Re: [Part1 PATCH v7 00/17] x86: Secure Encrypted Virtualization (AMD)

[Steve Rutherford]

One piece that seems missing here is the handling of the vmm
communication exception. What's the plan for non-automatic exits? In
particular, what's the plan for emulated devices that are currently
accessed through MMIO (e.g. the IOAPIC)?

Maybe I'm getting ahead of myself: What's the testing story? (since I
don't think linux would boot with these patches, I'm curious what you
are doing to ensure these pieces work)

On Fri, Oct 20, 2017 at 7:30 AM, Brijesh Singh <brijesh.singh@xxxxxxx> wrote:
> This part of Secure Encrypted Virtualization (SEV) series focuses on the
> changes required in a guest OS for SEV support.
>
> When SEV is active, the memory content of guest OS will be transparently
> encrypted with a key unique to the guest VM.
>
> SEV guests have concept of private and shared memory. Private memory is
> encrypted with the guest-specific key, while shared memory may be encrypted with
> hypervisor key. Certain type of memory (namely insruction pages and guest page
> tables) are always treated as private. Due to security reasons all DMA
> operations inside the guest must be performed on shared memory.
>
> The SEV feature is enabled by the hypervisor, and guest can identify it through
> CPUID function and the 0xc0010131 (F17H_SEV) MSR. When enabled, page table
> entries will determine how memory is accessed. If a page table entry has the
> memory encryption mask set, then that memory will be accessed using
> guest-specific key. Certain memory (instruction pages, page tables) will always
> be accessed using guest-specific key.
>
> This patch series builds upon the Secure Memory Encryption (SME) feature. Unlike
> SME, when SEV is enabled, all the data (e.g EFI, kernel, initrd, etc) will have
> been placed into memory as encrypted by the guest BIOS.
>
> The approach that this patch series takes is to encrypt everything possible
> starting early in the boot. Since the DMA operations inside guest must be
> performed on shared memory hence it uses SW-IOTLB to complete the DMA operations.
>
> The following links provide additional details:
>
> AMD Memory Encryption whitepaper:
> http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
>
> AMD64 Architecture Programmer's Manual:
>     http://support.amd.com/TechDocs/24593.pdf
>     SME is section 7.10
>     SEV is section 15.34
>
> Secure Encrypted Virutualization Key Management:
> http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf
>
> KVM Forum Presentation:
> http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf
>
> SEV Guest BIOS support:
>   SEV support has been accepted into EDKII/OVMF BIOS
>   https://github.com/tianocore/edk2/commits/master
>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: Ingo Molnar <mingo@xxxxxxxxxx>
> Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
> Cc: Borislav Petkov <bp@xxxxxxx>
> Cc: Andy Lutomirski <luto@xxxxxxxxxx>
> Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
> Cc: Brijesh Singh <brijesh.singh@xxxxxxx>
> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> Cc: "Radim KrÃâà mÃÆÃÂÃâÃâÂ" <rkrcmar@xxxxxxxxxx>
> Cc: kvm@xxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx
> Cc: x86@xxxxxxxxxx
>
> ---
> This series is based on tip/master commit : 7ffee292ddca (Merge branch 'x86/urgent')
>
> Complete git tree is available: https://github.com/codomania/tip/tree/sev-v7-p1
>
> Changes since v6:
>  * include jump_label.h to fix the build error seen with one of the randconfig
>
> Changes since v5:
>  * enhance early_set_memory_decrypted() to do memory contents encrypt/decrypt in
>    addition to C bit changes.
>
> Changes since v4:
>  * rename per-CPU define to DEFINE_PER_CPU_DECRYPTED
>  * add more comments in per-CPU section definition
>  * rename __sev_active() to sev_key_active() to use more obivious naming
>  * changes to address v4 feedbacks
>
> Changes since v3:
>  * use static key to branch the unrolling of rep ins/outs when SEV is active
>  * simplify the memory encryption detection logic
>  * rename per-cpu define to DEFINE_PER_CPU_UNENCRYPTED
>  * simplfy the logic to map per-cpu as unencrypted
>  * changes to address v3 feedbacks
>
> Changes since v2:
>  * add documentation
>  * update early_set_memory_* to use kernel_physical_mapping_init()
>    to split larger page into smaller (recommended by Boris)
>  * changes to address v2 feedback
>  * drop hypervisor specific patches, those patches will be included in part 2
>
> Brijesh Singh (5):
>   Documentation/x86: Add AMD Secure Encrypted Virtualization (SEV)
>     description
>   x86: Add support for changing memory encryption attribute in early
>     boot
>   percpu: Introduce DEFINE_PER_CPU_DECRYPTED
>   X86/KVM: Decrypt shared per-cpu variables when SEV is active
>   X86/KVM: Clear encryption attribute when SEV is active
>
> Tom Lendacky (12):
>   x86/mm: Add Secure Encrypted Virtualization (SEV) support
>   x86/mm: Don't attempt to encrypt initrd under SEV
>   x86/realmode: Don't decrypt trampoline area under SEV
>   x86/mm: Use encrypted access of boot related data with SEV
>   x86/mm: Include SEV for encryption memory attribute changes
>   x86/efi: Access EFI data as encrypted when SEV is active
>   resource: Consolidate resource walking code
>   resource: Provide resource struct in resource walk callback
>   x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory
>     pages
>   x86/mm: Add DMA support for SEV memory encryption
>   x86/boot: Add early boot support when running with SEV active
>   x86/io: Unroll string I/O when SEV is active
>
>  Documentation/x86/amd-memory-encryption.txt |  30 ++-
>  arch/powerpc/kernel/machine_kexec_file_64.c |  12 +-
>  arch/x86/boot/compressed/Makefile           |   1 +
>  arch/x86/boot/compressed/head_64.S          |  16 ++
>  arch/x86/boot/compressed/mem_encrypt.S      | 120 +++++++++++
>  arch/x86/boot/compressed/misc.h             |   2 +
>  arch/x86/boot/compressed/pagetable.c        |   8 +-
>  arch/x86/entry/vdso/vma.c                   |   5 +-
>  arch/x86/include/asm/io.h                   |  43 +++-
>  arch/x86/include/asm/mem_encrypt.h          |  14 ++
>  arch/x86/include/asm/msr-index.h            |   3 +
>  arch/x86/include/uapi/asm/kvm_para.h        |   1 -
>  arch/x86/kernel/crash.c                     |  18 +-
>  arch/x86/kernel/kvm.c                       |  40 +++-
>  arch/x86/kernel/kvmclock.c                  |  65 +++++-
>  arch/x86/kernel/pmem.c                      |   2 +-
>  arch/x86/kernel/setup.c                     |   6 +-
>  arch/x86/mm/ioremap.c                       | 123 +++++++++---
>  arch/x86/mm/mem_encrypt.c                   | 300 +++++++++++++++++++++++++++-
>  arch/x86/mm/pageattr.c                      |   4 +-
>  arch/x86/platform/efi/efi_64.c              |  16 +-
>  arch/x86/realmode/init.c                    |   5 +-
>  include/asm-generic/vmlinux.lds.h           |  19 ++
>  include/linux/ioport.h                      |   7 +-
>  include/linux/kexec.h                       |   2 +-
>  include/linux/mem_encrypt.h                 |   7 +-
>  include/linux/percpu-defs.h                 |  15 ++
>  kernel/kexec_file.c                         |   5 +-
>  kernel/resource.c                           |  76 ++++---
>  lib/swiotlb.c                               |   5 +-
>  30 files changed, 847 insertions(+), 123 deletions(-)
>  create mode 100644 arch/x86/boot/compressed/mem_encrypt.S
>
> --
> 2.9.5
>