| Message ID | 20200619020602.118306-2-david@gibson.dropbear.id.au (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Generalize memory encryption models | expand |
* David Gibson (david@gibson.dropbear.id.au) wrote: > Several architectures have mechanisms which are designed to protect guest > memory from interference or eavesdropping by a compromised hypervisor. AMD > SEV does this with in-chip memory encryption and Intel has a similar > mechanism. POWER's Protected Execution Framework (PEF) accomplishes a > similar goal using an ultravisor and new memory protection features, > instead of encryption. > > To (partially) unify handling for these, this introduces a new > HostTrustLimitation QOM interface. This does make some sense to me from a SEV point of view, so Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com> > Signed-off-by: David Gibson <david@gibson.dropbear.id.au> > --- > backends/Makefile.objs | 2 ++ > backends/host-trust-limitation.c | 29 ++++++++++++++++++++++++ > include/exec/host-trust-limitation.h | 33 ++++++++++++++++++++++++++++ > include/qemu/typedefs.h | 1 + > 4 files changed, 65 insertions(+) > create mode 100644 backends/host-trust-limitation.c > create mode 100644 include/exec/host-trust-limitation.h > > diff --git a/backends/Makefile.objs b/backends/Makefile.objs > index 28a847cd57..af761c9ab1 100644 > --- a/backends/Makefile.objs > +++ b/backends/Makefile.objs > @@ -21,3 +21,5 @@ common-obj-$(CONFIG_LINUX) += hostmem-memfd.o > common-obj-$(CONFIG_GIO) += dbus-vmstate.o > dbus-vmstate.o-cflags = $(GIO_CFLAGS) > dbus-vmstate.o-libs = $(GIO_LIBS) > + > +common-obj-y += host-trust-limitation.o > diff --git a/backends/host-trust-limitation.c b/backends/host-trust-limitation.c > new file mode 100644 > index 0000000000..96a381cd8a > --- /dev/null > +++ b/backends/host-trust-limitation.c > @@ -0,0 +1,29 @@ > +/* > + * QEMU Host Trust Limitation interface > + * > + * Copyright: David Gibson, Red Hat Inc. 2020 > + * > + * Authors: > + * David Gibson <david@gibson.dropbear.id.au> > + * > + * This work is licensed under the terms of the GNU GPL, version 2 or > + * later. See the COPYING file in the top-level directory. > + * > + */ > + > +#include "qemu/osdep.h" > + > +#include "exec/host-trust-limitation.h" > + > +static const TypeInfo host_trust_limitation_info = { > + .name = TYPE_HOST_TRUST_LIMITATION, > + .parent = TYPE_INTERFACE, > + .class_size = sizeof(HostTrustLimitationClass), > +}; > + > +static void host_trust_limitation_register_types(void) > +{ > + type_register_static(&host_trust_limitation_info); > +} > + > +type_init(host_trust_limitation_register_types) > diff --git a/include/exec/host-trust-limitation.h b/include/exec/host-trust-limitation.h > new file mode 100644 > index 0000000000..03887b1be1 > --- /dev/null > +++ b/include/exec/host-trust-limitation.h > @@ -0,0 +1,33 @@ > +/* > + * QEMU Host Trust Limitation interface > + * > + * Copyright: David Gibson, Red Hat Inc. 2020 > + * > + * Authors: > + * David Gibson <david@gibson.dropbear.id.au> > + * > + * This work is licensed under the terms of the GNU GPL, version 2 or > + * later. See the COPYING file in the top-level directory. > + * > + */ > +#ifndef QEMU_HOST_TRUST_LIMITATION_H > +#define QEMU_HOST_TRUST_LIMITATION_H > + > +#include "qom/object.h" > + > +#define TYPE_HOST_TRUST_LIMITATION "host-trust-limitation" > +#define HOST_TRUST_LIMITATION(obj) \ > + INTERFACE_CHECK(HostTrustLimitation, (obj), \ > + TYPE_HOST_TRUST_LIMITATION) > +#define HOST_TRUST_LIMITATION_CLASS(klass) \ > + OBJECT_CLASS_CHECK(HostTrustLimitationClass, (klass), \ > + TYPE_HOST_TRUST_LIMITATION) > +#define HOST_TRUST_LIMITATION_GET_CLASS(obj) \ > + OBJECT_GET_CLASS(HostTrustLimitationClass, (obj), \ > + TYPE_HOST_TRUST_LIMITATION) > + > +typedef struct HostTrustLimitationClass { > + InterfaceClass parent; > +} HostTrustLimitationClass; > + > +#endif /* QEMU_HOST_TRUST_LIMITATION_H */ > diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h > index ce4a78b687..f75c7eb2f2 100644 > --- a/include/qemu/typedefs.h > +++ b/include/qemu/typedefs.h > @@ -51,6 +51,7 @@ typedef struct FWCfgIoState FWCfgIoState; > typedef struct FWCfgMemState FWCfgMemState; > typedef struct FWCfgState FWCfgState; > typedef struct HostMemoryBackend HostMemoryBackend; > +typedef struct HostTrustLimitation HostTrustLimitation; > typedef struct I2CBus I2CBus; > typedef struct I2SCodec I2SCodec; > typedef struct IOMMUMemoryRegion IOMMUMemoryRegion; > -- > 2.26.2 > -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
On 6/18/20 7:05 PM, David Gibson wrote: > Several architectures have mechanisms which are designed to protect guest > memory from interference or eavesdropping by a compromised hypervisor. AMD > SEV does this with in-chip memory encryption and Intel has a similar > mechanism. POWER's Protected Execution Framework (PEF) accomplishes a > similar goal using an ultravisor and new memory protection features, > instead of encryption. > > To (partially) unify handling for these, this introduces a new > HostTrustLimitation QOM interface. > > Signed-off-by: David Gibson <david@gibson.dropbear.id.au> > --- > backends/Makefile.objs | 2 ++ > backends/host-trust-limitation.c | 29 ++++++++++++++++++++++++ > include/exec/host-trust-limitation.h | 33 ++++++++++++++++++++++++++++ > include/qemu/typedefs.h | 1 + > 4 files changed, 65 insertions(+) > create mode 100644 backends/host-trust-limitation.c > create mode 100644 include/exec/host-trust-limitation.h Reviewed-by: Richard Henderson <richard.henderson@linaro.org> r~
diff --git a/backends/Makefile.objs b/backends/Makefile.objs index 28a847cd57..af761c9ab1 100644 --- a/backends/Makefile.objs +++ b/backends/Makefile.objs @@ -21,3 +21,5 @@ common-obj-$(CONFIG_LINUX) += hostmem-memfd.o common-obj-$(CONFIG_GIO) += dbus-vmstate.o dbus-vmstate.o-cflags = $(GIO_CFLAGS) dbus-vmstate.o-libs = $(GIO_LIBS) + +common-obj-y += host-trust-limitation.o diff --git a/backends/host-trust-limitation.c b/backends/host-trust-limitation.c new file mode 100644 index 0000000000..96a381cd8a --- /dev/null +++ b/backends/host-trust-limitation.c @@ -0,0 +1,29 @@ +/* + * QEMU Host Trust Limitation interface + * + * Copyright: David Gibson, Red Hat Inc. 2020 + * + * Authors: + * David Gibson <david@gibson.dropbear.id.au> + * + * This work is licensed under the terms of the GNU GPL, version 2 or + * later. See the COPYING file in the top-level directory. + * + */ + +#include "qemu/osdep.h" + +#include "exec/host-trust-limitation.h" + +static const TypeInfo host_trust_limitation_info = { + .name = TYPE_HOST_TRUST_LIMITATION, + .parent = TYPE_INTERFACE, + .class_size = sizeof(HostTrustLimitationClass), +}; + +static void host_trust_limitation_register_types(void) +{ + type_register_static(&host_trust_limitation_info); +} + +type_init(host_trust_limitation_register_types) diff --git a/include/exec/host-trust-limitation.h b/include/exec/host-trust-limitation.h new file mode 100644 index 0000000000..03887b1be1 --- /dev/null +++ b/include/exec/host-trust-limitation.h @@ -0,0 +1,33 @@ +/* + * QEMU Host Trust Limitation interface + * + * Copyright: David Gibson, Red Hat Inc. 2020 + * + * Authors: + * David Gibson <david@gibson.dropbear.id.au> + * + * This work is licensed under the terms of the GNU GPL, version 2 or + * later. See the COPYING file in the top-level directory. + * + */ +#ifndef QEMU_HOST_TRUST_LIMITATION_H +#define QEMU_HOST_TRUST_LIMITATION_H + +#include "qom/object.h" + +#define TYPE_HOST_TRUST_LIMITATION "host-trust-limitation" +#define HOST_TRUST_LIMITATION(obj) \ + INTERFACE_CHECK(HostTrustLimitation, (obj), \ + TYPE_HOST_TRUST_LIMITATION) +#define HOST_TRUST_LIMITATION_CLASS(klass) \ + OBJECT_CLASS_CHECK(HostTrustLimitationClass, (klass), \ + TYPE_HOST_TRUST_LIMITATION) +#define HOST_TRUST_LIMITATION_GET_CLASS(obj) \ + OBJECT_GET_CLASS(HostTrustLimitationClass, (obj), \ + TYPE_HOST_TRUST_LIMITATION) + +typedef struct HostTrustLimitationClass { + InterfaceClass parent; +} HostTrustLimitationClass; + +#endif /* QEMU_HOST_TRUST_LIMITATION_H */ diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h index ce4a78b687..f75c7eb2f2 100644 --- a/include/qemu/typedefs.h +++ b/include/qemu/typedefs.h @@ -51,6 +51,7 @@ typedef struct FWCfgIoState FWCfgIoState; typedef struct FWCfgMemState FWCfgMemState; typedef struct FWCfgState FWCfgState; typedef struct HostMemoryBackend HostMemoryBackend; +typedef struct HostTrustLimitation HostTrustLimitation; typedef struct I2CBus I2CBus; typedef struct I2SCodec I2SCodec; typedef struct IOMMUMemoryRegion IOMMUMemoryRegion;
Several architectures have mechanisms which are designed to protect guest memory from interference or eavesdropping by a compromised hypervisor. AMD SEV does this with in-chip memory encryption and Intel has a similar mechanism. POWER's Protected Execution Framework (PEF) accomplishes a similar goal using an ultravisor and new memory protection features, instead of encryption. To (partially) unify handling for these, this introduces a new HostTrustLimitation QOM interface. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> --- backends/Makefile.objs | 2 ++ backends/host-trust-limitation.c | 29 ++++++++++++++++++++++++ include/exec/host-trust-limitation.h | 33 ++++++++++++++++++++++++++++ include/qemu/typedefs.h | 1 + 4 files changed, 65 insertions(+) create mode 100644 backends/host-trust-limitation.c create mode 100644 include/exec/host-trust-limitation.h