lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230127114108.10025-1-joey.gouly@arm.com>
Date:   Fri, 27 Jan 2023 11:40:41 +0000
From:   Joey Gouly <joey.gouly@....com>
To:     Andrew Jones <andrew.jones@...ux.dev>, <kvmarm@...ts.linux.dev>,
        <kvm@...r.kernel.org>
CC:     <joey.gouly@....com>, Alexandru Elisei <alexandru.elisei@....com>,
        Christoffer Dall <christoffer.dall@....com>,
        Fuad Tabba <tabba@...gle.com>,
        Jean-Philippe Brucker <jean-philippe@...aro.org>,
        Joey Gouly <Joey.Gouly@....com>, Marc Zyngier <maz@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        Oliver Upton <oliver.upton@...ux.dev>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Quentin Perret <qperret@...gle.com>,
        Steven Price <steven.price@....com>,
        Suzuki K Poulose <suzuki.poulose@....com>,
        "Thomas Huth" <thuth@...hat.com>, Will Deacon <will@...nel.org>,
        Zenghui Yu <yuzenghui@...wei.com>,
        <linux-coco@...ts.linux.dev>, <kvmarm@...ts.cs.columbia.edu>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-kernel@...r.kernel.org>
Subject: [RFC kvm-unit-tests 00/27] Support for Arm Confidential Compute Architecture

This series adds support for running the kvm-unit-tests in the Arm CCA reference
software architecture. See more details on Arm CCA and how to build/run the     
entire stack here [0].                                                          
                                                                                
This involves enlightening the boot/setup code with the Realm Service Interface 
(RSI). The series also includes new test cases that exercise the RSI calls.     
                                                                                
Currently we only support "kvmtool" as the VMM for running Realms. There was    
an attempt to add support for running the test scripts using with kvmtool here [1],
which hasn't progressed. It would be good to have that resolved, so that we can 
run all the tests without manually specifying the commandlines for each run.    
For the purposes of running the Realm specific tests, we have added a "temporary"
script "run-realm-tests" until the kvmtool support is added. We do not expect   
this to be merged.                                                              
                                                                                
                                                                                
Base Realm Support                                                              
-------------------                                                             
                                                                                
Realm IPA Space                                                                 
---------------                                                                 
When running on in Realm world, the (Guest) Physical Address - aka Intermediate 
Physical Address (IPA) in Arm terminology - space of the VM is split into two halves,
protected (lower half) and un-protected (upper half). A protected IPA will      
always map pages in the "realm world" and  the contents are not accessible to   
the host. An unprotected IPA on the other hand can be mapped to page in the     
"normal world" and thus shared with the host. All host emulated MMIO ranges must
be in unprotected IPA space.                                                    
                                                                                
Realm can query the Realm Management Monitor for the configuration via RSI call 
(RSI_REALM_CONFIG) and identify the "boundary" of the "IPA" split.              
                                                                                
As far as the hyp/VMM is concerned, there is only one "IPA space" (the lower    
half) of memory map. The "upper half" is "unprotected alias" of the memory map. 
                                                                                
In the guest, this is achieved by "treating the MSB (1 << (IPA_WIDTH - 1))" as  
a protection attribute (PTE_NS_SHARED), where the Realm applies this to any     
address, it thinks is acccessed/managed by host (e.g., MMIO, shared pages).     
Given that this is runtime variable (but fixed for a given Realm), uses a       
variable to track the value.                                                    
                                                                                
All I/O regions are marked as "shared". Care is taken to ensure I/O access (uart)
with MMU off uses the "Unprotected Physical address".                           
                                                                                
                                                                                
Realm IPA State                                                                 
---------------                                                                 
Additionally, each page (4K) in the protected IPA space has a state associated  
(Realm IPA State - RIPAS) with it. It is either of :                            
   RIPAS_EMPTY                                                                  
   RIPAS_RAM                                                                    
                                                                                
Any IPA backed by RAM, must be marked as RIPAS_RAM before an access is made to  
it. The hypervisor/VMM does this for the initial image loaded into the Realm    
memory before the Realm starts execution. Given the kvm-unit-test flat files do 
not contain a metadata header (e.g., like the arm64 Linux kernel Image),        
indicating the "actual image size in memory", the VMM cannot transition the     
area towards the end of the image (e.g., bss, stack) which are accessed very    
early during boot. Thus the early boot assembly code will mark the area upto    
the stack as RAM.                                                               
                                                                                
Once we land in the C code, we mark target relocation area for FDT and          
initrd as RIPAS_RAM. At this point, we can scan the FDT and mark all RAM memory 
blocks as RIPAS_RAM.                                                            
                                                                                
TODO: It would be good to add an image header to the flat files indicating the  
size, which can take the burden off doing the early assembly boot code RSI calls.
                                                                                
Shared Memory support                                                           
---------------------                                                           
Given the "default" memory of a VM is not accessible to host, we add new page   
alloc/free routines for "memory shared" with the host. e.g., GICv3-ITS must use 
shared pages for ITS emulation.                                                 
                                                                                
RSI Test suites                                                                 
--------------                                                                  
There are new testcases added to exercise the RSI interfaces and the RMM flows. 
                                                                                
Attestation and measurement services related RSI tests require parsing tokens   
and claims returned by the RMM. This is achieved with the help of QCBOR library 
[2], which is added as a submodule to the project. We have also added a wrapper 
library - libtokenverifier - around the QCBOR to parse the tokens according to  
the RMM specifications.                                                         
                                                                                
The patches are also available here:                                           
                                                                                
 https://gitlab.arm.com/linux-arm/kvm-unit-tests-cca cca/rfc-v1                     
                                                                                
                                                                                
 [0] https://lore.kernel.org/all/20230127112248.136810-1-suzuki.poulose@arm.com/
 [1] https://lkml.kernel.org/r/20210702163122.96110-1-alexandru.elisei@arm.com  
 [2] https://github.com/laurencelundblade/QCBOR   

Thanks,
Joey

Cc: Alexandru Elisei <alexandru.elisei@....com>
Cc: Andrew Jones <andrew.jones@...ux.dev>
Cc: Christoffer Dall <christoffer.dall@....com>
Cc: Fuad Tabba <tabba@...gle.com>
Cc: Jean-Philippe Brucker <jean-philippe@...aro.org>
Cc: Joey Gouly <Joey.Gouly@....com>
Cc: Marc Zyngier <maz@...nel.org>
Cc: Mark Rutland <mark.rutland@....com>
Cc: Oliver Upton <oliver.upton@...ux.dev>
Cc: Paolo Bonzini <pbonzini@...hat.com>
Cc: Quentin Perret <qperret@...gle.com>
Cc: Steven Price <steven.price@....com>
Cc: Suzuki K Poulose <suzuki.poulose@....com>
Cc: Thomas Huth <thuth@...hat.com>
Cc: Will Deacon <will@...nel.org>
Cc: Zenghui Yu <yuzenghui@...wei.com>
Cc: linux-coco@...ts.linux.dev
Cc: kvmarm@...ts.linux.dev
Cc: kvmarm@...ts.cs.columbia.edu
Cc: linux-arm-kernel@...ts.infradead.org
Cc: linux-kernel@...r.kernel.org
Cc: kvm@...r.kernel.org

Alexandru Elisei (3):
  arm: Expand SMCCC arguments and return values
  arm: selftest: realm: skip pabt test when running in a realm
  NOT-FOR-MERGING: add run-realm-tests

Djordje Kovacevic (1):
  arm: realm: Add tests for in realm SEA

Gareth Stockwell (1):
  arm: realm: add hvc and RSI_HOST_CALL tests

Jean-Philippe Brucker (1):
  arm: Move io_init after vm initialization

Joey Gouly (9):
  lib/string: include stddef.h for size_t
  arm: realm: Add RSI interface header
  arm: Make physical address mask dynamic
  arm: Introduce NS_SHARED PTE attribute
  arm: realm: Make uart available before MMU is enabled
  arm: realm: Realm initialisation
  arm: realm: Add support for changing the state of memory
  arm: realm: Add RSI version test
  lib/alloc_page: Add shared page allocation support

Mate Toth-Pal (2):
  arm: Add a library to verify tokens using the QCBOR library
  arm: realm: Add Realm attestation tests

Subhasish Ghosh (1):
  arm: realm: Add test for FPU/SIMD context save/restore

Suzuki K Poulose (9):
  arm: realm: Set RIPAS state for RAM
  arm: realm: Early memory setup
  arm: gic-v3-its: Use shared pages wherever needed
  arm: realm: Enable memory encryption
  qcbor: Add QCBOR as a submodule
  arm: Add build steps for QCBOR library
  arm: realm: add RSI interface for attestation measurements
  arm: realm: Add helpers to decode RSI return codes
  arm: realm: Add a test for shared memory

 .gitmodules                         |    3 +
 arm/Makefile.arm64                  |   17 +-
 arm/Makefile.common                 |    1 +
 arm/cstart.S                        |   49 +-
 arm/cstart64.S                      |  123 ++-
 arm/realm-attest.c                  | 1125 +++++++++++++++++++++++++++
 arm/realm-fpu.c                     |  242 ++++++
 arm/realm-ns-memory.c               |   86 ++
 arm/realm-rsi.c                     |  157 ++++
 arm/realm-sea.c                     |  143 ++++
 arm/run-realm-tests                 |   56 ++
 arm/selftest.c                      |    9 +-
 arm/unittests.cfg                   |   94 +++
 lib/alloc_page.c                    |   34 +-
 lib/alloc_page.h                    |   24 +
 lib/arm/asm/arm-smccc.h             |   44 ++
 lib/arm/asm/psci.h                  |   13 +-
 lib/arm/asm/rsi.h                   |   16 +
 lib/arm/gic-v3.c                    |    6 +-
 lib/arm/io.c                        |   24 +-
 lib/arm/mmu.c                       |   73 +-
 lib/arm/psci.c                      |   19 +-
 lib/arm/setup.c                     |   17 +-
 lib/arm64/asm/arm-smccc.h           |    6 +
 lib/arm64/asm/io.h                  |    6 +
 lib/arm64/asm/pgtable-hwdef.h       |    6 -
 lib/arm64/asm/pgtable.h             |   20 +
 lib/arm64/asm/processor.h           |    8 +
 lib/arm64/asm/rsi.h                 |   84 ++
 lib/arm64/asm/smc-rsi.h             |  139 ++++
 lib/arm64/gic-v3-its.c              |    6 +-
 lib/arm64/rsi.c                     |  143 ++++
 lib/libcflat.h                      |    1 +
 lib/qcbor                           |    1 +
 lib/string.h                        |    2 +
 lib/token_verifier/attest_defines.h |   50 ++
 lib/token_verifier/token_dumper.c   |  158 ++++
 lib/token_verifier/token_dumper.h   |   15 +
 lib/token_verifier/token_verifier.c |  591 ++++++++++++++
 lib/token_verifier/token_verifier.h |   77 ++
 40 files changed, 3640 insertions(+), 48 deletions(-)
 create mode 100644 .gitmodules
 create mode 100644 arm/realm-attest.c
 create mode 100644 arm/realm-fpu.c
 create mode 100644 arm/realm-ns-memory.c
 create mode 100644 arm/realm-rsi.c
 create mode 100644 arm/realm-sea.c
 create mode 100755 arm/run-realm-tests
 create mode 100644 lib/arm/asm/arm-smccc.h
 create mode 100644 lib/arm/asm/rsi.h
 create mode 100644 lib/arm64/asm/arm-smccc.h
 create mode 100644 lib/arm64/asm/rsi.h
 create mode 100644 lib/arm64/asm/smc-rsi.h
 create mode 100644 lib/arm64/rsi.c
 create mode 160000 lib/qcbor
 create mode 100644 lib/token_verifier/attest_defines.h
 create mode 100644 lib/token_verifier/token_dumper.c
 create mode 100644 lib/token_verifier/token_dumper.h
 create mode 100644 lib/token_verifier/token_verifier.c
 create mode 100644 lib/token_verifier/token_verifier.h

-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ