bb
|
|
@ -47,7 +47,7 @@ The guest policy is passed as plaintext. A hypervisor may choose to read it,
|
||||||
but should not modify it (any modification of the policy bits will result
|
but should not modify it (any modification of the policy bits will result
|
||||||
in bad measurement). The guest policy is a 4-byte data structure containing
|
in bad measurement). The guest policy is a 4-byte data structure containing
|
||||||
several flags that restricts what can be done on a running SEV guest.
|
several flags that restricts what can be done on a running SEV guest.
|
||||||
See KM Spec section 3 and 6.2 for more details.
|
See SEV API Spec ([SEVAPI]_) section 3 and 6.2 for more details.
|
||||||
|
|
||||||
The guest policy can be provided via the ``policy`` property::
|
The guest policy can be provided via the ``policy`` property::
|
||||||
|
|
||||||
|
|
@ -92,7 +92,7 @@ expects.
|
||||||
``LAUNCH_FINISH`` finalizes the guest launch and destroys the cryptographic
|
``LAUNCH_FINISH`` finalizes the guest launch and destroys the cryptographic
|
||||||
context.
|
context.
|
||||||
|
|
||||||
See SEV KM API Spec ([SEVKM]_) 'Launching a guest' usage flow (Appendix A) for the
|
See SEV API Spec ([SEVAPI]_) 'Launching a guest' usage flow (Appendix A) for the
|
||||||
complete flow chart.
|
complete flow chart.
|
||||||
|
|
||||||
To launch a SEV guest::
|
To launch a SEV guest::
|
||||||
|
|
@ -118,6 +118,49 @@ a SEV-ES guest:
|
||||||
- Requires in-kernel irqchip - the burden is placed on the hypervisor to
|
- Requires in-kernel irqchip - the burden is placed on the hypervisor to
|
||||||
manage booting APs.
|
manage booting APs.
|
||||||
|
|
||||||
|
Calculating expected guest launch measurement
|
||||||
|
---------------------------------------------
|
||||||
|
|
||||||
|
In order to verify the guest launch measurement, The Guest Owner must compute
|
||||||
|
it in the exact same way as it is calculated by the AMD-SP. SEV API Spec
|
||||||
|
([SEVAPI]_) section 6.5.1 describes the AMD-SP operations:
|
||||||
|
|
||||||
|
GCTX.LD is finalized, producing the hash digest of all plaintext data
|
||||||
|
imported into the guest.
|
||||||
|
|
||||||
|
The launch measurement is calculated as:
|
||||||
|
|
||||||
|
HMAC(0x04 || API_MAJOR || API_MINOR || BUILD || GCTX.POLICY || GCTX.LD || MNONCE; GCTX.TIK)
|
||||||
|
|
||||||
|
where "||" represents concatenation.
|
||||||
|
|
||||||
|
The values of API_MAJOR, API_MINOR, BUILD, and GCTX.POLICY can be obtained
|
||||||
|
from the ``query-sev`` qmp command.
|
||||||
|
|
||||||
|
The value of MNONCE is part of the response of ``query-sev-launch-measure``: it
|
||||||
|
is the last 16 bytes of the base64-decoded data field (see SEV API Spec
|
||||||
|
([SEVAPI]_) section 6.5.2 Table 52: LAUNCH_MEASURE Measurement Buffer).
|
||||||
|
|
||||||
|
The value of GCTX.LD is
|
||||||
|
``SHA256(firmware_blob || kernel_hashes_blob || vmsas_blob)``, where:
|
||||||
|
|
||||||
|
* ``firmware_blob`` is the content of the entire firmware flash file (for
|
||||||
|
example, ``OVMF.fd``). Note that you must build a stateless firmware file
|
||||||
|
which doesn't use an NVRAM store, because the NVRAM area is not measured, and
|
||||||
|
therefore it is not secure to use a firmware which uses state from an NVRAM
|
||||||
|
store.
|
||||||
|
* if kernel is used, and ``kernel-hashes=on``, then ``kernel_hashes_blob`` is
|
||||||
|
the content of PaddedSevHashTable (including the zero padding), which itself
|
||||||
|
includes the hashes of kernel, initrd, and cmdline that are passed to the
|
||||||
|
guest. The PaddedSevHashTable struct is defined in ``target/i386/sev.c``.
|
||||||
|
* if SEV-ES is enabled (``policy & 0x4 != 0``), ``vmsas_blob`` is the
|
||||||
|
concatenation of all VMSAs of the guest vcpus. Each VMSA is 4096 bytes long;
|
||||||
|
its content is defined inside Linux kernel code as ``struct vmcb_save_area``,
|
||||||
|
or in AMD APM Volume 2 ([APMVOL2]_) Table B-2: VMCB Layout, State Save Area.
|
||||||
|
|
||||||
|
If kernel hashes are not used, or SEV-ES is disabled, use empty blobs for
|
||||||
|
``kernel_hashes_blob`` and ``vmsas_blob`` as needed.
|
||||||
|
|
||||||
Debugging
|
Debugging
|
||||||
---------
|
---------
|
||||||
|
|
||||||
|
|
@ -142,8 +185,11 @@ References
|
||||||
`AMD Memory Encryption whitepaper
|
`AMD Memory Encryption whitepaper
|
||||||
<https://developer.amd.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf>`_
|
<https://developer.amd.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf>`_
|
||||||
|
|
||||||
.. [SEVKM] `Secure Encrypted Virtualization Key Management
|
.. [SEVAPI] `Secure Encrypted Virtualization API
|
||||||
<http://developer.amd.com/wordpress/media/2017/11/55766_SEV-KM-API_Specification.pdf>`_
|
<https://www.amd.com/system/files/TechDocs/55766_SEV-KM_API_Specification.pdf>`_
|
||||||
|
|
||||||
|
.. [APMVOL2] `AMD64 Architecture Programmer's Manual Volume 2: System Programming
|
||||||
|
<https://www.amd.com/system/files/TechDocs/24593.pdf>`_
|
||||||
|
|
||||||
KVM Forum slides:
|
KVM Forum slides:
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -46,7 +46,8 @@ void errmsg(DWORD err, const char *text)
|
||||||
* If text doesn't contains '(', negative precision is given, which is
|
* If text doesn't contains '(', negative precision is given, which is
|
||||||
* treated as though it were missing.
|
* treated as though it were missing.
|
||||||
*/
|
*/
|
||||||
char *msg = NULL, *nul = strchr(text, '(');
|
char *msg = NULL;
|
||||||
|
const char *nul = strchr(text, '(');
|
||||||
int len = nul ? nul - text : -1;
|
int len = nul ? nul - text : -1;
|
||||||
|
|
||||||
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
|
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
|
||||||
|
|
|
||||||
|
|
@ -356,7 +356,8 @@ int g_poll (GPollFD *fds, unsigned nfds, int timeout)
|
||||||
typedef struct _GIOChannel GIOChannel;
|
typedef struct _GIOChannel GIOChannel;
|
||||||
GIOChannel *g_io_channel_unix_new(int fd)
|
GIOChannel *g_io_channel_unix_new(int fd)
|
||||||
{
|
{
|
||||||
GIOChannel *c = g_malloc0(sizeof(GIOChannel));
|
/* cannot use incomplete type, the actual struct is roughly this size. */
|
||||||
|
GIOChannel *c = g_malloc0(20 * sizeof(void *));
|
||||||
__coverity_escape__(fd);
|
__coverity_escape__(fd);
|
||||||
return c;
|
return c;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue