Re: [PATCH v3] SEV: QMP support for Inject-Launch-Secret

On 2020-10-12 12:49, Daniel P. Berrangé wrote: On Mon, Oct 12, 2020 at 05:21:15PM +0100, Dr. David Alan Gilbert wrote: * Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: > AMD SEV allows a guest owner to inject a secret blob > into the memory of a virtual machine. The secret is > encrypt

Re: [PATCH v3] SEV: QMP support for Inject-Launch-Secret

On Mon, Oct 12, 2020 at 05:21:15PM +0100, Dr. David Alan Gilbert wrote: > * Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: > > AMD SEV allows a guest owner to inject a secret blob > > into the memory of a virtual machine. The secret is > > encrypted with the SEV Transport Encryption Key a

Re: [PATCH v3] SEV: QMP support for Inject-Launch-Secret

* James Bottomley (j...@linux.ibm.com) wrote: > On Mon, 2020-10-12 at 16:57 +0100, Dr. David Alan Gilbert wrote: > > * Tobin Feldman-Fitzthum (to...@linux.ibm.com) wrote: > > > On 2020-09-21 15:16, Dr. David Alan Gilbert wrote: > > > > * Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: > >

Re: [PATCH v3] SEV: QMP support for Inject-Launch-Secret

* Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: > AMD SEV allows a guest owner to inject a secret blob > into the memory of a virtual machine. The secret is > encrypted with the SEV Transport Encryption Key and > integrity is guaranteed with the Transport Integrity > Key. Although QEMU f

Re: [PATCH v3] SEV: QMP support for Inject-Launch-Secret

* Tobin Feldman-Fitzthum (to...@linux.ibm.com) wrote: > On 2020-09-21 15:16, Dr. David Alan Gilbert wrote: > > * Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: > > > AMD SEV allows a guest owner to inject a secret blob > > > into the memory of a virtual machine. The secret is > > > encryp

Re: [PATCH v3] SEV: QMP support for Inject-Launch-Secret

On Mon, 2020-10-12 at 16:57 +0100, Dr. David Alan Gilbert wrote: > * Tobin Feldman-Fitzthum (to...@linux.ibm.com) wrote: > > On 2020-09-21 15:16, Dr. David Alan Gilbert wrote: > > > * Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: > > > > AMD SEV allows a guest owner to inject a secret bl

Re: [PATCH v3] SEV: QMP support for Inject-Launch-Secret

On 9/21/20 3:33 PM, Tobin Feldman-Fitzthum wrote: > On 2020-09-21 15:16, Dr. David Alan Gilbert wrote: >> * Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: >>> AMD SEV allows a guest owner to inject a secret blob >>> into the memory of a virtual machine. The secret is >>> encrypted with th

Re: [PATCH v3] SEV: QMP support for Inject-Launch-Secret

On 2020-09-21 15:16, Dr. David Alan Gilbert wrote: * Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: AMD SEV allows a guest owner to inject a secret blob into the memory of a virtual machine. The secret is encrypted with the SEV Transport Encryption Key and integrity is guaranteed with

Re: [PATCH v3] SEV: QMP support for Inject-Launch-Secret

* Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: > AMD SEV allows a guest owner to inject a secret blob > into the memory of a virtual machine. The secret is > encrypted with the SEV Transport Encryption Key and > integrity is guaranteed with the Transport Integrity > Key. Although QEMU f

Re: [PATCH v3] SEV: QMP support for Inject-Launch-Secret

On 2020-07-06 17:54, Tobin Feldman-Fitzthum wrote: Not sure if v3 is necessary, but here it is. Fixed the 32-bit issues and removed the checks on header and secret length. I agree with Brijesh that those are best left to the PSP, which returns somewhat helpful errors if either are incorrect. Hav

[PATCH v3] SEV: QMP support for Inject-Launch-Secret

AMD SEV allows a guest owner to inject a secret blob into the memory of a virtual machine. The secret is encrypted with the SEV Transport Encryption Key and integrity is guaranteed with the Transport Integrity Key. Although QEMU faciliates the injection of the launch secret, it cannot access the se

Re: [PATCH v2] SEV: QMP support for Inject-Launch-Secret

On 2020-07-03 09:25, Brijesh Singh wrote: On 7/3/20 6:11 AM, Dr. David Alan Gilbert wrote: * Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: From: Tobin Feldman-Fitzthum AMD SEV allows a guest owner to inject a secret blob into the memory of a virtual machine. The secret is encrypted

Re: [PATCH v2] SEV: QMP support for Inject-Launch-Secret

On Fri, 2020-07-03 at 17:02 +0100, Dr. David Alan Gilbert wrote: > * James Bottomley (j...@linux.ibm.com) wrote: > > On Fri, 2020-07-03 at 12:11 +0100, Dr. David Alan Gilbert wrote: > > > * Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: > > > > [...] > > > > +input.trans_uaddr = (uin

Re: [PATCH v2] SEV: QMP support for Inject-Launch-Secret

* James Bottomley (j...@linux.ibm.com) wrote: > On Fri, 2020-07-03 at 12:11 +0100, Dr. David Alan Gilbert wrote: > > * Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: > [...] > > > +input.trans_uaddr = (uint64_t)data; > > > +input.trans_len = data_sz; > > > + > > > +input.guest

Re: [PATCH v2] SEV: QMP support for Inject-Launch-Secret

On Fri, 2020-07-03 at 12:11 +0100, Dr. David Alan Gilbert wrote: > * Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: [...] > > +input.trans_uaddr = (uint64_t)data; > > +input.trans_len = data_sz; > > + > > +input.guest_uaddr = (uint64_t)hva; > > Thanks for changing these; alth

Re: [PATCH v2] SEV: QMP support for Inject-Launch-Secret

On 7/3/20 6:11 AM, Dr. David Alan Gilbert wrote: > * Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: >> From: Tobin Feldman-Fitzthum >> >> AMD SEV allows a guest owner to inject a secret blob >> into the memory of a virtual machine. The secret is >> encrypted with the SEV Transport Encr

Re: [PATCH v2] SEV: QMP support for Inject-Launch-Secret

* Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: > From: Tobin Feldman-Fitzthum > > AMD SEV allows a guest owner to inject a secret blob > into the memory of a virtual machine. The secret is > encrypted with the SEV Transport Encryption Key and > integrity is guaranteed with the Transpo

[PATCH v2] SEV: QMP support for Inject-Launch-Secret

From: Tobin Feldman-Fitzthum AMD SEV allows a guest owner to inject a secret blob into the memory of a virtual machine. The secret is encrypted with the SEV Transport Encryption Key and integrity is guaranteed with the Transport Integrity Key. Although QEMU faciliates the injection of the launch

Re: [PATCH 1/1] SEV: QMP support for Inject-Launch-Secret

On 2020-07-02 11:53, Dr. David Alan Gilbert wrote: * Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: From: Tobin Feldman-Fitzthum AMD SEV allows a guest owner to inject a secret blob into the memory of a virtual machine. The secret is encrypted with the SEV Transport Encryption Key an

Re: [PATCH 1/1] SEV: QMP support for Inject-Launch-Secret

* Tobin Feldman-Fitzthum (to...@linux.vnet.ibm.com) wrote: > From: Tobin Feldman-Fitzthum > > AMD SEV allows a guest owner to inject a secret blob > into the memory of a virtual machine. The secret is > encrypted with the SEV Transport Encryption Key and > integrity is guaranteed with the Transpo

[PATCH 1/1] SEV: QMP support for Inject-Launch-Secret

From: Tobin Feldman-Fitzthum AMD SEV allows a guest owner to inject a secret blob into the memory of a virtual machine. The secret is encrypted with the SEV Transport Encryption Key and integrity is guaranteed with the Transport Integrity Key. Although QEMU faciliates the injection of the launch

SEV: QMP support for Inject-Launch-Secret

This is an update to part of a patch submitted previously to provide support for injecting a secret blob into guest memory using AMD SEV. The user provides a header and a wrapped secret blob via QMP, which are provided to the AMD Secure Processor and injected into the guest. Note that this patch