| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170913134509.6xydjlrob4dbcjfr@pd.tnic>
Date: Wed, 13 Sep 2017 15:45:09 +0200
From: Borislav Petkov <bp@...e.de>
To: Brijesh Singh <brijesh.singh@....com>
Cc: linux-kernel@...r.kernel.org, x86@...nel.org, kvm@...r.kernel.org,
Thomas Gleixner <tglx@...utronix.de>,
Joerg Roedel <joro@...tes.org>,
"Michael S . Tsirkin" <mst@...hat.com>,
Paolo Bonzini <pbonzini@...hat.com>,
\"Radim Krčmář\" <rkrcmar@...hat.com>,
Tom Lendacky <thomas.lendacky@....com>
Subject: Re: [RFC Part2 PATCH v3 12/26] KVM: Define SEV key management
command id
On Mon, Jul 24, 2017 at 03:02:49PM -0500, Brijesh Singh wrote:
> Define Secure Encrypted Virtualization (SEV) key management command id
> and structure. The command definition is available in SEV KM [1] spec
> 0.14 and Documentation/virtual/kvm/amd-memory-encryption.txt
>
> [1] http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf
>
> Signed-off-by: Brijesh Singh <brijesh.singh@....com>
> ---
> include/uapi/linux/kvm.h | 148 +++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 148 insertions(+)
>
> diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
> index 6074065..8decc88 100644
> --- a/include/uapi/linux/kvm.h
> +++ b/include/uapi/linux/kvm.h
> @@ -1367,6 +1367,154 @@ struct kvm_memory_encrypt_ram {
> __u64 size;
> };
>
> +/* Secure Encrypted Virtualization command */
> +enum sev_cmd_id {
> + /* Guest initialization commands */
> + KVM_SEV_INIT = 0,
> + KVM_SEV_ES_INIT,
> + /* Guest launch commands */
> + KVM_SEV_LAUNCH_START,
> + KVM_SEV_LAUNCH_UPDATE_DATA,
> + KVM_SEV_LAUNCH_UPDATE_VMSA,
> + KVM_SEV_LAUNCH_SECRET,
> + KVM_SEV_LAUNCH_MEASURE,
> + KVM_SEV_LAUNCH_FINISH,
> + /* Guest migration commands (outgoing) */
> + KVM_SEV_SEND_START,
> + KVM_SEV_SEND_UPDATE_DATA,
> + KVM_SEV_SEND_UPDATE_VMSA,
> + KVM_SEV_SEND_FINISH,
> + /* Guest migration commands (incoming) */
> + KVM_SEV_RECEIVE_START,
> + KVM_SEV_RECEIVE_UPDATE_DATA,
> + KVM_SEV_RECEIVE_UPDATE_VMSA,
> + KVM_SEV_RECEIVE_FINISH,
> + /* Guest status and debug commands */
> + KVM_SEV_GUEST_STATUS,
> + KVM_SEV_DBG_DECRYPT,
> + KVM_SEV_DBG_ENCRYPT,
> + /* Guest certificates commands */
> + KVM_SEV_CERT_EXPORT,
> +
> + KVM_SEV_NR_MAX,
> +};
> +
> +struct kvm_sev_cmd {
> + __u32 id;
> + __u64 data;
> + __u32 error;
> + __u32 sev_fd;
> +};
As before, if those structs are read from/written to hardware/firmware,
they should be declared __packed so that the compiler doesn't add
padding.
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
Powered by blists - more mailing lists