The SEV DEBUG_ENCRYPT command is used for injecting a code into SEV-enabled guest memory
For more information see [1], section 7.2 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf The following KVM RFC patches defines and implements this command http://marc.info/?l=kvm&m=147190861124032&w=2 http://marc.info/?l=kvm&m=147190861124032&w=2 Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- include/sysemu/sev.h | 10 ++++++++++ sev.c | 23 +++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h index 5872c3e..a505d75 100644 --- a/include/sysemu/sev.h +++ b/include/sysemu/sev.h @@ -65,4 +65,14 @@ int kvm_sev_guest_measurement(uint8_t *measurement); */ int kvm_sev_dbg_decrypt(uint8_t *dest, const uint8_t *src, uint32_t len); +/** + * kvm_sev_dbg_encrypt - encrypt the guest memory in SEV mode. + * @src - guest memory address + * @dest - host memory address where the encrypted data should be copied + * @length - length of memory region + * + * Returns: 0 on success and dest will contains the encrypted data + */ +int kvm_sev_dbg_encrypt(uint8_t *dest, const uint8_t *src, uint32_t len); + #endif diff --git a/sev.c b/sev.c index c7031d3..4e5da84 100644 --- a/sev.c +++ b/sev.c @@ -455,3 +455,26 @@ int kvm_sev_dbg_decrypt(uint8_t *dst, const uint8_t *src, uint32_t len) DPRINTF("SEV: DBG_DECRYPT dst %p src %p sz %d\n", dst, src, len); return 0; } + +int kvm_sev_dbg_encrypt(uint8_t *dst, const uint8_t *src, uint32_t len) +{ + int ret; + struct kvm_sev_dbg_encrypt encrypt; + struct kvm_sev_issue_cmd input; + + encrypt.src_addr = (unsigned long)src; + encrypt.dst_addr = (unsigned long)dst; + encrypt.length = len; + + input.cmd = KVM_SEV_DBG_ENCRYPT; + input.opaque = (unsigned long)&encrypt; + ret = kvm_vm_ioctl(kvm_state, KVM_SEV_ISSUE_CMD, &input); + if (ret) { + fprintf(stderr, "SEV: dbg_encrypt failed ret=%d(%#010x)\n", + ret, input.ret_code); + return 1; + } + + DPRINTF("SEV: DBG_ENCRYPT dst %p src %p sz %d\n", dst, src, len); + return 0; +}
