Add APIs to provide guest memory encryption support. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- include/sysemu/kvm.h | 8 ++++++ kvm-all.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+)
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index df67cc0..db00673 100644 --- a/include/sysemu/kvm.h +++ b/include/sysemu/kvm.h @@ -227,6 +227,14 @@ int kvm_init_vcpu(CPUState *cpu); int kvm_cpu_exec(CPUState *cpu); int kvm_destroy_vcpu(CPUState *cpu); +bool kvm_memory_encryption_enabled(void); +int kvm_memory_encryption_start(void); +int kvm_memory_encryption_finish(void); +void *kvm_memory_encryption_get_handle(void); +void kvm_memory_encryption_set_debug_ops(MemoryRegion *mr); +int kvm_memory_encryption_dec(uint8_t *dst, const uint8_t *src, uint32_t len); +int kvm_memory_encryption_enc(uint8_t *dst, const uint8_t *src, uint32_t len); + #ifdef NEED_CPU_H #include "cpu.h" diff --git a/kvm-all.c b/kvm-all.c index 330219e..86c810e 100644 --- a/kvm-all.c +++ b/kvm-all.c @@ -36,6 +36,7 @@ #include "qemu/event_notifier.h" #include "trace.h" #include "hw/irq.h" +#include "sysemu/security-policy.h" #include "hw/boards.h" @@ -101,6 +102,16 @@ struct KVMState #endif KVMMemoryListener memory_listener; QLIST_HEAD(, KVMParkedVcpu) kvm_parked_vcpus; + + /* memory encryption support */ + void *ehandle; + int (*mem_encrypt_start)(void *ehandle); + int (*mem_encrypt_finish)(void *ehandle); + int (*mem_encrypt_dec)(void *ehandle, uint8_t *dst, const uint8_t *src, + uint32_t len); + int (*mem_encrypt_enc)(void *ehandle, uint8_t *dst, const uint8_t *src, + uint32_t len); + void (*mem_encrypt_debug_ops)(void *ehandle, MemoryRegion *mr); }; KVMState *kvm_state; @@ -127,6 +138,59 @@ static const KVMCapabilityInfo kvm_required_capabilites[] = { KVM_CAP_LAST_INFO }; +bool kvm_memory_encryption_enabled(void) +{ + return kvm_state->ehandle ? true : false; +} + +int kvm_memory_encryption_start(void) +{ + if (kvm_state->mem_encrypt_start) { + return kvm_state->mem_encrypt_start(kvm_state->ehandle); + } + + return 1; +} + +int kvm_memory_encryption_finish(void) +{ + if (kvm_state->mem_encrypt_finish) { + return kvm_state->mem_encrypt_finish(kvm_state->ehandle); + } + + return 1; +} + +int kvm_memory_encryption_dec(uint8_t *dst, const uint8_t *src, uint32_t len) +{ + if (kvm_state->mem_encrypt_dec) { + return kvm_state->mem_encrypt_dec(kvm_state->ehandle, dst, src, len); + } + + return 1; +} + +int kvm_memory_encryption_enc(uint8_t *dst, const uint8_t *src, uint32_t len) +{ + if (kvm_state->mem_encrypt_enc) { + return kvm_state->mem_encrypt_enc(kvm_state->ehandle, dst, src, len); + } + + return 1; +} + +void kvm_memory_encryption_set_debug_ops(MemoryRegion *mr) +{ + if (kvm_state->mem_encrypt_debug_ops) { + return kvm_state->mem_encrypt_debug_ops(kvm_state->ehandle, mr); + } +} + +void *kvm_memory_encryption_get_handle(void) +{ + return kvm_state->ehandle; +} + int kvm_get_max_memslots(void) { KVMState *s = KVM_STATE(current_machine->accelerator);