[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240621134041.3170480-1-michael.roth@amd.com>
Date: Fri, 21 Jun 2024 08:40:36 -0500
From: Michael Roth <michael.roth@....com>
To: <kvm@...r.kernel.org>
CC: <linux-coco@...ts.linux.dev>, <linux-kernel@...r.kernel.org>,
<x86@...nel.org>, <pbonzini@...hat.com>, <seanjc@...gle.com>,
<jroedel@...e.de>, <thomas.lendacky@....com>, <pgonda@...gle.com>,
<ashish.kalra@....com>, <bp@...en8.de>, <pankaj.gupta@....com>,
<liam.merwick@...cle.com>
Subject: [PATCH v1 0/5] SEV-SNP: Add KVM support for attestation and KVM_EXIT_COCO
This patchset is also available at:
https://github.com/amdese/linux/commits/snp-guest-req-v1
and is based on top of kvm-coco-queue (ace0c64d8975):
https://git.kernel.org/pub/scm/virt/kvm/kvm.git/log/?h=kvm-coco-queue
As discussed on the PUCK call a few weeks back, I'm re-submitting as a
separate patchset the SNP guest request support that was originally part of
the SNP KVM base support patchset that's now in kvm/next and will be in
kernel 6.11. This support is needed to ensure fully compliance with GHCB
2.0 specification and to support attestation in general, so I'm hoping it
can also make it into 6.11.
I've tried to organize things so the first 3 patches can be applied without
too much controversy and decoupled from any discussion regarding the
KVM_EXIT_COCO/KVM_EXIT_COCO_REQ_CERTS APIs, since the APIs are only needed
specifically to add optional support for userspace-provided certificate
data. That said, I have based those APIs around what was discussed during
the above-mentioned PUCK call, so I'm hoping the API bits aren't too far
off from whatever the consensus ends up being.
Overview
--------
The GHCB 2.0 specification defines 2 GHCB request types to allow SNP guests
to send encrypted messages/requests to firmware: SNP Guest Requests and SNP
Extended Guest Requests. These encrypted messages are used for things like
servicing attestation requests issued by the guest. Implementing support for
these is required to be fully GHCB-compliant.
For the most part, KVM only needs to handle forwarding these requests to
firmware (to be issued via the SNP_GUEST_REQUEST firmware command defined
in the SEV-SNP Firmware ABI), and then forwarding the encrypted response to
the guest.
However, in the case of SNP Extended Guest Requests, the host is also
able to provide the certificate data corresponding to the endorsement key
used by firmware to sign attestation report requests. This certificate data
is provided by userspace because:
1) It allows for different keys/key types to be used for each particular
guest with requiring any sort of KVM API to configure the certificate
table in advance on a per-guest basis.
2) It provides additional flexibility with how attestation requests might
be handled during live migration where the certificate data for
source/dest might be different.
3) It allows all synchronization between certificates and firmware/signing
key updates to be handled purely by userspace rather than requiring
some in-kernel mechanism to facilitate it. [1]
To support fetching certificate data from userspace, a new KVM exit type is
used to fetch the data similarly to KVM_EXIT_MMIO/etc. Since there is
potential for more CoCo-related exits, this series implements this as a more
general KVM_EXIT_COCO exit type, where individual sub-types can be enabled
similarly to how KVM_EXIT_HYPERCALL/KVM_CAP_EXIT_HYPERCALL are handling, and
then introduces the KVM_EXIT_COCO_REQ_CERTS sub-type to implement certficate
handling.
[1] https://lore.kernel.org/kvm/ZS614OSoritrE1d2@google.com/
Patch Layout
------------
1-3: These patches provide a base implementation of SNP_GUEST_REQUEST and
SNP_EXTENDED_GUEST_REQUEST that satisfies the requirements of the GHCB
2.0 specification, but does not implement optional support for providing
a certificate table for SNP_EXTENDED_GUEST_REQUEST messages
corresponding to attestation requests.
4: This patch introduces/documents the KVM API for KVM_EXIT_COCO along with
it's first sub-type, KVM_EXIT_COCO_REQ_CERTS, which will be used to
fetch certificate table data from userspace.
5: This patch makes use of the KVM_EXIT_COCO_REQ_CERTS event to allow
certificate table data to be fetched from userspace and provided to the
guest when attestation requests are issued via
SNP_EXTENDED_GUEST_REQUEST messages.
Testing
-------
For testing this via QEMU, use the following tree:
https://github.com/amdese/qemu/commits/snp-guest-req-v1-wip1
A basic command-line invocation for SNP would be:
qemu-system-x86_64 -smp 32,maxcpus=255 -cpu EPYC-Milan-v2
-machine q35,confidential-guest-support=sev0,memory-backend=ram1
-object memory-backend-memfd,id=ram1,size=4G,share=true,reserve=false
-object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,id-auth=
-bios OVMF_CODE-upstream-20240410-apic-mmio-fix1d-AmdSevX64.fd
With certificate data supplied:
qemu-system-x86_64 -smp 32,maxcpus=255 -cpu EPYC-Milan-v2
-machine q35,confidential-guest-support=sev0,memory-backend=ram1
-object memory-backend-memfd,id=ram1,size=4G,share=true,reserve=false
-object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,id-auth=,certs-path=/home/mroth/cert.blob
-bios OVMF_CODE-upstream-20240410-apic-mmio-fix1d-AmdSevX64.fd
The format of the certificate blob is defined in the GHCB 2.0 specification,
but if it's not being parsed on the guest-side then random data will suffice
for testing the KVM bits.
Any feedback/review is appreciated.
Thanks!
-Mike
Changes since splitting this off from v15 SNP KVM patchset:
* Address clang-reported warnings regarding uninitialized variables
* Address a memory leak of the request/response buffer pages, and refactor
the code based on Sean's suggestions:
https://lore.kernel.org/kvm/ZktbBRLXeOp9X6aH@google.com/
* Fix SNP Extended Guest Request handling to only attempt to fetch
certificates if handling MSG_REQ_REPORT (attestation) message types
* Drop KVM_EXIT_VMGEXIT and introduce KVM_EXIT_COCO events instead
* Refactor patch layout for easier handling/review
----------------------------------------------------------------
Brijesh Singh (1):
KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event
Michael Roth (4):
x86/sev: Move sev_guest.h into common SEV header
KVM: SEV: Provide support for SNP_EXTENDED_GUEST_REQUEST NAE event
KVM: Introduce KVM_EXIT_COCO exit type
KVM: SEV: Add certificate support for SNP_EXTENDED_GUEST_REQUEST events
Documentation/virt/kvm/api.rst | 109 ++++++++++++++++++++++
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/include/asm/sev.h | 48 ++++++++++
arch/x86/kvm/svm/sev.c | 158 ++++++++++++++++++++++++++++++++
arch/x86/kvm/x86.c | 13 +++
drivers/virt/coco/sev-guest/sev-guest.c | 2 -
drivers/virt/coco/sev-guest/sev-guest.h | 63 -------------
include/uapi/linux/kvm.h | 20 ++++
include/uapi/linux/sev-guest.h | 9 ++
9 files changed, 358 insertions(+), 65 deletions(-)
delete mode 100644 drivers/virt/coco/sev-guest/sev-guest.h
Powered by blists - more mailing lists