[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v3 40/49] hw/i386/sev: Add function to get SEV metadata from OVMF
From: |
Michael Roth |
Subject: |
[PATCH v3 40/49] hw/i386/sev: Add function to get SEV metadata from OVMF header |
Date: |
Wed, 20 Mar 2024 03:39:36 -0500 |
From: Brijesh Singh <brijesh.singh@amd.com>
A recent version of OVMF expanded the reset vector GUID list to add
SEV-specific metadata GUID. The SEV metadata describes the reserved
memory regions such as the secrets and CPUID page used during the SEV-SNP
guest launch.
The pc_system_get_ovmf_sev_metadata_ptr() is used to retieve the SEV
metadata pointer from the OVMF GUID list.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
hw/i386/pc_sysfw_ovmf.c | 33 +++++++++++++++++++++++++++++++++
include/hw/i386/pc.h | 26 ++++++++++++++++++++++++++
2 files changed, 59 insertions(+)
diff --git a/hw/i386/pc_sysfw_ovmf.c b/hw/i386/pc_sysfw_ovmf.c
index 07a4c267fa..32efa34614 100644
--- a/hw/i386/pc_sysfw_ovmf.c
+++ b/hw/i386/pc_sysfw_ovmf.c
@@ -35,6 +35,31 @@ static const int bytes_after_table_footer = 32;
static bool ovmf_flash_parsed;
static uint8_t *ovmf_table;
static int ovmf_table_len;
+static OvmfSevMetadata *ovmf_sev_metadata_table;
+
+#define OVMF_SEV_META_DATA_GUID "dc886566-984a-4798-A75e-5585a7bf67cc"
+typedef struct __attribute__((__packed__)) OvmfSevMetadataOffset {
+ uint32_t offset;
+} OvmfSevMetadataOffset;
+
+static void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size)
+{
+ OvmfSevMetadata *metadata;
+ OvmfSevMetadataOffset *data;
+
+ if (!pc_system_ovmf_table_find(OVMF_SEV_META_DATA_GUID, (uint8_t **)&data,
+ NULL)) {
+ return;
+ }
+
+ metadata = (OvmfSevMetadata *)(flash_ptr + flash_size - data->offset);
+ if (memcmp(metadata->signature, "ASEV", 4) != 0) {
+ return;
+ }
+
+ ovmf_sev_metadata_table = g_malloc(metadata->len);
+ memcpy(ovmf_sev_metadata_table, metadata, metadata->len);
+}
void pc_system_parse_ovmf_flash(uint8_t *flash_ptr, size_t flash_size)
{
@@ -90,6 +115,9 @@ void pc_system_parse_ovmf_flash(uint8_t *flash_ptr, size_t
flash_size)
*/
memcpy(ovmf_table, ptr - tot_len, tot_len);
ovmf_table += tot_len;
+
+ /* Copy the SEV metadata table (if exist) */
+ pc_system_parse_sev_metadata(flash_ptr, flash_size);
}
/**
@@ -159,3 +187,8 @@ bool pc_system_ovmf_table_find(const char *entry, uint8_t
**data,
}
return false;
}
+
+OvmfSevMetadata *pc_system_get_ovmf_sev_metadata_ptr(void)
+{
+ return ovmf_sev_metadata_table;
+}
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index fb1d4106e5..df9a61540d 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -163,6 +163,32 @@ void pc_acpi_smi_interrupt(void *opaque, int irq, int
level);
#define PCI_HOST_ABOVE_4G_MEM_SIZE "above-4g-mem-size"
#define PCI_HOST_PROP_SMM_RANGES "smm-ranges"
+typedef enum {
+ SEV_DESC_TYPE_UNDEF,
+ /* The section contains the region that must be validated by the VMM. */
+ SEV_DESC_TYPE_SNP_SEC_MEM,
+ /* The section contains the SNP secrets page */
+ SEV_DESC_TYPE_SNP_SECRETS,
+ /* The section contains address that can be used as a CPUID page */
+ SEV_DESC_TYPE_CPUID,
+
+} ovmf_sev_metadata_desc_type;
+
+typedef struct __attribute__((__packed__)) OvmfSevMetadataDesc {
+ uint32_t base;
+ uint32_t len;
+ ovmf_sev_metadata_desc_type type;
+} OvmfSevMetadataDesc;
+
+typedef struct __attribute__((__packed__)) OvmfSevMetadata {
+ uint8_t signature[4];
+ uint32_t len;
+ uint32_t version;
+ uint32_t num_desc;
+ OvmfSevMetadataDesc descs[];
+} OvmfSevMetadata;
+
+OvmfSevMetadata *pc_system_get_ovmf_sev_metadata_ptr(void);
void pc_pci_as_mapping_init(MemoryRegion *system_memory,
MemoryRegion *pci_address_space);
--
2.25.1
- Re: [PATCH v3 32/49] i386/sev: Don't return launch measurements for SEV-SNP guests, (continued)
- [PATCH v3 33/49] kvm: Make kvm_convert_memory() non-static, Michael Roth, 2024/03/20
- [PATCH v3 34/49] i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes, Michael Roth, 2024/03/20
- [PATCH v3 35/49] i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes (MSR-based), Michael Roth, 2024/03/20
- [PATCH v3 36/49] i386/sev: Add KVM_EXIT_VMGEXIT handling for Extended Guest Requests, Michael Roth, 2024/03/20
- [PATCH v3 37/49] i386/sev: Add the SNP launch start context, Michael Roth, 2024/03/20
- [PATCH v3 38/49] i386/sev: Add handling to encrypt/finalize guest launch data, Michael Roth, 2024/03/20
- [PATCH v3 39/49] i386/sev: Set CPU state to protected once SNP guest payload is finalized, Michael Roth, 2024/03/20
- [PATCH v3 40/49] hw/i386/sev: Add function to get SEV metadata from OVMF header,
Michael Roth <=
- [PATCH v3 03/49] scripts/update-linux-headers: Add bits.h to file imports, Michael Roth, 2024/03/20
- [PATCH v3 41/49] i386/sev: Add support for populating OVMF metadata pages, Michael Roth, 2024/03/20
- [PATCH v3 42/49] i386/sev: Add support for SNP CPUID validation, Michael Roth, 2024/03/20
- [PATCH v3 43/49] qapi, i386: Move kernel-hashes to SevCommonProperties, Michael Roth, 2024/03/20
- [PATCH v3 44/49] i386/sev: Extract build_kernel_loader_hashes, Michael Roth, 2024/03/20
- [PATCH v3 45/49] i386/sev: Reorder struct declarations, Michael Roth, 2024/03/20