[libvirt] [PATCH v9 00/11] x86: Secure Encrypted Virtualization (AMD)

Brijesh Singh brijesh.singh at amd.com
Fri Jun 8 15:14:35 UTC 2018


Re: Jano's below comment

(Also, some of the patches have double "<< >>" around your e-mail,
how did that happen?)

I am not sure what I am doing that is causing the double "<< >>" around 
my email address in some patches. I tried fixing it after I saw Jano 
note but it somehow happens again...I have no explanation on what is 
going on. Whoever commits the series, can you please remove one of the 
quote from the my email address, Or I can try fixing it and resend the 
series. Please let me know. thanks


On 06/08/2018 09:40 AM, Brijesh Singh wrote:
> This patch series provides support for launching an encrypted guest using
> AMD's new Secure Encrypted  Virtualization (SEV) feature.
> 
> SEV is an extension to the AMD-V architecture which supports running
> multiple VMs under the control of a hypervisor. When enabled, SEV feature
> allows the memory contents of a virtual machine (VM) to be transparently
> encrypted with a key unique to the guest VM.
> 
> At very high level the flow looks this:
> 
> 1. mgmt tool calls virConnectGetDomainCapabilities. This returns an XML document
> that includes the following
> 
> <feature>
> ...
>    <sev supported='yes'>
>      <cbitpos> </cbitpos>
>      <reduced-phys-bits> </reduced-phys-bits>
>    </sev>
> </feature>
> 
> If <sev> is provided then we indicate that hypervisor is capable of launching
> SEV guest. mgmt tool can call virNodeGetSEVCapabilities() to get the additional
> informations like PDH and certificate chain etc.
> 
> 2. (optional) mgmt tool can provide the PDH and Cert-chain to guest owner in case
> if guest owner wish to establish a secure connection with SEV firmware to
> negotiate a key used for validating the measurement.
> 
> 3. mgmt tool requests to start a guest calling virCreateXML(), passing \
> VIR_DOMAIN_START_PAUSED. The xml would include
> 
> <launch-security type='sev'>
>    <cbitpos>47</cbitpos>
>    <reduced-phys-bits>1</reduced-phys-bits>
>    <policy>0x1</policy>
> 
>    (optional)
>    <dh-cert> </dh-cert> /* Guest owners Diffie-Hellman key */
>    <session> </session> /* Guest owners Session blob */
> </launch-security>
> 
> 4. Libvirt generate the QEMU cli arg to enable the SEV feature, a typical
> args looks like this:
> 
> # $QEMU ..
> -machine memory-encryption=sev0 \
> -object sev-guest,id=sev0,dh-cert-file=<file>....
> 
> 5. Libvirt generates lifecycle VIR_DOMAIN_EVENT_SUSPENDED_PAUSED event
> 
> 6. mgmt tool gets the VIR_DOMAIN_EVENT_SUSPENDED_PAUSED and calls \
> virDomainGetLaunchSecretInfo() to retrieve the measurement of encrypted memory.
> 
> 7. (optional) mgmt tool can provide the measurement value to guest owner, which can
> validate the measurement and gives GO/NO-GO answer. If mgmt tool gets GO then
> it resumes the guest otherwise it calls destroy() to kill the guest.
> 
> 8. mgmt tool resumes the guest
> 
> TODO:
> * SEV guest require to use DMA apis for the virtio devices. In order to use the DMA
> apis the virtio devices must have this tag
> 
> <driver iommu=on ats=on>
> 
> It is a bit unclear to me where these changes need to go. Do we need to
> modify the libvirt to automatically add these when SEV is enabled or
> we ask mgmt tool to make sure that it creates XML with right tag to enable
> the DMA APIs for virtio devices. I am looking for some suggestions.
> 
> Using these patches we have succesfully booted and tested a guest both with and
> without SEV enabled.
> 
> SEV Firmware API spec is available at:
> https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
> 
> Changes sicne v8:
> * rename qemuGetSEVInfo -> qemuGetSEVInfoToParams
> * use virQEMUCapsCacheLookupByArch to get qemuCaps
> 
> Change since v7:
> * rename virNodeSEVCapability() -> virNodeSEVInfo()
> * rebase the series
> 
> Changes since v6:
> * add API to get SEV PDH and Certificate chain data
> * drop virsh command changes. We can revisit this later when we have
>    more visibility on setter.
> 
> Change since v5:
> * drop the seperate test patch and merge the code with other patches.
> * rename the xml from sev -> launch-security-sev
> * make policy field mandatory
> * address multiple feedback from previous reviews.
> 
> Changes since v4:
> * add /dev/sev in shared device list
> 
> Changes since v3:
> * rename QEMU_CAPS_SEV -> QEMU_CAPS_SEV_GUEST
> * update caps_2.12.0.x86_64.replies to include query-sev-capabilities data
> 
> Changes since v2:
> * make cbitpos, policy and reduced-phys-bits as unsigned int
> * update virDomainGetLaunchSecurityInfo to accept virTypedParameterPtr *params
> instead of virTypedParameterPtr params.
> 
> Changes since v1:
> * rename <sev> -> <launch-security> for domain
> * add more information about policy and other fields in domaincaps.html
> * split the domain_conf support in two patches
> * add virDomainGetLaunchInfo() to retrieve the SEV measurement
> * extend virsh command to show the domain's launch security information
> * add test cases to validate newly added <launch-security> element
> * fix issues reported with 'make check' and 'make syntax-check'
> 
> The complete git tree is available at:
> https://github.com/codomania/libvirt/tree/v9
> 
> Brijesh Singh (11):
>    qemu: provide support to query the SEV capability
>    conf: expose SEV feature in domain capabilities
>    libvirt: Introduce virNodeGetSEVInfo public API
>    remote: implement the remote protocol for virNodeGetSEVInfo()
>    qemu: Implement the driver backend for virNodeGetSEVInfo()
>    conf: introduce launch-security element in domain
>    qemu/cgroup: add /dev/sev in shared devices list
>    qemu: add support to launch SEV guest
>    libvirt: Introduce virDomainGetLaunchSecurityInfo public API
>    remote: implement the remote protocol for launch security
>    qemu: Implement the driver backend for virDomainGetLaunchSecurityInfo
> 
>   docs/drvqemu.html.in                               |   3 +-
>   docs/formatdomain.html.in                          | 115 ++++++++++++++++
>   docs/formatdomaincaps.html.in                      |  30 ++++
>   docs/schemas/domaincaps.rng                        |  14 ++
>   docs/schemas/domaincommon.rng                      |  37 +++++
>   include/libvirt/libvirt-domain.h                   |  17 +++
>   include/libvirt/libvirt-host.h                     |  42 ++++++
>   src/conf/domain_capabilities.c                     |  30 ++++
>   src/conf/domain_capabilities.h                     |  13 ++
>   src/conf/domain_conf.c                             | 133 ++++++++++++++++++
>   src/conf/domain_conf.h                             |  27 ++++
>   src/driver-hypervisor.h                            |  14 ++
>   src/libvirt-domain.c                               |  48 +++++++
>   src/libvirt-host.c                                 |  49 +++++++
>   src/libvirt_private.syms                           |   1 +
>   src/libvirt_public.syms                            |   2 +
>   src/qemu/qemu.conf                                 |   2 +-
>   src/qemu/qemu_capabilities.c                       |  90 +++++++++++-
>   src/qemu/qemu_capabilities.h                       |   6 +
>   src/qemu/qemu_capspriv.h                           |   4 +
>   src/qemu/qemu_cgroup.c                             |   2 +-
>   src/qemu/qemu_command.c                            |  41 ++++++
>   src/qemu/qemu_driver.c                             | 151 +++++++++++++++++++++
>   src/qemu/qemu_monitor.c                            |  18 +++
>   src/qemu/qemu_monitor.h                            |   6 +
>   src/qemu/qemu_monitor_json.c                       | 121 +++++++++++++++++
>   src/qemu/qemu_monitor_json.h                       |   5 +
>   src/qemu/qemu_process.c                            |  62 +++++++++
>   src/qemu/test_libvirtd_qemu.aug.in                 |   1 +
>   src/remote/remote_daemon_dispatch.c                |  91 +++++++++++++
>   src/remote/remote_driver.c                         |  80 +++++++++++
>   src/remote/remote_protocol.x                       |  39 +++++-
>   src/remote_protocol-structs                        |  23 ++++
>   tests/genericxml2xmlindata/launch-security-sev.xml |  24 ++++
>   tests/genericxml2xmltest.c                         |   2 +
>   .../caps_2.12.0.x86_64.replies                     |  10 ++
>   tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml  |   3 +-
>   tests/qemuxml2argvdata/launch-security-sev.args    |  29 ++++
>   tests/qemuxml2argvdata/launch-security-sev.xml     |  37 +++++
>   tests/qemuxml2argvtest.c                           |   4 +
>   40 files changed, 1420 insertions(+), 6 deletions(-)
>   create mode 100644 tests/genericxml2xmlindata/launch-security-sev.xml
>   create mode 100644 tests/qemuxml2argvdata/launch-security-sev.args
>   create mode 100644 tests/qemuxml2argvdata/launch-security-sev.xml
> 




More information about the libvir-list mailing list