lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240621123903.2411843-1-nikunj@amd.com>
Date: Fri, 21 Jun 2024 18:08:39 +0530
From: Nikunj A Dadhania <nikunj@....com>
To: <linux-kernel@...r.kernel.org>, <thomas.lendacky@....com>, <bp@...en8.de>,
	<x86@...nel.org>, <kvm@...r.kernel.org>
CC: <mingo@...hat.com>, <tglx@...utronix.de>, <dave.hansen@...ux.intel.com>,
	<pgonda@...gle.com>, <seanjc@...gle.com>, <pbonzini@...hat.com>,
	<nikunj@....com>
Subject: [PATCH v10 00/24] Add Secure TSC support for SNP guests

This patchset is also available at:

  https://github.com/AMDESE/linux-kvm/tree/sectsc-guest-latest

and is based on tip/x86/sev

commit: 06685975c209 ("x86/sev: Move SEV compilation units")
 
Overview
--------

Secure TSC allows guests to securely use RDTSC/RDTSCP instructions as the
parameters being used cannot be changed by hypervisor once the guest is
launched. More details in the AMD64 APM Vol 2, Section "Secure TSC".

During the boot-up of the secondary cpus, SecureTSC enabled guests need to
query TSC info from AMD Security Processor. This communication channel is
encrypted between the AMD Security Processor and the guest, the hypervisor
is just the conduit to deliver the guest messages to the AMD Security
Processor. Each message is protected with an AEAD (AES-256 GCM). See "SEV
Secure Nested Paging Firmware ABI Specification" document (currently at
https://www.amd.com/system/files/TechDocs/56860.pdf) section "TSC Info"

Use a minimal GCM library to encrypt/decrypt SNP Guest messages to
communicate with the AMD Security Processor which is available at early
boot.

SEV-guest driver has the implementation for guest and AMD Security
Processor communication. As the TSC_INFO needs to be initialized during
early boot before smp cpus are started, move most of the sev-guest driver
code to kernel/sev.c and provide well defined APIs to the sev-guest driver
to use the interface to avoid code-duplication.

Patches:
01-09: Preparatory patches for code movement and general cleanup/fixups
10-13: Patches moving SNP guest messaging code from SEV guest driver to
       SEV common code
14-16: Error handling and caching secrets page
17-24: SecureTSC enablement patches.

Testing SecureTSC
-----------------

SecureTSC hypervisor patches based on top of SEV-SNP Guest MEMFD series:
https://github.com/AMDESE/linux-kvm/tree/sectsc-host-latest

QEMU changes:
https://github.com/nikunjad/qemu/tree/snp-securetsc-latest

QEMU commandline SEV-SNP with SecureTSC:

  qemu-system-x86_64 -cpu EPYC-Milan-v2,+invtsc -smp 4 \
    -object memory-backend-memfd,id=ram1,size=1G,share=true,prealloc=false,reserve=false \
    -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,secure-tsc=on \
    -machine q35,confidential-guest-support=sev0,memory-backend=ram1 \
    ...

Changelog:
----------
v10:
* Rebased on top of tip/x86/sev
* Added Reviewed-by from Tom
* Commit message updates
* Change the condition for better readability in get_vmpck()
* Make vmpck_id as u32 again and use VMPCK_MAX_NUM as the default value

v9: https://lore.kernel.org/lkml/20240531043038.3370793-1-nikunj@amd.com/
* Added Acked-by/Reviewed-by
* Removed Reviewed-by/Tested-by from patches that had significant changes
* Added patch to make payload a variable length array in snp_guest_msg
* Fix all your user-visible strings (vmpck => VMPCK) and readabilty.
* Separated patch for message sequence handling
* Handle failures from snp_init() in sme_enable()
* Preparatory patches:
  * Carved out simplify VMPCK and OS message sequence changes
  * Carved out SNP guest messaging init/exit for proper initialization and
    cleanup.
  * Move SNP command mutex down and make it private to sev.c
* Pure code movement patch and subsequent code changes patches
* Drop patches adding guest initiation hook enc_init() and call
  snp_secure_tsc_prepare() from mem_encrypt.c
* Use CC_ATTR_GUEST_SECURE_TSC and drop synthetic SecureTSC feature bit

v8: https://lore.kernel.org/lkml/20240215113128.275608-1-nikunj@amd.com/
v7: https://lore.kernel.org/kvm/20231220151358.2147066-1-nikunj@amd.com/
v6: https://lore.kernel.org/lkml/20231128125959.1810039-1-nikunj@amd.com/
v5: https://lore.kernel.org/lkml/20231030063652.68675-1-nikunj@amd.com/
v4: https://lore.kernel.org/lkml/20230814055222.1056404-1-nikunj@amd.com/
v3: https://lore.kernel.org/lkml/20230722111909.15166-1-nikunj@amd.com/
v2: https://lore.kernel.org/r/20230307192449.24732-1-bp@alien8.de/
v1: https://lore.kernel.org/r/20230130120327.977460-1-nikunj@amd.com

Nikunj A Dadhania (24):
  virt: sev-guest: Use AES GCM crypto library
  virt: sev-guest: Replace dev_dbg with pr_debug
  virt: sev-guest: Make payload a variable length array
  virt: sev-guest: Add SNP guest request structure
  virt: sev-guest: Fix user-visible strings
  virt: sev-guest: Simplify VMPCK and sequence number assignments
  virt: sev-guest: Store VMPCK index to SNP guest device structure
  virt: sev-guest: Take mutex in snp_send_guest_request()
  virt: sev-guest: Carve out SNP guest messaging init/exit
  x86/sev: Move core SEV guest driver routines to common code
  x86/sev: Replace dev_[err,alert] with pr_[err,alert]
  x86/sev: Make snp_issue_guest_request() static
  x86/sev: Make sev-guest driver functional again
  x86/sev: Handle failures from snp_init()
  x86/sev: Cache the secrets page address
  x86/sev: Drop sev_guest_platform_data structure
  x86/cc: Add CC_ATTR_GUEST_SECURE_TSC
  x86/sev: Add Secure TSC support for SNP guests
  x86/sev: Change TSC MSR behavior for Secure TSC enabled guests
  x86/sev: Prevent RDTSC/RDTSCP interception for Secure TSC enabled
    guests
  x86/kvmclock: Skip kvmclock when Secure TSC is available
  x86/sev: Mark Secure TSC as reliable
  x86/cpu/amd: Do not print FW_BUG for Secure TSC
  x86/sev: Enable Secure TSC for SNP guests

 arch/x86/include/asm/sev-common.h       |   1 +
 arch/x86/include/asm/sev.h              | 196 ++++++-
 arch/x86/include/asm/svm.h              |   6 +-
 drivers/virt/coco/sev-guest/sev-guest.h |  63 ---
 include/linux/cc_platform.h             |   8 +
 arch/x86/boot/compressed/sev.c          |   3 +-
 arch/x86/coco/core.c                    |   3 +
 arch/x86/coco/sev/core.c                | 581 +++++++++++++++++--
 arch/x86/coco/sev/shared.c              |  10 +
 arch/x86/kernel/cpu/amd.c               |   3 +-
 arch/x86/kernel/kvmclock.c              |   2 +-
 arch/x86/mm/mem_encrypt.c               |   4 +
 arch/x86/mm/mem_encrypt_amd.c           |   4 +
 arch/x86/mm/mem_encrypt_identity.c      |   7 +
 drivers/virt/coco/sev-guest/sev-guest.c | 719 +++---------------------
 arch/x86/Kconfig                        |   1 +
 drivers/virt/coco/sev-guest/Kconfig     |   3 -
 17 files changed, 846 insertions(+), 768 deletions(-)
 delete mode 100644 drivers/virt/coco/sev-guest/sev-guest.h


base-commit: 06685975c2090e180851a0ff175c140188b6b54a
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ