[libvirt] [PATCH] x86: Multi-key Total Memory Encryption (Intel)
Carvalho, Larkins L
larkins.l.carvalho at intel.com
Mon May 6 20:56:55 UTC 2019
Hello Peter,
Thank you for the feedback.
I'll submit another patch series.
I have a question regarding the test cap replies file.
We are querying Qemu to get the capability information.
The Qemu patch is not yet upstream, hence, we are not able to create the replies file for the same.
Is it ok to submit the patch for the feedback without the replies file?
Since the Qemu support for MKTME is not yet upstream and without Qemu support we cannot merge this changes to Libvirt.
Regards,
Larkins
-----Original Message-----
From: Peter Krempa [mailto:pkrempa at redhat.com]
Sent: Monday, May 6, 2019 1:39 AM
To: Carvalho, Larkins L <larkins.l.carvalho at intel.com>
Cc: libvir-list at redhat.com; Mohammed, Karimullah <karimullah.mohammed at intel.com>
Subject: Re: [libvirt] [PATCH] x86: Multi-key Total Memory Encryption (Intel)
On Wed, May 01, 2019 at 14:41:57 -0700, Larkins Carvalho wrote:
> From: llcarval <larkins.l.carvalho at intel.com>
>
> Total Memory Encryption (TME) – provides the capability to encrypt the
> entirety of the physical memory of a system. MKTME builds on TME and
> adds support for multiple encryption keys.
>
> High Level flow:
>
> 1. Management tool calls virNodeGetMKTMEInfo. This returns an XML
> document that includes the following
>
> <feature>
> ...
> <mktme supported='yes'>
> <keys_supported> </keys_supported>
> </mktme>
> </feature>
>
> 2. Management tool requests to start a guest calling virCreateXML().
> The xml would include
>
> <launchsecurity type='mktme'>
> <id>m0</id>
> <key_type>user</key_type>
> <key>samplekey</key>
> <encryption_algorithm>aes-xts-128</encryption_algorithm>
> </launchSecurity>
>
> 3. Libvirt makes system call with the provided information to generate a key handle using linux keyring services.
> Qemu uses the key handle to launch the workload.
>
> 4. Libvirt generate the QEMU cli arg to enable the MKTME feature, a
> typical args looks like this:
>
> -machine memory-encryption=m0 \
> -object mktme-guest,id=m0,handle=${serial}
>
> Intel MKTME spec:
> https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key
> -Total-Memory-Encryption-Spec.pdf
>
> WIP: Qemu and KVM patch to support Intel MKTME are in the process of development and community approval.
>
> The purpose of this initial review is to get on par with libvirt development and the proposed Intel MKTME feature in libvirt.
> Considering we have not added tests, this is a preliminary patch and based on the community feedback, we expect more updates to follow.
>
> TODO:
> Add tests for launch security of type mktme.
> Update domaincommon.rng to add attribute of type mktme.
> ---
> docs/formatdomain.html.in | 62 +-
> docs/formatdomaincaps.html.in | 18 +
> docs/schemas/domaincaps.rng | 14 +
> include/libvirt/libvirt-host.h | 18 +
> src/conf/domain_capabilities.c | 29 +
> src/conf/domain_capabilities.h | 12 +
> src/conf/domain_conf.c | 114 +-
> src/conf/domain_conf.h | 13 +
> src/conf/virconftypes.h | 3 +
> src/driver-hypervisor.h | 7 +
> src/libvirt-host.c | 48 +
> src/libvirt_private.syms | 5 +
> src/libvirt_public.syms | 5 +
> src/qemu/qemu_capabilities.c | 130 +-
> src/qemu/qemu_capabilities.h | 4 +
> src/qemu/qemu_capspriv.h | 4 +
> src/qemu/qemu_command.c | 40 +
> src/qemu/qemu_driver.c | 63 +
> src/qemu/qemu_monitor.c | 9 +
> src/qemu/qemu_monitor.h | 5 +
> src/qemu/qemu_monitor_json.c | 52 +
> src/qemu/qemu_monitor_json.h | 3 +
> src/remote/remote_daemon_dispatch.c | 43 +
> src/remote/remote_driver.c | 40 +-
> src/remote/remote_protocol.x | 21 +-
> src/remote_protocol-structs | 12 +
> src/util/Makefile.inc.am | 2 +
> src/util/virmktme.c | 112 ++
> src/util/virmktme.h | 33 +
> .../bhyve_basic.x86_64.xml | 1 +
> .../bhyve_fbuf.x86_64.xml | 1 +
> .../bhyve_uefi.x86_64.xml | 1 +
> tests/domaincapsschemadata/empty.xml | 1 +
> tests/domaincapsschemadata/libxl-xenfv.xml | 1 +
> tests/domaincapsschemadata/libxl-xenpv.xml | 1 +
> .../qemu_1.7.0.x86_64.xml | 1 +
> .../qemu_2.12.0-virt.aarch64.xml | 1 +
> .../qemu_2.12.0.ppc64.xml | 1 +
> .../qemu_2.12.0.s390x.xml | 1 +
> .../qemu_2.12.0.x86_64.xml | 1 +
> .../qemu_2.6.0-virt.aarch64.xml | 1 +
> .../qemu_2.6.0.aarch64.xml | 1 +
> .../domaincapsschemadata/qemu_2.6.0.ppc64.xml | 1 +
> .../qemu_2.6.0.x86_64.xml | 1 +
> .../domaincapsschemadata/qemu_2.7.0.s390x.xml | 1 +
> .../qemu_2.8.0-tcg.x86_64.xml | 1 +
> .../domaincapsschemadata/qemu_2.8.0.s390x.xml | 1 +
> .../qemu_2.8.0.x86_64.xml | 1 +
> .../qemu_2.9.0-q35.x86_64.xml | 1 +
> .../qemu_2.9.0-tcg.x86_64.xml | 1 +
> .../qemu_2.9.0.x86_64.xml | 1 +
> .../domaincapsschemadata/qemu_3.0.0.s390x.xml | 1 +
> .../qemu_3.1.0.x86_64.xml | 1 +
> .../qemu_4.0.0.x86_64.xml | 1 +
> .../qemu_5.0.0.x86_64.xml | 164 ++
> tests/domaincapstest.c | 4 +
> .../caps_5.0.0.x86_64.xml | 1389 +++++++++++++++++
Please be advised that we will not accept everything stuffed into one commit. Please split up this patch into logical units as it's usual (look at other series) and also make sure that it's possible to compile the tree including running make check and make syntax check after every single commit.
More information about the libvir-list
mailing list