On Fri, Jan 15, 2021 at 01:54:25PM +0100, Cornelia Huck wrote:
> On Thu, 14 Jan 2021 10:58:01 +1100
> David Gibson <da...@gibson.dropbear.id.au> wrote:
> 
> > When AMD's SEV memory encryption is in use, flash memory banks (which are
> > initialed by pc_system_flash_map()) need to be encrypted with the guest's
> > key, so that the guest can read them.
> > 
> > That's abstracted via the kvm_memcrypt_encrypt_data() callback in the KVM
> > state.. except, that it doesn't really abstract much at all.
> > 
> > For starters, the only called is in code specific to the 'pc' family of
> 
> s/called/call site/

Fixed, thanks.

> 
> > machine types, so it's obviously specific to those and to x86 to begin
> > with.  But it makes a bunch of further assumptions that need not be true
> > about an arbitrary confidential guest system based on memory encryption,
> > let alone one based on other mechanisms:
> > 
> >  * it assumes that the flash memory is defined to be encrypted with the
> >    guest key, rather than being shared with hypervisor
> >  * it assumes that that hypervisor has some mechanism to encrypt data into
> >    the guest, even though it can't decrypt it out, since that's the whole
> >    point
> >  * the interface assumes that this encrypt can be done in place, which
> >    implies that the hypervisor can write into a confidential guests's
> >    memory, even if what it writes isn't meaningful
> > 
> > So really, this "abstraction" is actually pretty specific to the way SEV
> > works.  So, this patch removes it and instead has the PC flash
> > initialization code call into a SEV specific callback.
> > 
> > Signed-off-by: David Gibson <da...@gibson.dropbear.id.au>
> > ---
> >  accel/kvm/kvm-all.c    | 31 ++-----------------------------
> >  accel/kvm/sev-stub.c   |  9 ++-------
> >  accel/stubs/kvm-stub.c | 10 ----------
> >  hw/i386/pc_sysfw.c     | 17 ++++++-----------
> >  include/sysemu/kvm.h   | 16 ----------------
> >  include/sysemu/sev.h   |  4 ++--
> >  target/i386/sev-stub.c |  5 +++++
> >  target/i386/sev.c      | 24 ++++++++++++++----------
> >  8 files changed, 31 insertions(+), 85 deletions(-)
> 
> Reviewed-by: Cornelia Huck <coh...@redhat.com>
> 

-- 
David Gibson                    | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
                                | _way_ _around_!
http://www.ozlabs.org/~dgibson

Attachment: signature.asc
Description: PGP signature

Reply via email to