[libvirt] [PATCH v3 0/9] x86: Secure Encrypted Virtualization (AMD)

Brijesh Singh brijesh.singh at amd.com
Fri Mar 23 19:00:45 UTC 2018


Hi Daniel and Peter.

Any feedback on the series ?

-Brijesh

On 3/14/18 10:44 AM, Brijesh Singh wrote:
> The patch series is test with QEMU recent pull which includes SEV support:
>
> https://lists.gnu.org/archive/html/qemu-devel/2018-03/msg03826.html
>
> This patch series provides support for launching an encrypted guest using
> AMD's new Secure Encrypted  Virtualization (SEV) feature.
>
> SEV is an extension to the AMD-V architecture which supports running
> multiple VMs under the control of a hypervisor. When enabled, SEV feature
> allows the memory contents of a virtual machine (VM) to be transparently
> encrypted with a key unique to the guest VM.
>
> At very high level the flow looks this:
>
> 1. mgmt tool calls virConnectGetDomainCapabilities. This returns an XML document
> that includes the following
>
> <feature>
> ...
>   <sev supported='yes'>
>   <cbitpos> </cbitpos>
>   <reduced-phys-bits> </reduced-phys-bits>
>   <pdh> </pdh>
>   <cert-chain> </cert-chain>
> </feature>
>
> If <sev> is provided then we indicate that hypervisor is capable of launching
> SEV guest. 
>
> 2. (optional) mgmt tool can provide the PDH and Cert-chain to guest owner in case
> if guest owner wish to establish a secure connection with SEV firmware to
> negotiate a key used for validating the measurement.
>
> 3. mgmt tool requests to start a guest calling virCreateXML(), passing VIR_DOMAIN_START_PAUSED.
> The xml would include
>
> <launch-security type='sev'>
> <cbitpos> </cbitpos>  /* the value is same as what is obtained via virConnectGetDomainCapabilities()
> <reduced-phys-bits> </reduced-phys-bits>  /* the value is same as what is obtained via virConnectGetDomainCapabilities()
> <dh-cert> .. </dh> /* guest owners diffie-hellman key */ (optional)
> <session> ..</session> /* guest owners session blob */ (optional)
>    <policy> ..</policy> /* guest policy */ (optional)
>
> 4. Libvirt generate the QEMU cli arg to enable the SEV feature, a typical
> args looks like this:
>
> # $QEMU ..
> -machine memory-encryption=sev0 \
> -object sev-guest,id=sev0,dh-cert-file=<file>....
>
> 5. Libvirt generates lifecycle VIR_DOMAIN_EVENT_SUSPENDED_PAUSED event
>
> 6. mgmt tool gets the VIR_DOMAIN_EVENT_SUSPENDED_PAUSED and calls virDomainGetLaunchSecretInfo()
> to retrieve the measurement of encrypted memory.
>
> 7. (optional) mgmt tool can provide the measurement value to guest owner, which can
> validate the measurement and gives GO/NO-GO answer. If mgmt tool gets GO then
> it resumes the guest otherwise it calls destroy() to kill the guest.
>
> 8. mgmt tool resumes the guest
>
> TODO:
> * SEV guest require to use DMA apis for the virtio devices. In order to use the DMA
> apis the virtio devices must have this tag
>
> <driver iommu=on ats=on>
>
> It is a bit unclear to me where these changes need to go. Do we need to
> modify the libvirt to automatically add these when SEV is enabled or
> we ask mgmt tool to make sure that it creates XML with right tag to enable
> the DMA APIs for virtio devices. I am looking for some suggestions.
>
> Using these patches we have succesfully booted and tested a guest both with and
> without SEV enabled.
>
> SEV Firmware API spec is available at:
> https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
>
> Changes since v2:
>  * make cbitpos, policy and reduced-phys-bits as unsigned int
>  * update virDomainGetLaunchSecurityInfo to accept virTypedParameterPtr *params
>    instead of virTypedParameterPtr params.
>
> Changes since v1:
>  * rename <sev> -> <launch-security> for domain
>  * add more information about policy and other fields in domaincaps.html
>  * split the domain_conf support in two patches
>  * add virDomainGetLaunchInfo() to retrieve the SEV measurement
>  * extend virsh command to show the domain's launch security information
>  * add test cases to validate newly added <launch-security> element
>  * fix issues reported with 'make check' and 'make syntax-check'
>
> The complete git tree is available at:
> https://github.com/codomania/libvirt/tree/v3
>
>
> Brijesh Singh (8):
>   qemu: provide support to query the SEV capability
>   qemu: introduce SEV feature in hypervisor capabilities
>   conf: introduce launch-security element in domain
>   qemu: add support to launch SEV guest
>   libvirt: add new public API to get launch security info
>   remote: implement the remote protocol for launch security
>   qemu_driver: add support to launch security info
>   virsh: implement new command for launch security
>
> Xiaogang Chen (1):
>   tests: extend tests to include sev specific tag parsing
>
>  docs/formatdomain.html.in           | 120 ++++++++++++++++++++++++++++++++++++
>  docs/formatdomaincaps.html.in       |  40 ++++++++++++
>  docs/schemas/domaincaps.rng         |  20 ++++++
>  docs/schemas/domaincommon.rng       |  39 ++++++++++++
>  include/libvirt/libvirt-domain.h    |  17 +++++
>  src/conf/domain_capabilities.c      |  20 ++++++
>  src/conf/domain_capabilities.h      |  14 +++++
>  src/conf/domain_conf.c              | 110 +++++++++++++++++++++++++++++++++
>  src/conf/domain_conf.h              |  26 ++++++++
>  src/driver-hypervisor.h             |   7 +++
>  src/libvirt-domain.c                |  48 +++++++++++++++
>  src/libvirt_public.syms             |   5 ++
>  src/qemu/qemu_capabilities.c        |  40 ++++++++++++
>  src/qemu/qemu_capabilities.h        |   1 +
>  src/qemu/qemu_capspriv.h            |   4 ++
>  src/qemu/qemu_command.c             |  35 +++++++++++
>  src/qemu/qemu_driver.c              |  66 ++++++++++++++++++++
>  src/qemu/qemu_monitor.c             |  17 +++++
>  src/qemu/qemu_monitor.h             |   6 ++
>  src/qemu/qemu_monitor_json.c        | 105 +++++++++++++++++++++++++++++++
>  src/qemu/qemu_monitor_json.h        |   5 ++
>  src/qemu/qemu_process.c             |  58 +++++++++++++++++
>  src/remote/remote_daemon_dispatch.c |  47 ++++++++++++++
>  src/remote/remote_driver.c          |  42 ++++++++++++-
>  src/remote/remote_protocol.x        |  20 +++++-
>  src/remote_protocol-structs         |  11 ++++
>  tests/genericxml2xmlindata/sev.xml  |  20 ++++++
>  tests/genericxml2xmloutdata/sev.xml |  22 +++++++
>  tests/genericxml2xmltest.c          |   2 +
>  tests/qemuxml2argvdata/sev.args     |  24 ++++++++
>  tests/qemuxml2argvdata/sev.xml      |  35 +++++++++++
>  tests/qemuxml2argvtest.c            |   2 +
>  tests/qemuxml2xmloutdata/sev.xml    |  39 ++++++++++++
>  tests/qemuxml2xmltest.c             |   2 +
>  tools/virsh-domain.c                |  84 +++++++++++++++++++++++++
>  35 files changed, 1151 insertions(+), 2 deletions(-)
>  create mode 100644 tests/genericxml2xmlindata/sev.xml
>  create mode 100644 tests/genericxml2xmloutdata/sev.xml
>  create mode 100644 tests/qemuxml2argvdata/sev.args
>  create mode 100644 tests/qemuxml2argvdata/sev.xml
>  create mode 100644 tests/qemuxml2xmloutdata/sev.xml
>




More information about the libvir-list mailing list