qemu-qemu-1/target/i386/sev.h

/*
 * QEMU Secure Encrypted Virutualization (SEV) support
 *
 * Copyright: Advanced Micro Devices, 2016-2018
 *
 * Authors:
 *  Brijesh Singh <brijesh.singh@amd.com>
 *
 * This work is licensed under the terms of the GNU GPL, version 2 or later.
 * See the COPYING file in the top-level directory.
 *
 */

#ifndef I386_SEV_H
#define I386_SEV_H

#include "target/i386/svm.h"

#ifndef CONFIG_USER_ONLY
#include CONFIG_DEVICES /* CONFIG_SEV */
#endif

#if !defined(CONFIG_SEV) || defined(CONFIG_USER_ONLY)
#define sev_enabled() 0
#define sev_es_enabled() 0
#define sev_snp_enabled() 0
#else
bool sev_enabled(void);
bool sev_es_enabled(void);
bool sev_snp_enabled(void);
#endif

#if !defined(CONFIG_USER_ONLY)

#define TYPE_SEV_COMMON "sev-common"
#define TYPE_SEV_GUEST "sev-guest"
#define TYPE_SEV_SNP_GUEST "sev-snp-guest"

#define SEV_POLICY_NODBG        0x1
#define SEV_POLICY_NOKS         0x2
#define SEV_POLICY_ES           0x4
#define SEV_POLICY_NOSEND       0x8
#define SEV_POLICY_DOMAIN       0x10
#define SEV_POLICY_SEV          0x20

#define SEV_SNP_POLICY_SMT      0x10000
#define SEV_SNP_POLICY_DBG      0x80000

#define SVM_SEV_FEAT_SNP_ACTIVE 1

typedef struct SevKernelLoaderContext {
    char *setup_data;
    size_t setup_size;
    char *kernel_data;
    size_t kernel_size;
    char *initrd_data;
    size_t initrd_size;
    char *cmdline_data;
    size_t cmdline_size;
} SevKernelLoaderContext;

/* Save area definition for SEV-ES and SEV-SNP guests */
struct QEMU_PACKED sev_es_save_area {
    struct vmcb_seg es;
    struct vmcb_seg cs;
    struct vmcb_seg ss;
    struct vmcb_seg ds;
    struct vmcb_seg fs;
    struct vmcb_seg gs;
    struct vmcb_seg gdtr;
    struct vmcb_seg ldtr;
    struct vmcb_seg idtr;
    struct vmcb_seg tr;
    uint64_t vmpl0_ssp;
    uint64_t vmpl1_ssp;
    uint64_t vmpl2_ssp;
    uint64_t vmpl3_ssp;
    uint64_t u_cet;
    uint8_t reserved_0xc8[2];
    uint8_t vmpl;
    uint8_t cpl;
    uint8_t reserved_0xcc[4];
    uint64_t efer;
    uint8_t reserved_0xd8[104];
    uint64_t xss;
    uint64_t cr4;
    uint64_t cr3;
    uint64_t cr0;
    uint64_t dr7;
    uint64_t dr6;
    uint64_t rflags;
    uint64_t rip;
    uint64_t dr0;
    uint64_t dr1;
    uint64_t dr2;
    uint64_t dr3;
    uint64_t dr0_addr_mask;
    uint64_t dr1_addr_mask;
    uint64_t dr2_addr_mask;
    uint64_t dr3_addr_mask;
    uint8_t reserved_0x1c0[24];
    uint64_t rsp;
    uint64_t s_cet;
    uint64_t ssp;
    uint64_t isst_addr;
    uint64_t rax;
    uint64_t star;
    uint64_t lstar;
    uint64_t cstar;
    uint64_t sfmask;
    uint64_t kernel_gs_base;
    uint64_t sysenter_cs;
    uint64_t sysenter_esp;
    uint64_t sysenter_eip;
    uint64_t cr2;
    uint8_t reserved_0x248[32];
    uint64_t g_pat;
    uint64_t dbgctl;
    uint64_t br_from;
    uint64_t br_to;
    uint64_t last_excp_from;
    uint64_t last_excp_to;
    uint8_t reserved_0x298[80];
    uint32_t pkru;
    uint32_t tsc_aux;
    uint8_t reserved_0x2f0[24];
    uint64_t rcx;
    uint64_t rdx;
    uint64_t rbx;
    uint64_t reserved_0x320; /* rsp already available at 0x01d8 */
    uint64_t rbp;
    uint64_t rsi;
    uint64_t rdi;
    uint64_t r8;
    uint64_t r9;
    uint64_t r10;
    uint64_t r11;
    uint64_t r12;
    uint64_t r13;
    uint64_t r14;
    uint64_t r15;
    uint8_t reserved_0x380[16];
    uint64_t guest_exit_info_1;
    uint64_t guest_exit_info_2;
    uint64_t guest_exit_int_info;
    uint64_t guest_nrip;
    uint64_t sev_features;
    uint64_t vintr_ctrl;
    uint64_t guest_exit_code;
    uint64_t virtual_tom;
    uint64_t tlb_id;
    uint64_t pcpu_id;
    uint64_t event_inj;
    uint64_t xcr0;
    uint8_t reserved_0x3f0[16];

    /* Floating point area */
    uint64_t x87_dp;
    uint32_t mxcsr;
    uint16_t x87_ftw;
    uint16_t x87_fsw;
    uint16_t x87_fcw;
    uint16_t x87_fop;
    uint16_t x87_ds;
    uint16_t x87_cs;
    uint64_t x87_rip;
    uint8_t fpreg_x87[80];
    uint8_t fpreg_xmm[256];
    uint8_t fpreg_ymm[256];
};

struct QEMU_PACKED sev_snp_id_authentication {
    uint32_t id_key_alg;
    uint32_t auth_key_algo;
    uint8_t reserved[56];
    uint8_t id_block_sig[512];
    uint8_t id_key[1028];
    uint8_t reserved2[60];
    uint8_t id_key_sig[512];
    uint8_t author_key[1028];
    uint8_t reserved3[892];
};

bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp);

int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp);
int sev_inject_launch_secret(const char *hdr, const char *secret,
                             uint64_t gpa, Error **errp);

int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size);
void sev_es_set_reset_vector(CPUState *cpu);

void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size);

#endif /* !CONFIG_USER_ONLY */

uint32_t sev_get_cbit_position(void);
uint32_t sev_get_reduced_phys_bits(void);

#endif