Re: [PATCH v3] target/i386/sev: add support to query the attestation report
On Mon, May 31, 2021 at 04:01:16PM -0400, Eduardo Habkost wrote:
> On Thu, Apr 29, 2021 at 12:07:28PM -0500, Brijesh Singh wrote:
> > The SEV FW >= 0.23 added a new command that can be used to query the
> > attestation report containing the SHA-256 digest of the guest memory
> > and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK.
> >
> > Note, we already have a command (LAUNCH_MEASURE) that can be used to
> > query the SHA-256 digest of the guest memory encrypted through the
> > LAUNCH_UPDATE. The main difference between previous and this command
> > is that the report is signed with the PEK and unlike the LAUNCH_MEASURE
> > command the ATTESATION_REPORT command can be called while the guest
> > is running.
> >
> > Add a QMP interface "query-sev-attestation-report" that can be used
> > to get the report encoded in base64.
> >
> > Cc: James Bottomley
> > Cc: Tom Lendacky
> > Cc: Eric Blake
> > Cc: Paolo Bonzini
> > Cc: k...@vger.kernel.org
> > Reviewed-by: James Bottomley
> > Tested-by: James Bottomley
> > Signed-off-by: Brijesh Singh
> > ---
> [...]
> > +gsize len;
> [...]
> > +/* verify the input mnonce length */
> > +if (len != sizeof(input.mnonce)) {
> > +error_setg(errp, "SEV: mnonce must be %ld bytes (got %ld)",
> > +sizeof(input.mnonce), len);
>
> This breaks the build on i386. Failed CI job:
> https://gitlab.com/ehabkost/qemu/-/jobs/1300032082
>
> I'm applying the following fixup.
>
> Signed-off-by: Eduardo Habkost
> ---
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index 12899a31736..0e135d56e53 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -517,7 +517,7 @@ sev_get_attestation_report(const char *mnonce, Error
> **errp)
>
> /* verify the input mnonce length */
> if (len != sizeof(input.mnonce)) {
> -error_setg(errp, "SEV: mnonce must be %ld bytes (got %ld)",
> +error_setg(errp, "SEV: mnonce must be %ld bytes (got %"
> G_GSIZE_FORMAT ")",
> sizeof(input.mnonce), len);
> g_free(buf);
> return NULL;
The fix was incomplete, additional fixup was required.
Signed-off-by: Eduardo Habkost
---
diff --git a/0e135d56e53 b/target/i386/sev.c
index 0e135d56e53..1a88f127035 100644
--- a/0e135d56e53
+++ b/target/i386/sev.c
@@ -517,7 +517,7 @@ sev_get_attestation_report(const char *mnonce, Error **errp)
/* verify the input mnonce length */
if (len != sizeof(input.mnonce)) {
-error_setg(errp, "SEV: mnonce must be %ld bytes (got %" G_GSIZE_FORMAT
")",
+error_setg(errp, "SEV: mnonce must be %zu bytes (got %" G_GSIZE_FORMAT
")",
sizeof(input.mnonce), len);
g_free(buf);
return NULL;
--
Eduardo
Re: [PATCH v3] target/i386/sev: add support to query the attestation report
On Thu, Apr 29, 2021 at 12:07:28PM -0500, Brijesh Singh wrote:
> The SEV FW >= 0.23 added a new command that can be used to query the
> attestation report containing the SHA-256 digest of the guest memory
> and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK.
>
> Note, we already have a command (LAUNCH_MEASURE) that can be used to
> query the SHA-256 digest of the guest memory encrypted through the
> LAUNCH_UPDATE. The main difference between previous and this command
> is that the report is signed with the PEK and unlike the LAUNCH_MEASURE
> command the ATTESATION_REPORT command can be called while the guest
> is running.
>
> Add a QMP interface "query-sev-attestation-report" that can be used
> to get the report encoded in base64.
>
> Cc: James Bottomley
> Cc: Tom Lendacky
> Cc: Eric Blake
> Cc: Paolo Bonzini
> Cc: k...@vger.kernel.org
> Reviewed-by: James Bottomley
> Tested-by: James Bottomley
> Signed-off-by: Brijesh Singh
> ---
[...]
> +gsize len;
[...]
> +/* verify the input mnonce length */
> +if (len != sizeof(input.mnonce)) {
> +error_setg(errp, "SEV: mnonce must be %ld bytes (got %ld)",
> +sizeof(input.mnonce), len);
This breaks the build on i386. Failed CI job:
https://gitlab.com/ehabkost/qemu/-/jobs/1300032082
I'm applying the following fixup.
Signed-off-by: Eduardo Habkost
---
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 12899a31736..0e135d56e53 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -517,7 +517,7 @@ sev_get_attestation_report(const char *mnonce, Error **errp)
/* verify the input mnonce length */
if (len != sizeof(input.mnonce)) {
-error_setg(errp, "SEV: mnonce must be %ld bytes (got %ld)",
+error_setg(errp, "SEV: mnonce must be %ld bytes (got %" G_GSIZE_FORMAT
")",
sizeof(input.mnonce), len);
g_free(buf);
return NULL;
--
Eduardo
Re: [PATCH v3] target/i386/sev: add support to query the attestation report
On Thu, Apr 29, 2021 at 12:07:28PM -0500, Brijesh Singh wrote: > The SEV FW >= 0.23 added a new command that can be used to query the > attestation report containing the SHA-256 digest of the guest memory > and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK. > > Note, we already have a command (LAUNCH_MEASURE) that can be used to > query the SHA-256 digest of the guest memory encrypted through the > LAUNCH_UPDATE. The main difference between previous and this command > is that the report is signed with the PEK and unlike the LAUNCH_MEASURE > command the ATTESATION_REPORT command can be called while the guest > is running. > > Add a QMP interface "query-sev-attestation-report" that can be used > to get the report encoded in base64. > > Cc: James Bottomley > Cc: Tom Lendacky > Cc: Eric Blake > Cc: Paolo Bonzini > Cc: k...@vger.kernel.org > Reviewed-by: James Bottomley > Tested-by: James Bottomley > Signed-off-by: Brijesh Singh Queued, thanks! -- Eduardo
Re: [PATCH v3] target/i386/sev: add support to query the attestation report
Hi,
Ping. Please let me know if you have any feedback on this patch.
Thanks
On 4/29/21 12:07 PM, Brijesh Singh wrote:
> The SEV FW >= 0.23 added a new command that can be used to query the
> attestation report containing the SHA-256 digest of the guest memory
> and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK.
>
> Note, we already have a command (LAUNCH_MEASURE) that can be used to
> query the SHA-256 digest of the guest memory encrypted through the
> LAUNCH_UPDATE. The main difference between previous and this command
> is that the report is signed with the PEK and unlike the LAUNCH_MEASURE
> command the ATTESATION_REPORT command can be called while the guest
> is running.
>
> Add a QMP interface "query-sev-attestation-report" that can be used
> to get the report encoded in base64.
>
> Cc: James Bottomley
> Cc: Tom Lendacky
> Cc: Eric Blake
> Cc: Paolo Bonzini
> Cc: k...@vger.kernel.org
> Reviewed-by: James Bottomley
> Tested-by: James Bottomley
> Signed-off-by: Brijesh Singh
> ---
> v3:
> * free the buffer in error path.
>
> v2:
> * add trace event.
> * fix the goto to return NULL on failure.
> * make the mnonce as a base64 encoded string
>
> linux-headers/linux/kvm.h | 8 +
> qapi/misc-target.json | 38 ++
> target/i386/monitor.c | 6
> target/i386/sev-stub.c| 7
> target/i386/sev.c | 67 +++
> target/i386/sev_i386.h| 2 ++
> target/i386/trace-events | 1 +
> 7 files changed, 129 insertions(+)
>
> diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
> index 020b62a619..897f831374 100644
> --- a/linux-headers/linux/kvm.h
> +++ b/linux-headers/linux/kvm.h
> @@ -1591,6 +1591,8 @@ enum sev_cmd_id {
> KVM_SEV_DBG_ENCRYPT,
> /* Guest certificates commands */
> KVM_SEV_CERT_EXPORT,
> + /* Attestation report */
> + KVM_SEV_GET_ATTESTATION_REPORT,
>
> KVM_SEV_NR_MAX,
> };
> @@ -1643,6 +1645,12 @@ struct kvm_sev_dbg {
> __u32 len;
> };
>
> +struct kvm_sev_attestation_report {
> + __u8 mnonce[16];
> + __u64 uaddr;
> + __u32 len;
> +};
> +
> #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0)
> #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
> #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)
> diff --git a/qapi/misc-target.json b/qapi/misc-target.json
> index 0c7491cd82..4b62f0ac05 100644
> --- a/qapi/misc-target.json
> +++ b/qapi/misc-target.json
> @@ -285,3 +285,41 @@
> ##
> { 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
>'if': 'defined(TARGET_ARM)' }
> +
> +
> +##
> +# @SevAttestationReport:
> +#
> +# The struct describes attestation report for a Secure Encrypted
> Virtualization
> +# feature.
> +#
> +# @data: guest attestation report (base64 encoded)
> +#
> +#
> +# Since: 6.1
> +##
> +{ 'struct': 'SevAttestationReport',
> + 'data': { 'data': 'str'},
> + 'if': 'defined(TARGET_I386)' }
> +
> +##
> +# @query-sev-attestation-report:
> +#
> +# This command is used to get the SEV attestation report, and is supported
> on AMD
> +# X86 platforms only.
> +#
> +# @mnonce: a random 16 bytes value encoded in base64 (it will be included in
> report)
> +#
> +# Returns: SevAttestationReport objects.
> +#
> +# Since: 6.1
> +#
> +# Example:
> +#
> +# -> { "execute" : "query-sev-attestation-report", "arguments": { "mnonce":
> "aaa" } }
> +# <- { "return" : { "data": "bbbd"} }
> +#
> +##
> +{ 'command': 'query-sev-attestation-report', 'data': { 'mnonce': 'str' },
> + 'returns': 'SevAttestationReport',
> + 'if': 'defined(TARGET_I386)' }
> diff --git a/target/i386/monitor.c b/target/i386/monitor.c
> index 5994408bee..119211f0b0 100644
> --- a/target/i386/monitor.c
> +++ b/target/i386/monitor.c
> @@ -757,3 +757,9 @@ void qmp_sev_inject_launch_secret(const char *packet_hdr,
>
> sev_inject_launch_secret(packet_hdr, secret, gpa, errp);
> }
> +
> +SevAttestationReport *
> +qmp_query_sev_attestation_report(const char *mnonce, Error **errp)
> +{
> +return sev_get_attestation_report(mnonce, errp);
> +}
> diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c
> index 0207f1c5aa..0227cb5177 100644
> --- a/target/i386/sev-stub.c
> +++ b/target/i386/sev-stub.c
> @@ -74,3 +74,10 @@ int sev_es_save_reset_vector(void *flash_ptr, uint64_t
> flash_size)
> {
> abort();
> }
> +
> +SevAttestationReport *
> +sev_get_attestation_report(const char *mnonce, Error **errp)
> +{
> +error_setg(errp, "SEV is not available in this QEMU");
> +return NULL;
> +}
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index 72b9e2ab40..4b9d7d3bb9 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -491,6 +491,73 @@ out:
> return cap;
> }
>
> +SevAttestationReport *
> +sev_get_attestation_report(const char *mnonce, Error **errp)
> +{
> +struct kvm_sev_attestation_report input = {};
> +SevAttestationReport *report = NULL;
> +SevGuestState *sev =
Re: [PATCH v3] target/i386/sev: add support to query the attestation report
On 4/29/21 12:07 PM, Brijesh Singh wrote: > The SEV FW >= 0.23 added a new command that can be used to query the > attestation report containing the SHA-256 digest of the guest memory > and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK. > > Note, we already have a command (LAUNCH_MEASURE) that can be used to > query the SHA-256 digest of the guest memory encrypted through the > LAUNCH_UPDATE. The main difference between previous and this command > is that the report is signed with the PEK and unlike the LAUNCH_MEASURE > command the ATTESATION_REPORT command can be called while the guest typo: 'ATTESATION_REPORT' > is running. > > Add a QMP interface "query-sev-attestation-report" that can be used > to get the report encoded in base64. > > Cc: James Bottomley > Cc: Tom Lendacky > Cc: Eric Blake > Cc: Paolo Bonzini > Cc: k...@vger.kernel.org > Reviewed-by: James Bottomley > Tested-by: James Bottomley > Signed-off-by: Brijesh Singh Looks good to me! Reviewed-by: Connor Kuehl
[PATCH v3] target/i386/sev: add support to query the attestation report
The SEV FW >= 0.23 added a new command that can be used to query the
attestation report containing the SHA-256 digest of the guest memory
and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK.
Note, we already have a command (LAUNCH_MEASURE) that can be used to
query the SHA-256 digest of the guest memory encrypted through the
LAUNCH_UPDATE. The main difference between previous and this command
is that the report is signed with the PEK and unlike the LAUNCH_MEASURE
command the ATTESATION_REPORT command can be called while the guest
is running.
Add a QMP interface "query-sev-attestation-report" that can be used
to get the report encoded in base64.
Cc: James Bottomley
Cc: Tom Lendacky
Cc: Eric Blake
Cc: Paolo Bonzini
Cc: k...@vger.kernel.org
Reviewed-by: James Bottomley
Tested-by: James Bottomley
Signed-off-by: Brijesh Singh
---
v3:
* free the buffer in error path.
v2:
* add trace event.
* fix the goto to return NULL on failure.
* make the mnonce as a base64 encoded string
linux-headers/linux/kvm.h | 8 +
qapi/misc-target.json | 38 ++
target/i386/monitor.c | 6
target/i386/sev-stub.c| 7
target/i386/sev.c | 67 +++
target/i386/sev_i386.h| 2 ++
target/i386/trace-events | 1 +
7 files changed, 129 insertions(+)
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index 020b62a619..897f831374 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -1591,6 +1591,8 @@ enum sev_cmd_id {
KVM_SEV_DBG_ENCRYPT,
/* Guest certificates commands */
KVM_SEV_CERT_EXPORT,
+ /* Attestation report */
+ KVM_SEV_GET_ATTESTATION_REPORT,
KVM_SEV_NR_MAX,
};
@@ -1643,6 +1645,12 @@ struct kvm_sev_dbg {
__u32 len;
};
+struct kvm_sev_attestation_report {
+ __u8 mnonce[16];
+ __u64 uaddr;
+ __u32 len;
+};
+
#define KVM_DEV_ASSIGN_ENABLE_IOMMU(1 << 0)
#define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
#define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)
diff --git a/qapi/misc-target.json b/qapi/misc-target.json
index 0c7491cd82..4b62f0ac05 100644
--- a/qapi/misc-target.json
+++ b/qapi/misc-target.json
@@ -285,3 +285,41 @@
##
{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
'if': 'defined(TARGET_ARM)' }
+
+
+##
+# @SevAttestationReport:
+#
+# The struct describes attestation report for a Secure Encrypted Virtualization
+# feature.
+#
+# @data: guest attestation report (base64 encoded)
+#
+#
+# Since: 6.1
+##
+{ 'struct': 'SevAttestationReport',
+ 'data': { 'data': 'str'},
+ 'if': 'defined(TARGET_I386)' }
+
+##
+# @query-sev-attestation-report:
+#
+# This command is used to get the SEV attestation report, and is supported on
AMD
+# X86 platforms only.
+#
+# @mnonce: a random 16 bytes value encoded in base64 (it will be included in
report)
+#
+# Returns: SevAttestationReport objects.
+#
+# Since: 6.1
+#
+# Example:
+#
+# -> { "execute" : "query-sev-attestation-report", "arguments": { "mnonce":
"aaa" } }
+# <- { "return" : { "data": "bbbd"} }
+#
+##
+{ 'command': 'query-sev-attestation-report', 'data': { 'mnonce': 'str' },
+ 'returns': 'SevAttestationReport',
+ 'if': 'defined(TARGET_I386)' }
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index 5994408bee..119211f0b0 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -757,3 +757,9 @@ void qmp_sev_inject_launch_secret(const char *packet_hdr,
sev_inject_launch_secret(packet_hdr, secret, gpa, errp);
}
+
+SevAttestationReport *
+qmp_query_sev_attestation_report(const char *mnonce, Error **errp)
+{
+return sev_get_attestation_report(mnonce, errp);
+}
diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c
index 0207f1c5aa..0227cb5177 100644
--- a/target/i386/sev-stub.c
+++ b/target/i386/sev-stub.c
@@ -74,3 +74,10 @@ int sev_es_save_reset_vector(void *flash_ptr, uint64_t
flash_size)
{
abort();
}
+
+SevAttestationReport *
+sev_get_attestation_report(const char *mnonce, Error **errp)
+{
+error_setg(errp, "SEV is not available in this QEMU");
+return NULL;
+}
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 72b9e2ab40..4b9d7d3bb9 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -491,6 +491,73 @@ out:
return cap;
}
+SevAttestationReport *
+sev_get_attestation_report(const char *mnonce, Error **errp)
+{
+struct kvm_sev_attestation_report input = {};
+SevAttestationReport *report = NULL;
+SevGuestState *sev = sev_guest;
+guchar *data;
+guchar *buf;
+gsize len;
+int err = 0, ret;
+
+if (!sev_enabled()) {
+error_setg(errp, "SEV is not enabled");
+return NULL;
+}
+
+/* lets decode the mnonce string */
+buf = g_base64_decode(mnonce, );
+if (!buf) {
+error_setg(errp, "SEV: failed to decode mnonce input");
+return NULL;
+}
+
+/* verify the input mnonce
