[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 15/22] target/arm/kvm-rme: Add measurement algorithm prope
From: |
Markus Armbruster |
Subject: |
Re: [PATCH v2 15/22] target/arm/kvm-rme: Add measurement algorithm property |
Date: |
Tue, 23 Apr 2024 14:23:55 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Jean-Philippe Brucker <jean-philippe@linaro.org> writes:
> This option selects which measurement algorithm to use for attestation.
> Supported values are SHA256 and SHA512. Default to SHA512 arbitrarily.
>
> SHA512 is generally faster on 64-bit architectures. On a few arm64 CPUs
> I tested SHA256 is much faster, but that's most likely because they only
> support acceleration via FEAT_SHA256 (Armv8.0) and not FEAT_SHA512
> (Armv8.2). Future CPUs supporting RME are likely to also support
> FEAT_SHA512.
>
> Cc: Eric Blake <eblake@redhat.com>
> Cc: Markus Armbruster <armbru@redhat.com>
> Cc: Daniel P. Berrangé <berrange@redhat.com>
> Cc: Eduardo Habkost <eduardo@habkost.net>
> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
> ---
> v1->v2: use enum, pick default
> ---
> qapi/qom.json | 18 +++++++++++++++++-
> target/arm/kvm-rme.c | 39 ++++++++++++++++++++++++++++++++++++++-
> 2 files changed, 55 insertions(+), 2 deletions(-)
>
> diff --git a/qapi/qom.json b/qapi/qom.json
> index 91654aa267..84dce666b2 100644
> --- a/qapi/qom.json
> +++ b/qapi/qom.json
> @@ -931,18 +931,34 @@
> 'data': { '*cpu-affinity': ['uint16'],
> '*node-affinity': ['uint16'] } }
>
> +##
> +# @RmeGuestMeasurementAlgo:
> +#
> +# @sha256: Use the SHA256 algorithm
Let's have a blank line here.
> +# @sha512: Use the SHA512 algorithm
> +#
> +# Algorithm to use for realm measurements
> +#
> +# Since: FIXME
9.1
> +##
> +{ 'enum': 'RmeGuestMeasurementAlgo',
> + 'data': ['sha256', 'sha512'] }
> +
> ##
> # @RmeGuestProperties:
> #
> # Properties for rme-guest objects.
> #
> +# @measurement-algo: Realm measurement algorithm (default: sha512)
> +#
We tend to avoid abbreviations in QMP: @measurement-algorithm.
May want to rename the type to RmeGuestMeasurementAlgorithm for
consistency.
> # @personalization-value: Realm personalization value, as a 64-byte hex
> string
> # (default: 0)
> #
> # Since: FIXME
> ##
> { 'struct': 'RmeGuestProperties',
> - 'data': { '*personalization-value': 'str' } }
> + 'data': { '*personalization-value': 'str',
> + '*measurement-algo': 'RmeGuestMeasurementAlgo' } }
>
> ##
> # @ObjectType:
With these issues addressed, QAPI schema
Acked-by: Markus Armbruster <armbru@redhat.com>
[...]
- Re: [PATCH v2 14/22] target/arm/kvm-rme: Add Realm Personalization Value parameter, (continued)
- [PATCH v2 19/22] target/arm/cpu: Inform about reading confidential CPU registers, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 21/22] hw/arm/virt: Move virt_flash_create() to machvirt_init(), Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 22/22] hw/arm/virt: Use RAM instead of flash for confidential guest firmware, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 17/22] target/arm/cpu: Set number of PMU counters in KVM, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 01/22] kvm: Merge kvm_check_extension() and kvm_vm_check_extension(), Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 05/22] hw/arm/virt: Add support for Arm RME, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 15/22] target/arm/kvm-rme: Add measurement algorithm property, Jean-Philippe Brucker, 2024/04/19
- Re: [PATCH v2 15/22] target/arm/kvm-rme: Add measurement algorithm property,
Markus Armbruster <=
- [PATCH v2 08/22] target/arm/kvm: Split kvm_arch_get/put_registers, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 07/22] hw/arm/virt: Reserve one bit of guest-physical address for RME, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 03/22] target/arm/kvm: Return immediately on error in kvm_arch_init(), Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 09/22] target/arm/kvm-rme: Initialize vCPU, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 10/22] target/arm/kvm: Create scratch VM as Realm if necessary, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 11/22] hw/core/loader: Add ROM loader notifier, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 13/22] hw/arm/boot: Register Linux BSS section for confidential guests, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 12/22] target/arm/kvm-rme: Populate Realm memory, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 18/22] target/arm/kvm: Disable Realm reboot, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 16/22] target/arm/cpu: Set number of breakpoints and watchpoints in KVM, Jean-Philippe Brucker, 2024/04/19