Re: [PATCH] target/i386/sev: add the support to query the attestation report
On 12/4/20 3:31 PM, Brijesh Singh wrote:
> The SEV FW >= 0.23 added a new command that can be used to query the
> attestation report containing the SHA-256 digest of the guest memory
> and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK.
>
> Note, we already have a command (LAUNCH_MEASURE) that can be used to
> query the SHA-256 digest of the guest memory encrypted through the
> LAUNCH_UPDATE. The main difference between previous and this command
> is that the report is signed with the PEK and unlike the LAUNCH_MEASURE
> command the ATTESATION_REPORT command can be called while the guest
> is running.
>
> Add a QMP interface "query-sev-attestation-report" that can be used
> to get the report encoded in base64.
>
> +++ b/qapi/misc-target.json
> @@ -267,3 +267,41 @@
> ##
> { 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
>'if': 'defined(TARGET_ARM)' }
> +
> +
> +##
> +# @SevAttestationReport:
> +#
> +# The struct describes attestation report for a Secure Encrypted
> Virtualization
> +# feature.
> +#
> +# @data: guest attestation report (base64 encoded)
> +#
> +#
> +# Since: 5.2
You've missed the 5.2 release; this should be since 6.0.
> +##
> +{ 'struct': 'SevAttestationReport',
> + 'data': { 'data': 'str'},
> + 'if': 'defined(TARGET_I386)' }
> +
> +##
> +# @query-sev-attestation-report:
> +#
> +# This command is used to get the SEV attestation report, and is supported
> on AMD
> +# X86 platforms only.
> +#
> +# @mnonce: a random 16 bytes of data (it will be included in report)
This says 16 bytes,...
> +#
> +# Returns: SevAttestationReport objects.
> +#
> +# Since: 5.2
Likewise.
> +#
> +# Example:
> +#
> +# -> { "execute" : "query-sev-attestation-report", "arguments": { "mnonce":
> "aaa" } }
...but this example does not use 16 bytes. That's confusing.
> +# <- { "return" : { "data": "bbbd"} }
> +#
> +##
> +{ 'command': 'query-sev-attestation-report', 'data': { 'mnonce': 'str' },
> + 'returns': 'SevAttestationReport',
> + 'if': 'defined(TARGET_I386)' }
> diff --git a/target/i386/monitor.c b/target/i386/monitor.c
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
Re: [PATCH] target/i386/sev: add the support to query the attestation report
* Brijesh Singh (brijesh.si...@amd.com) wrote:
> The SEV FW >= 0.23 added a new command that can be used to query the
> attestation report containing the SHA-256 digest of the guest memory
> and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK.
>
> Note, we already have a command (LAUNCH_MEASURE) that can be used to
> query the SHA-256 digest of the guest memory encrypted through the
> LAUNCH_UPDATE. The main difference between previous and this command
> is that the report is signed with the PEK and unlike the LAUNCH_MEASURE
> command the ATTESATION_REPORT command can be called while the guest
> is running.
>
> Add a QMP interface "query-sev-attestation-report" that can be used
> to get the report encoded in base64.
>
> Cc: James Bottomley
> Cc: Tom Lendacky
> Cc: Eric Blake
> Cc: Paolo Bonzini
> Cc: k...@vger.kernel.org
> Signed-off-by: Brijesh Singh
> ---
> linux-headers/linux/kvm.h | 8 ++
> qapi/misc-target.json | 38 +++
> target/i386/monitor.c | 6 +
> target/i386/sev-stub.c| 7 +
> target/i386/sev.c | 54 +++
> target/i386/sev_i386.h| 2 ++
> 6 files changed, 115 insertions(+)
>
> diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
> index 56ce14ad20..6d0f8101ba 100644
> --- a/linux-headers/linux/kvm.h
> +++ b/linux-headers/linux/kvm.h
> @@ -1585,6 +1585,8 @@ enum sev_cmd_id {
> KVM_SEV_DBG_ENCRYPT,
> /* Guest certificates commands */
> KVM_SEV_CERT_EXPORT,
> + /* Attestation report */
> + KVM_SEV_GET_ATTESTATION_REPORT,
>
> KVM_SEV_NR_MAX,
> };
> @@ -1637,6 +1639,12 @@ struct kvm_sev_dbg {
> __u32 len;
> };
>
> +struct kvm_sev_attestation_report {
> + __u8 mnonce[16];
> + __u64 uaddr;
> + __u32 len;
> +};
> +
> #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0)
> #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
> #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)
> diff --git a/qapi/misc-target.json b/qapi/misc-target.json
> index 1e561fa97b..ec6565e6ef 100644
> --- a/qapi/misc-target.json
> +++ b/qapi/misc-target.json
> @@ -267,3 +267,41 @@
> ##
> { 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
>'if': 'defined(TARGET_ARM)' }
> +
> +
> +##
> +# @SevAttestationReport:
> +#
> +# The struct describes attestation report for a Secure Encrypted
> Virtualization
> +# feature.
> +#
> +# @data: guest attestation report (base64 encoded)
> +#
> +#
> +# Since: 5.2
> +##
> +{ 'struct': 'SevAttestationReport',
> + 'data': { 'data': 'str'},
> + 'if': 'defined(TARGET_I386)' }
> +
> +##
> +# @query-sev-attestation-report:
> +#
> +# This command is used to get the SEV attestation report, and is supported
> on AMD
> +# X86 platforms only.
> +#
> +# @mnonce: a random 16 bytes of data (it will be included in report)
> +#
> +# Returns: SevAttestationReport objects.
> +#
> +# Since: 5.2
> +#
> +# Example:
> +#
> +# -> { "execute" : "query-sev-attestation-report", "arguments": { "mnonce":
> "aaa" } }
> +# <- { "return" : { "data": "bbbd"} }
> +#
> +##
Can you please make this more generic, I'm thinking of something like:
query-attestation-report
that returns an AttstationReport, which has a number of optional
components, of which you start off with one optional 'sev' component.
That way we can get other vendors to add to that same command rather
than inventing one extra command per vendor.
Dave
> +{ 'command': 'query-sev-attestation-report', 'data': { 'mnonce': 'str' },
> + 'returns': 'SevAttestationReport',
> + 'if': 'defined(TARGET_I386)' }
> diff --git a/target/i386/monitor.c b/target/i386/monitor.c
> index 9f9e1c42f4..a4b65f330c 100644
> --- a/target/i386/monitor.c
> +++ b/target/i386/monitor.c
> @@ -729,3 +729,9 @@ SevCapability *qmp_query_sev_capabilities(Error **errp)
> {
> return sev_get_capabilities(errp);
> }
> +
> +SevAttestationReport *
> +qmp_query_sev_attestation_report(const char *mnonce, Error **errp)
> +{
> +return sev_get_attestation_report(mnonce, errp);
> +}
> diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c
> index 88e3f39a1e..66d16f53d8 100644
> --- a/target/i386/sev-stub.c
> +++ b/target/i386/sev-stub.c
> @@ -49,3 +49,10 @@ SevCapability *sev_get_capabilities(Error **errp)
> error_setg(errp, "SEV is not available in this QEMU");
> return NULL;
> }
> +
> +SevAttestationReport *
> +sev_get_attestation_report(const char *mnonce, Error **errp)
> +{
> +error_setg(errp, "SEV is not available in this QEMU");
> +return NULL;
> +}
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index 93c4d60b82..28958fb71b 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -68,6 +68,7 @@ struct SevGuestState {
>
> #define DEFAULT_GUEST_POLICY0x1 /* disable debug */
> #define DEFAULT_SEV_DEVICE "/dev/sev"
> +#define DEFAULT_ATTESATION_REPORT_BUF_SIZE 4096
>
> static SevGuestState *sev_guest;
> st
Re: [PATCH] target/i386/sev: add the support to query the attestation report
On 04/12/2020 23:31, Brijesh Singh wrote:
The SEV FW >= 0.23 added a new command that can be used to query the
attestation report containing the SHA-256 digest of the guest memory
and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK.
Note, we already have a command (LAUNCH_MEASURE) that can be used to
query the SHA-256 digest of the guest memory encrypted through the
LAUNCH_UPDATE. The main difference between previous and this command
is that the report is signed with the PEK and unlike the LAUNCH_MEASURE
command the ATTESATION_REPORT command can be called while the guest
is running.
Add a QMP interface "query-sev-attestation-report" that can be used
to get the report encoded in base64.
Cc: James Bottomley
Cc: Tom Lendacky
Cc: Eric Blake
Cc: Paolo Bonzini
Cc: k...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
linux-headers/linux/kvm.h | 8 ++
qapi/misc-target.json | 38 +++
target/i386/monitor.c | 6 +
target/i386/sev-stub.c| 7 +
target/i386/sev.c | 54 +++
target/i386/sev_i386.h| 2 ++
6 files changed, 115 insertions(+)
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index 56ce14ad20..6d0f8101ba 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -1585,6 +1585,8 @@ enum sev_cmd_id {
KVM_SEV_DBG_ENCRYPT,
/* Guest certificates commands */
KVM_SEV_CERT_EXPORT,
+ /* Attestation report */
+ KVM_SEV_GET_ATTESTATION_REPORT,
KVM_SEV_NR_MAX,
};
@@ -1637,6 +1639,12 @@ struct kvm_sev_dbg {
__u32 len;
};
+struct kvm_sev_attestation_report {
+ __u8 mnonce[16];
+ __u64 uaddr;
+ __u32 len;
+};
+
#define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0)
#define KVM_DEV_ASSIGN_PCI_2_3(1 << 1)
#define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)
diff --git a/qapi/misc-target.json b/qapi/misc-target.json
index 1e561fa97b..ec6565e6ef 100644
--- a/qapi/misc-target.json
+++ b/qapi/misc-target.json
@@ -267,3 +267,41 @@
##
{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
'if': 'defined(TARGET_ARM)' }
+
+
+##
+# @SevAttestationReport:
+#
+# The struct describes attestation report for a Secure Encrypted Virtualization
+# feature.
+#
+# @data: guest attestation report (base64 encoded)
+#
+#
+# Since: 5.2
+##
+{ 'struct': 'SevAttestationReport',
+ 'data': { 'data': 'str'},
+ 'if': 'defined(TARGET_I386)' }
+
+##
+# @query-sev-attestation-report:
+#
+# This command is used to get the SEV attestation report, and is supported on
AMD
+# X86 platforms only.
+#
+# @mnonce: a random 16 bytes of data (it will be included in report)
+#
+# Returns: SevAttestationReport objects.
+#
+# Since: 5.2
+#
+# Example:
+#
+# -> { "execute" : "query-sev-attestation-report", "arguments": { "mnonce":
"aaa" } }
+# <- { "return" : { "data": "bbbd"} }
+#
+##
+{ 'command': 'query-sev-attestation-report', 'data': { 'mnonce': 'str' },
+ 'returns': 'SevAttestationReport',
+ 'if': 'defined(TARGET_I386)' }
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index 9f9e1c42f4..a4b65f330c 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -729,3 +729,9 @@ SevCapability *qmp_query_sev_capabilities(Error **errp)
{
return sev_get_capabilities(errp);
}
+
+SevAttestationReport *
+qmp_query_sev_attestation_report(const char *mnonce, Error **errp)
+{
+return sev_get_attestation_report(mnonce, errp);
+}
diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c
index 88e3f39a1e..66d16f53d8 100644
--- a/target/i386/sev-stub.c
+++ b/target/i386/sev-stub.c
@@ -49,3 +49,10 @@ SevCapability *sev_get_capabilities(Error **errp)
error_setg(errp, "SEV is not available in this QEMU");
return NULL;
}
+
+SevAttestationReport *
+sev_get_attestation_report(const char *mnonce, Error **errp)
+{
+error_setg(errp, "SEV is not available in this QEMU");
+return NULL;
+}
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 93c4d60b82..28958fb71b 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -68,6 +68,7 @@ struct SevGuestState {
#define DEFAULT_GUEST_POLICY0x1 /* disable debug */
#define DEFAULT_SEV_DEVICE "/dev/sev"
+#define DEFAULT_ATTESATION_REPORT_BUF_SIZE 4096
This is unused.
static SevGuestState *sev_guest;
static Error *sev_mig_blocker;
@@ -490,6 +491,59 @@ out:
return cap;
}
+SevAttestationReport *
+sev_get_attestation_report(const char *mnonce, Error **errp)
+{
+struct kvm_sev_attestation_report input = {};
+SevGuestState *sev = sev_guest;
+SevAttestationReport *report;
+guchar *data;
+int err = 0, ret;
+
+if (!sev_enabled()) {
+error_setg(errp, "SEV is not enabled");
+return NULL;
+}
+
+/* Verify that user provided random data length */
+if (strlen(mnonce) != sizeof(input.mnonce)) {
+error_setg(errp, "Expected
Re: [PATCH] target/i386/sev: add the support to query the attestation report
On 12/10/20 10:13 AM, James Bottomley wrote:
> On Fri, 2020-12-04 at 15:31 -0600, Brijesh Singh wrote:
>> The SEV FW >= 0.23 added a new command that can be used to query the
>> attestation report containing the SHA-256 digest of the guest memory
>> and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK.
>>
>> Note, we already have a command (LAUNCH_MEASURE) that can be used to
>> query the SHA-256 digest of the guest memory encrypted through the
>> LAUNCH_UPDATE. The main difference between previous and this command
>> is that the report is signed with the PEK and unlike the
>> LAUNCH_MEASURE
>> command the ATTESATION_REPORT command can be called while the guest
>> is running.
>>
>> Add a QMP interface "query-sev-attestation-report" that can be used
>> to get the report encoded in base64.
>>
>> Cc: James Bottomley
>> Cc: Tom Lendacky
>> Cc: Eric Blake
>> Cc: Paolo Bonzini
>> Cc: k...@vger.kernel.org
>> Signed-off-by: Brijesh Singh
>> ---
>> linux-headers/linux/kvm.h | 8 ++
>> qapi/misc-target.json | 38 +++
>> target/i386/monitor.c | 6 +
>> target/i386/sev-stub.c| 7 +
>> target/i386/sev.c | 54
>> +++
>> target/i386/sev_i386.h| 2 ++
>> 6 files changed, 115 insertions(+)
>>
>> diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
>> index 56ce14ad20..6d0f8101ba 100644
>> --- a/linux-headers/linux/kvm.h
>> +++ b/linux-headers/linux/kvm.h
>> @@ -1585,6 +1585,8 @@ enum sev_cmd_id {
>> KVM_SEV_DBG_ENCRYPT,
>> /* Guest certificates commands */
>> KVM_SEV_CERT_EXPORT,
>> +/* Attestation report */
>> +KVM_SEV_GET_ATTESTATION_REPORT,
>>
>> KVM_SEV_NR_MAX,
>> };
>> @@ -1637,6 +1639,12 @@ struct kvm_sev_dbg {
>> __u32 len;
>> };
>>
>> +struct kvm_sev_attestation_report {
>> +__u8 mnonce[16];
>> +__u64 uaddr;
>> +__u32 len;
>> +};
>> +
>> #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0)
>> #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
>> #define KVM_DEV_ASSIGN_MASK_INTX(1 << 2)
>> diff --git a/qapi/misc-target.json b/qapi/misc-target.json
>> index 1e561fa97b..ec6565e6ef 100644
>> --- a/qapi/misc-target.json
>> +++ b/qapi/misc-target.json
>> @@ -267,3 +267,41 @@
>> ##
>> { 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
>>'if': 'defined(TARGET_ARM)' }
>> +
>> +
>> +##
>> +# @SevAttestationReport:
>> +#
>> +# The struct describes attestation report for a Secure Encrypted
>> Virtualization
>> +# feature.
>> +#
>> +# @data: guest attestation report (base64 encoded)
>> +#
>> +#
>> +# Since: 5.2
>> +##
>> +{ 'struct': 'SevAttestationReport',
>> + 'data': { 'data': 'str'},
>> + 'if': 'defined(TARGET_I386)' }
>> +
>> +##
>> +# @query-sev-attestation-report:
>> +#
>> +# This command is used to get the SEV attestation report, and is
>> supported on AMD
>> +# X86 platforms only.
>> +#
>> +# @mnonce: a random 16 bytes of data (it will be included in report)
>> +#
>> +# Returns: SevAttestationReport objects.
>> +#
>> +# Since: 5.2
>> +#
>> +# Example:
>> +#
>> +# -> { "execute" : "query-sev-attestation-report", "arguments": {
>> "mnonce": "aaa" } }
>> +# <- { "return" : { "data": "bbbd"} }
> It would be nice here, rather than returning a binary blob to break it
> up into the actual returned components like query-sev does.
In past, I have seen that the fields defined in blobs have changed based
on the API versions. So, I tried to stay away from expanding the blob
unless its absolutely required. I would prefer to stick to that approach.
>
>> +##
>> +{ 'command': 'query-sev-attestation-report', 'data': { 'mnonce':
>> 'str' },
>> + 'returns': 'SevAttestationReport',
>> + 'if': 'defined(TARGET_I386)' }
> [...]
>> diff --git a/target/i386/sev.c b/target/i386/sev.c
>> index 93c4d60b82..28958fb71b 100644
>> --- a/target/i386/sev.c
>> +++ b/target/i386/sev.c
>> @@ -68,6 +68,7 @@ struct SevGuestState {
>>
>> #define DEFAULT_GUEST_POLICY0x1 /* disable debug */
>> #define DEFAULT_SEV_DEVICE "/dev/sev"
>> +#define DEFAULT_ATTESATION_REPORT_BUF_SIZE 4096
>>
>> static SevGuestState *sev_guest;
>> static Error *sev_mig_blocker;
>> @@ -490,6 +491,59 @@ out:
>> return cap;
>> }
>>
>> +SevAttestationReport *
>> +sev_get_attestation_report(const char *mnonce, Error **errp)
>> +{
>> +struct kvm_sev_attestation_report input = {};
>> +SevGuestState *sev = sev_guest;
>> +SevAttestationReport *report;
>> +guchar *data;
>> +int err = 0, ret;
>> +
>> +if (!sev_enabled()) {
>> +error_setg(errp, "SEV is not enabled");
>> +return NULL;
>> +}
>> +
>> +/* Verify that user provided random data length */
> There should be a g_base64_decode here, shouldn't there, so we can pass
> an arbitrary 16 byte binary blob.
Agreed, I will make this field base64 in v2.
>
>> +if (strlen(mnonce) != sizeof(input.mnonce)) {
> So this if would check the
Re: [PATCH] target/i386/sev: add the support to query the attestation report
On Fri, 2020-12-04 at 15:31 -0600, Brijesh Singh wrote:
> The SEV FW >= 0.23 added a new command that can be used to query the
> attestation report containing the SHA-256 digest of the guest memory
> and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK.
>
> Note, we already have a command (LAUNCH_MEASURE) that can be used to
> query the SHA-256 digest of the guest memory encrypted through the
> LAUNCH_UPDATE. The main difference between previous and this command
> is that the report is signed with the PEK and unlike the
> LAUNCH_MEASURE
> command the ATTESATION_REPORT command can be called while the guest
> is running.
>
> Add a QMP interface "query-sev-attestation-report" that can be used
> to get the report encoded in base64.
>
> Cc: James Bottomley
> Cc: Tom Lendacky
> Cc: Eric Blake
> Cc: Paolo Bonzini
> Cc: k...@vger.kernel.org
> Signed-off-by: Brijesh Singh
> ---
> linux-headers/linux/kvm.h | 8 ++
> qapi/misc-target.json | 38 +++
> target/i386/monitor.c | 6 +
> target/i386/sev-stub.c| 7 +
> target/i386/sev.c | 54
> +++
> target/i386/sev_i386.h| 2 ++
> 6 files changed, 115 insertions(+)
>
> diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
> index 56ce14ad20..6d0f8101ba 100644
> --- a/linux-headers/linux/kvm.h
> +++ b/linux-headers/linux/kvm.h
> @@ -1585,6 +1585,8 @@ enum sev_cmd_id {
> KVM_SEV_DBG_ENCRYPT,
> /* Guest certificates commands */
> KVM_SEV_CERT_EXPORT,
> + /* Attestation report */
> + KVM_SEV_GET_ATTESTATION_REPORT,
>
> KVM_SEV_NR_MAX,
> };
> @@ -1637,6 +1639,12 @@ struct kvm_sev_dbg {
> __u32 len;
> };
>
> +struct kvm_sev_attestation_report {
> + __u8 mnonce[16];
> + __u64 uaddr;
> + __u32 len;
> +};
> +
> #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0)
> #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
> #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)
> diff --git a/qapi/misc-target.json b/qapi/misc-target.json
> index 1e561fa97b..ec6565e6ef 100644
> --- a/qapi/misc-target.json
> +++ b/qapi/misc-target.json
> @@ -267,3 +267,41 @@
> ##
> { 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
>'if': 'defined(TARGET_ARM)' }
> +
> +
> +##
> +# @SevAttestationReport:
> +#
> +# The struct describes attestation report for a Secure Encrypted
> Virtualization
> +# feature.
> +#
> +# @data: guest attestation report (base64 encoded)
> +#
> +#
> +# Since: 5.2
> +##
> +{ 'struct': 'SevAttestationReport',
> + 'data': { 'data': 'str'},
> + 'if': 'defined(TARGET_I386)' }
> +
> +##
> +# @query-sev-attestation-report:
> +#
> +# This command is used to get the SEV attestation report, and is
> supported on AMD
> +# X86 platforms only.
> +#
> +# @mnonce: a random 16 bytes of data (it will be included in report)
> +#
> +# Returns: SevAttestationReport objects.
> +#
> +# Since: 5.2
> +#
> +# Example:
> +#
> +# -> { "execute" : "query-sev-attestation-report", "arguments": {
> "mnonce": "aaa" } }
> +# <- { "return" : { "data": "bbbd"} }
It would be nice here, rather than returning a binary blob to break it
up into the actual returned components like query-sev does.
> +##
> +{ 'command': 'query-sev-attestation-report', 'data': { 'mnonce':
> 'str' },
> + 'returns': 'SevAttestationReport',
> + 'if': 'defined(TARGET_I386)' }
[...]
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index 93c4d60b82..28958fb71b 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -68,6 +68,7 @@ struct SevGuestState {
>
> #define DEFAULT_GUEST_POLICY0x1 /* disable debug */
> #define DEFAULT_SEV_DEVICE "/dev/sev"
> +#define DEFAULT_ATTESATION_REPORT_BUF_SIZE 4096
>
> static SevGuestState *sev_guest;
> static Error *sev_mig_blocker;
> @@ -490,6 +491,59 @@ out:
> return cap;
> }
>
> +SevAttestationReport *
> +sev_get_attestation_report(const char *mnonce, Error **errp)
> +{
> +struct kvm_sev_attestation_report input = {};
> +SevGuestState *sev = sev_guest;
> +SevAttestationReport *report;
> +guchar *data;
> +int err = 0, ret;
> +
> +if (!sev_enabled()) {
> +error_setg(errp, "SEV is not enabled");
> +return NULL;
> +}
> +
> +/* Verify that user provided random data length */
There should be a g_base64_decode here, shouldn't there, so we can pass
an arbitrary 16 byte binary blob.
> +if (strlen(mnonce) != sizeof(input.mnonce)) {
So this if would check the decoded length.
> +error_setg(errp, "Expected mnonce data len %ld got %ld",
> +sizeof(input.mnonce), strlen(mnonce));
> +return NULL;
> +}
> +
> +/* Query the report length */
> +ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT,
> +&input, &err);
> +if (ret < 0) {
> +if (err != SEV_RET_INVALID_LEN) {
> +error_setg(errp, "failed to query the attestation rep
[PATCH] target/i386/sev: add the support to query the attestation report
The SEV FW >= 0.23 added a new command that can be used to query the
attestation report containing the SHA-256 digest of the guest memory
and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK.
Note, we already have a command (LAUNCH_MEASURE) that can be used to
query the SHA-256 digest of the guest memory encrypted through the
LAUNCH_UPDATE. The main difference between previous and this command
is that the report is signed with the PEK and unlike the LAUNCH_MEASURE
command the ATTESATION_REPORT command can be called while the guest
is running.
Add a QMP interface "query-sev-attestation-report" that can be used
to get the report encoded in base64.
Cc: James Bottomley
Cc: Tom Lendacky
Cc: Eric Blake
Cc: Paolo Bonzini
Cc: k...@vger.kernel.org
Signed-off-by: Brijesh Singh
---
linux-headers/linux/kvm.h | 8 ++
qapi/misc-target.json | 38 +++
target/i386/monitor.c | 6 +
target/i386/sev-stub.c| 7 +
target/i386/sev.c | 54 +++
target/i386/sev_i386.h| 2 ++
6 files changed, 115 insertions(+)
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index 56ce14ad20..6d0f8101ba 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -1585,6 +1585,8 @@ enum sev_cmd_id {
KVM_SEV_DBG_ENCRYPT,
/* Guest certificates commands */
KVM_SEV_CERT_EXPORT,
+ /* Attestation report */
+ KVM_SEV_GET_ATTESTATION_REPORT,
KVM_SEV_NR_MAX,
};
@@ -1637,6 +1639,12 @@ struct kvm_sev_dbg {
__u32 len;
};
+struct kvm_sev_attestation_report {
+ __u8 mnonce[16];
+ __u64 uaddr;
+ __u32 len;
+};
+
#define KVM_DEV_ASSIGN_ENABLE_IOMMU(1 << 0)
#define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
#define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)
diff --git a/qapi/misc-target.json b/qapi/misc-target.json
index 1e561fa97b..ec6565e6ef 100644
--- a/qapi/misc-target.json
+++ b/qapi/misc-target.json
@@ -267,3 +267,41 @@
##
{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
'if': 'defined(TARGET_ARM)' }
+
+
+##
+# @SevAttestationReport:
+#
+# The struct describes attestation report for a Secure Encrypted Virtualization
+# feature.
+#
+# @data: guest attestation report (base64 encoded)
+#
+#
+# Since: 5.2
+##
+{ 'struct': 'SevAttestationReport',
+ 'data': { 'data': 'str'},
+ 'if': 'defined(TARGET_I386)' }
+
+##
+# @query-sev-attestation-report:
+#
+# This command is used to get the SEV attestation report, and is supported on
AMD
+# X86 platforms only.
+#
+# @mnonce: a random 16 bytes of data (it will be included in report)
+#
+# Returns: SevAttestationReport objects.
+#
+# Since: 5.2
+#
+# Example:
+#
+# -> { "execute" : "query-sev-attestation-report", "arguments": { "mnonce":
"aaa" } }
+# <- { "return" : { "data": "bbbd"} }
+#
+##
+{ 'command': 'query-sev-attestation-report', 'data': { 'mnonce': 'str' },
+ 'returns': 'SevAttestationReport',
+ 'if': 'defined(TARGET_I386)' }
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index 9f9e1c42f4..a4b65f330c 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -729,3 +729,9 @@ SevCapability *qmp_query_sev_capabilities(Error **errp)
{
return sev_get_capabilities(errp);
}
+
+SevAttestationReport *
+qmp_query_sev_attestation_report(const char *mnonce, Error **errp)
+{
+return sev_get_attestation_report(mnonce, errp);
+}
diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c
index 88e3f39a1e..66d16f53d8 100644
--- a/target/i386/sev-stub.c
+++ b/target/i386/sev-stub.c
@@ -49,3 +49,10 @@ SevCapability *sev_get_capabilities(Error **errp)
error_setg(errp, "SEV is not available in this QEMU");
return NULL;
}
+
+SevAttestationReport *
+sev_get_attestation_report(const char *mnonce, Error **errp)
+{
+error_setg(errp, "SEV is not available in this QEMU");
+return NULL;
+}
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 93c4d60b82..28958fb71b 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -68,6 +68,7 @@ struct SevGuestState {
#define DEFAULT_GUEST_POLICY0x1 /* disable debug */
#define DEFAULT_SEV_DEVICE "/dev/sev"
+#define DEFAULT_ATTESATION_REPORT_BUF_SIZE 4096
static SevGuestState *sev_guest;
static Error *sev_mig_blocker;
@@ -490,6 +491,59 @@ out:
return cap;
}
+SevAttestationReport *
+sev_get_attestation_report(const char *mnonce, Error **errp)
+{
+struct kvm_sev_attestation_report input = {};
+SevGuestState *sev = sev_guest;
+SevAttestationReport *report;
+guchar *data;
+int err = 0, ret;
+
+if (!sev_enabled()) {
+error_setg(errp, "SEV is not enabled");
+return NULL;
+}
+
+/* Verify that user provided random data length */
+if (strlen(mnonce) != sizeof(input.mnonce)) {
+error_setg(errp, "Expected mnonce data len %ld got %ld",
+sizeof(input.mnonce), strlen(mnonce));
+
