[libvirt] [PATCH] x86: Multi-key Total Memory Encryption (Intel)

Peter Krempa pkrempa at redhat.com
Mon May 6 08:38:39 UTC 2019 

On Wed, May 01, 2019 at 14:41:57 -0700, Larkins Carvalho wrote:
> From: llcarval <larkins.l.carvalho at intel.com>
> 
> Total Memory Encryption (TME) – provides the capability to encrypt the
> entirety of the physical memory of a system. MKTME builds on TME and
> adds support for multiple encryption keys.
> 
> High Level flow:
> 
> 1. Management tool calls virNodeGetMKTMEInfo. This returns an XML document
> that includes the following
> 
> <feature>
> ...
>   <mktme supported='yes'>
>     <keys_supported> </keys_supported>
>   </mktme>
> </feature>
> 
> 2. Management tool requests to start a guest calling virCreateXML(). The xml would include
> 
> <launchsecurity type='mktme'>
>   <id>m0</id>
>   <key_type>user</key_type>
>   <key>samplekey</key>
>   <encryption_algorithm>aes-xts-128</encryption_algorithm>
> </launchSecurity>
> 
> 3. Libvirt makes system call with the provided information to generate a key handle using linux keyring services.
> Qemu uses the key handle to launch the workload.
> 
> 4. Libvirt generate the QEMU cli arg to enable the MKTME feature, a typical
> args looks like this:
> 
> -machine memory-encryption=m0 \
> -object mktme-guest,id=m0,handle=${serial}
> 
> Intel MKTME spec: https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf
> 
> WIP: Qemu and KVM patch to support Intel MKTME are in the process of development and community approval.
> 
> The purpose of this initial review is to get on par with libvirt development and the proposed Intel MKTME feature in libvirt.
> Considering we have not added tests, this is a preliminary patch and based on the community feedback, we expect more updates to follow.
> 
> TODO:
> Add tests for launch security of type mktme.
> Update domaincommon.rng to add attribute of type mktme.
> ---

>  docs/formatdomain.html.in                     |   62 +-
>  docs/formatdomaincaps.html.in                 |   18 +
>  docs/schemas/domaincaps.rng                   |   14 +
>  include/libvirt/libvirt-host.h                |   18 +
>  src/conf/domain_capabilities.c                |   29 +
>  src/conf/domain_capabilities.h                |   12 +
>  src/conf/domain_conf.c                        |  114 +-
>  src/conf/domain_conf.h                        |   13 +
>  src/conf/virconftypes.h                       |    3 +
>  src/driver-hypervisor.h                       |    7 +
>  src/libvirt-host.c                            |   48 +
>  src/libvirt_private.syms                      |    5 +
>  src/libvirt_public.syms                       |    5 +
>  src/qemu/qemu_capabilities.c                  |  130 +-
>  src/qemu/qemu_capabilities.h                  |    4 +
>  src/qemu/qemu_capspriv.h                      |    4 +
>  src/qemu/qemu_command.c                       |   40 +
>  src/qemu/qemu_driver.c                        |   63 +
>  src/qemu/qemu_monitor.c                       |    9 +
>  src/qemu/qemu_monitor.h                       |    5 +
>  src/qemu/qemu_monitor_json.c                  |   52 +
>  src/qemu/qemu_monitor_json.h                  |    3 +
>  src/remote/remote_daemon_dispatch.c           |   43 +
>  src/remote/remote_driver.c                    |   40 +-
>  src/remote/remote_protocol.x                  |   21 +-
>  src/remote_protocol-structs                   |   12 +
>  src/util/Makefile.inc.am                      |    2 +
>  src/util/virmktme.c                           |  112 ++
>  src/util/virmktme.h                           |   33 +
>  .../bhyve_basic.x86_64.xml                    |    1 +
>  .../bhyve_fbuf.x86_64.xml                     |    1 +
>  .../bhyve_uefi.x86_64.xml                     |    1 +
>  tests/domaincapsschemadata/empty.xml          |    1 +
>  tests/domaincapsschemadata/libxl-xenfv.xml    |    1 +
>  tests/domaincapsschemadata/libxl-xenpv.xml    |    1 +
>  .../qemu_1.7.0.x86_64.xml                     |    1 +
>  .../qemu_2.12.0-virt.aarch64.xml              |    1 +
>  .../qemu_2.12.0.ppc64.xml                     |    1 +
>  .../qemu_2.12.0.s390x.xml                     |    1 +
>  .../qemu_2.12.0.x86_64.xml                    |    1 +
>  .../qemu_2.6.0-virt.aarch64.xml               |    1 +
>  .../qemu_2.6.0.aarch64.xml                    |    1 +
>  .../domaincapsschemadata/qemu_2.6.0.ppc64.xml |    1 +
>  .../qemu_2.6.0.x86_64.xml                     |    1 +
>  .../domaincapsschemadata/qemu_2.7.0.s390x.xml |    1 +
>  .../qemu_2.8.0-tcg.x86_64.xml                 |    1 +
>  .../domaincapsschemadata/qemu_2.8.0.s390x.xml |    1 +
>  .../qemu_2.8.0.x86_64.xml                     |    1 +
>  .../qemu_2.9.0-q35.x86_64.xml                 |    1 +
>  .../qemu_2.9.0-tcg.x86_64.xml                 |    1 +
>  .../qemu_2.9.0.x86_64.xml                     |    1 +
>  .../domaincapsschemadata/qemu_3.0.0.s390x.xml |    1 +
>  .../qemu_3.1.0.x86_64.xml                     |    1 +
>  .../qemu_4.0.0.x86_64.xml                     |    1 +
>  .../qemu_5.0.0.x86_64.xml                     |  164 ++
>  tests/domaincapstest.c                        |    4 +
>  .../caps_5.0.0.x86_64.xml                     | 1389 +++++++++++++++++

Please be advised that we will not accept everything stuffed into one
commit. Please split up this patch into logical units as it's usual
(look at other series) and also make sure that it's possible to compile
the tree including running make check and make syntax check after every
single commit.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20190506/d1e906c4/attachment-0001.sig>

More information about the libvir-list mailing list