[libvirt] [PATCH v3 0/9] x86: Secure Encrypted Virtualization (AMD)
Brijesh Singh
brijesh.singh at amd.com
Fri Mar 23 19:00:45 UTC 2018
Hi Daniel and Peter.
Any feedback on the series ?
-Brijesh
On 3/14/18 10:44 AM, Brijesh Singh wrote:
> The patch series is test with QEMU recent pull which includes SEV support:
>
> https://lists.gnu.org/archive/html/qemu-devel/2018-03/msg03826.html
>
> This patch series provides support for launching an encrypted guest using
> AMD's new Secure Encrypted Virtualization (SEV) feature.
>
> SEV is an extension to the AMD-V architecture which supports running
> multiple VMs under the control of a hypervisor. When enabled, SEV feature
> allows the memory contents of a virtual machine (VM) to be transparently
> encrypted with a key unique to the guest VM.
>
> At very high level the flow looks this:
>
> 1. mgmt tool calls virConnectGetDomainCapabilities. This returns an XML document
> that includes the following
>
> <feature>
> ...
> <sev supported='yes'>
> <cbitpos> </cbitpos>
> <reduced-phys-bits> </reduced-phys-bits>
> <pdh> </pdh>
> <cert-chain> </cert-chain>
> </feature>
>
> If <sev> is provided then we indicate that hypervisor is capable of launching
> SEV guest.
>
> 2. (optional) mgmt tool can provide the PDH and Cert-chain to guest owner in case
> if guest owner wish to establish a secure connection with SEV firmware to
> negotiate a key used for validating the measurement.
>
> 3. mgmt tool requests to start a guest calling virCreateXML(), passing VIR_DOMAIN_START_PAUSED.
> The xml would include
>
> <launch-security type='sev'>
> <cbitpos> </cbitpos> /* the value is same as what is obtained via virConnectGetDomainCapabilities()
> <reduced-phys-bits> </reduced-phys-bits> /* the value is same as what is obtained via virConnectGetDomainCapabilities()
> <dh-cert> .. </dh> /* guest owners diffie-hellman key */ (optional)
> <session> ..</session> /* guest owners session blob */ (optional)
> <policy> ..</policy> /* guest policy */ (optional)
>
> 4. Libvirt generate the QEMU cli arg to enable the SEV feature, a typical
> args looks like this:
>
> # $QEMU ..
> -machine memory-encryption=sev0 \
> -object sev-guest,id=sev0,dh-cert-file=<file>....
>
> 5. Libvirt generates lifecycle VIR_DOMAIN_EVENT_SUSPENDED_PAUSED event
>
> 6. mgmt tool gets the VIR_DOMAIN_EVENT_SUSPENDED_PAUSED and calls virDomainGetLaunchSecretInfo()
> to retrieve the measurement of encrypted memory.
>
> 7. (optional) mgmt tool can provide the measurement value to guest owner, which can
> validate the measurement and gives GO/NO-GO answer. If mgmt tool gets GO then
> it resumes the guest otherwise it calls destroy() to kill the guest.
>
> 8. mgmt tool resumes the guest
>
> TODO:
> * SEV guest require to use DMA apis for the virtio devices. In order to use the DMA
> apis the virtio devices must have this tag
>
> <driver iommu=on ats=on>
>
> It is a bit unclear to me where these changes need to go. Do we need to
> modify the libvirt to automatically add these when SEV is enabled or
> we ask mgmt tool to make sure that it creates XML with right tag to enable
> the DMA APIs for virtio devices. I am looking for some suggestions.
>
> Using these patches we have succesfully booted and tested a guest both with and
> without SEV enabled.
>
> SEV Firmware API spec is available at:
> https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
>
> Changes since v2:
> * make cbitpos, policy and reduced-phys-bits as unsigned int
> * update virDomainGetLaunchSecurityInfo to accept virTypedParameterPtr *params
> instead of virTypedParameterPtr params.
>
> Changes since v1:
> * rename <sev> -> <launch-security> for domain
> * add more information about policy and other fields in domaincaps.html
> * split the domain_conf support in two patches
> * add virDomainGetLaunchInfo() to retrieve the SEV measurement
> * extend virsh command to show the domain's launch security information
> * add test cases to validate newly added <launch-security> element
> * fix issues reported with 'make check' and 'make syntax-check'
>
> The complete git tree is available at:
> https://github.com/codomania/libvirt/tree/v3
>
>
> Brijesh Singh (8):
> qemu: provide support to query the SEV capability
> qemu: introduce SEV feature in hypervisor capabilities
> conf: introduce launch-security element in domain
> qemu: add support to launch SEV guest
> libvirt: add new public API to get launch security info
> remote: implement the remote protocol for launch security
> qemu_driver: add support to launch security info
> virsh: implement new command for launch security
>
> Xiaogang Chen (1):
> tests: extend tests to include sev specific tag parsing
>
> docs/formatdomain.html.in | 120 ++++++++++++++++++++++++++++++++++++
> docs/formatdomaincaps.html.in | 40 ++++++++++++
> docs/schemas/domaincaps.rng | 20 ++++++
> docs/schemas/domaincommon.rng | 39 ++++++++++++
> include/libvirt/libvirt-domain.h | 17 +++++
> src/conf/domain_capabilities.c | 20 ++++++
> src/conf/domain_capabilities.h | 14 +++++
> src/conf/domain_conf.c | 110 +++++++++++++++++++++++++++++++++
> src/conf/domain_conf.h | 26 ++++++++
> src/driver-hypervisor.h | 7 +++
> src/libvirt-domain.c | 48 +++++++++++++++
> src/libvirt_public.syms | 5 ++
> src/qemu/qemu_capabilities.c | 40 ++++++++++++
> src/qemu/qemu_capabilities.h | 1 +
> src/qemu/qemu_capspriv.h | 4 ++
> src/qemu/qemu_command.c | 35 +++++++++++
> src/qemu/qemu_driver.c | 66 ++++++++++++++++++++
> src/qemu/qemu_monitor.c | 17 +++++
> src/qemu/qemu_monitor.h | 6 ++
> src/qemu/qemu_monitor_json.c | 105 +++++++++++++++++++++++++++++++
> src/qemu/qemu_monitor_json.h | 5 ++
> src/qemu/qemu_process.c | 58 +++++++++++++++++
> src/remote/remote_daemon_dispatch.c | 47 ++++++++++++++
> src/remote/remote_driver.c | 42 ++++++++++++-
> src/remote/remote_protocol.x | 20 +++++-
> src/remote_protocol-structs | 11 ++++
> tests/genericxml2xmlindata/sev.xml | 20 ++++++
> tests/genericxml2xmloutdata/sev.xml | 22 +++++++
> tests/genericxml2xmltest.c | 2 +
> tests/qemuxml2argvdata/sev.args | 24 ++++++++
> tests/qemuxml2argvdata/sev.xml | 35 +++++++++++
> tests/qemuxml2argvtest.c | 2 +
> tests/qemuxml2xmloutdata/sev.xml | 39 ++++++++++++
> tests/qemuxml2xmltest.c | 2 +
> tools/virsh-domain.c | 84 +++++++++++++++++++++++++
> 35 files changed, 1151 insertions(+), 2 deletions(-)
> create mode 100644 tests/genericxml2xmlindata/sev.xml
> create mode 100644 tests/genericxml2xmloutdata/sev.xml
> create mode 100644 tests/qemuxml2argvdata/sev.args
> create mode 100644 tests/qemuxml2argvdata/sev.xml
> create mode 100644 tests/qemuxml2xmloutdata/sev.xml
>
More information about the libvir-list
mailing list