This RFC series provides support for AMD's new Secure Encrypted Virtualization (SEV) feature. This RFC is based KVM RFC [1].
SEV is an extension to the AMD-V architecture which supports running multiple VMs under the control of a hypervisor. The SEV feature allows the memory contents of a virtual machine (VM) to be transparently encrypted with a key unique to the guest VM. The memory controller contains a high performance encryption engine which can be programmed with multiple keys for use by a different VMs in the system. The programming and management of these keys is handled by the AMD Secure Processor firmware which exposes a commands for these tasks. SEV is designed to protect guest VMs from a benign but vulnerable (i.e. not fully malicious) hypervisor. In particular, it reduces the attack surface of guest VMs and can prevent certain types of VM-escape bugs (e.g. hypervisor read-anywhere) from being used to steal guest data. The KVM RFC introduced a new ioctl (KVM_SEV_ISSUE_CMD) which can be used by qemu to enable SEV for secure guest and assist performing common hypervisor activities such as a launching, running, snapshooting, migration and debugging a guests data. The following links provide additional details: AMD Memory Encryption whitepaper: http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf AMD64 Architecture Programmer's Manual: http://support.amd.com/TechDocs/24593.pdf SME is section 7.10 SEV is section 15.34 Secure Encrypted Virutualization Key Management: http://support.amd.com/TechDocs/55766_SEV-KM API_Spec.pdf KVM Forum slides: http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf KVM RFC link: [1] http://marc.info/?l=kvm&m=147191038624432&w=2 Video of the KVM Forum Talk: https://www.youtube.com/watch?v=RcvQ1xN55Ew --- The patches are based on (d75aa43 Update version for v2.7.0-rc4 release) Changes since v1: - Added Documentation - Added security-policy object. - Drop sev config parsing support and create new objects to get/set SEV specific parameters - Added sev-guest-info object. - Added sev-launch-info object. - Added kvm_memory_encrytion_* APIs. The idea behind this was to allow adding a non SEV memory encrytion object without modifying interfaces. - Drop patch to load OS image at fixed location. - updated LAUNCH_FINISH command structure. Now the structure contains just 'measurement' field. Other fields are not used and will also be removed from newer SEV firmware API spec. TODO: - investigate the possibilty of adding SEV support in UEFI BIOS. - implement RECEIVE_START, RECEIVE_UPDATE and RECEIVE_FINISH commands - implement SEND_START, SEND_UPDATE and SEND_FINISH commands - implement SEV guest migration and snapshotting support - virtio support in SEV guest Brijesh Singh (16): memattrs: add debug attrs exec: add guest RAM read and write ops exec: add debug version of physical memory read and write apis monitor: use debug version of memory access apis core: add new security-policy object sev: add Secure Encrypted Virtulization (SEV) support hmp: display memory encryption support in 'info kvm' core: loader: create memory encryption context before copying data sev: add LAUNCH_START command sev: add LAUNCH_UPDATE command sev: add LAUNCH_FINISH command sev: add DEBUG_DECRYPT command sev: add DEBUG_ENCRYPT command i386: set memory encryption ops for PC.BIOS and PC.RAM regions target-i386: add cpuid Fn8000_001f i386: clear C-bit in SEV guest page table walk Makefile.target | 2 cpus.c | 2 disas.c | 2 docs/amd-memory-encryption.txt | 260 ++++++++ exec.c | 96 +++ hmp.c | 2 hw/core/Makefile.objs | 1 hw/core/loader.c | 13 hw/core/machine.c | 22 + hw/core/security-policy.c | 166 +++++ hw/i386/pc.c | 7 hw/i386/pc_sysfw.c | 4 include/exec/cpu-common.h | 17 + include/exec/memattrs.h | 4 include/exec/memory.h | 25 + include/hw/boards.h | 1 include/sysemu/kvm.h | 6 include/sysemu/security-policy.h | 75 ++ include/sysemu/sev.h | 208 +++++++ kvm-all.c | 71 ++ monitor.c | 2 qapi-schema.json | 7 qemu-options.hx | 127 ++++ qmp.c | 1 sev.c | 1176 ++++++++++++++++++++++++++++++++++++++ target-i386/cpu.c | 10 target-i386/helper.c | 37 + target-i386/monitor.c | 51 +- 28 files changed, 2356 insertions(+), 39 deletions(-) create mode 100644 docs/amd-memory-encryption.txt create mode 100644 hw/core/security-policy.c create mode 100644 include/sysemu/security-policy.h create mode 100644 include/sysemu/sev.h create mode 100644 sev.c -- Brijesh Singh
