target/i386: add Secure Encrypted Virtualization (SEV) object

CONFIG_ACPI_VMGENID=y

CONFIG_FW_CFG_DMA=y

CONFIG_I2C=y

CONFIG_SEV=$(CONFIG_KVM)

CONFIG_ACPI_VMGENID=y

CONFIG_FW_CFG_DMA=y

CONFIG_I2C=y

CONFIG_SEV=$(CONFIG_KVM)

several flags that restricts what can be done on running SEV guest.

See KM Spec section 3 and 6.2 for more details.

The guest policy can be provided via the 'policy' property (see below)

# ${QEMU} \

   sev-guest,id=sev0,policy=0x1...\

Guest owners provided DH certificate and session parameters will be used to

establish a cryptographic session with the guest owner to negotiate keys used

for the attestation.

The DH certificate and session blob can be provided via 'dh-cert-file' and

'session-file' property (see below

# ${QEMU} \

     sev-guest,id=sev0,dh-cert-file=<file1>,session-file=<file2>

LAUNCH_UPDATE_DATA encrypts the memory region using the cryptographic context

created via LAUNCH_START command. If required, this command can be called

multiple times to encrypt different memory regions. The command also calculates

See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the

complete flow chart.

To launch a SEV guest

# ${QEMU} \

    -machine ...,memory-encryption=sev0 \

    -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1

Debugging

-----------

Since memory contents of SEV guest is encrypted hence hypervisor access to the

         data=$SECRET,iv=$(<iv.b64)

@end example

@item -object sev-guest,id=@var{id},cbitpos=@var{cbitpos},reduced-phys-bits=@var{val},[sev-device=@var{string},policy=@var{policy},handle=@var{handle},dh-cert-file=@var{file},session-file=@var{file}]

Create a Secure Encrypted Virtualization (SEV) guest object, which can be used

to provide the guest memory encryption support on AMD processors.

When memory encryption is enabled, one of the physical address bit (aka the

C-bit) is utilized to mark if a memory page is protected. The @option{cbitpos}

is used to provide the C-bit position. The C-bit position is Host family dependent

hence user must provide this value. On EPYC, the value should be 47.

When memory encryption is enabled, we loose certain bits in physical address space.

The @option{reduced-phys-bits} is used to provide the number of bits we loose in

physical address space. Similar to C-bit, the value is Host family dependent.

On EPYC, the value should be 5.

The @option{sev-device} provides the device file to use for communicating with

the SEV firmware running inside AMD Secure Processor. The default device is

'/dev/sev'. If hardware supports memory encryption then /dev/sev devices are

created by CCP driver.

The @option{policy} provides the guest policy to be enforced by the SEV firmware

and restrict what configuration and operational commands can be performed on this

guest by the hypervisor. The policy should be provided by the guest owner and is

bound to the guest and cannot be changed throughout the lifetime of the guest.

The default is 0.

If guest @option{policy} allows sharing the key with another SEV guest then

@option{handle} can be use to provide handle of the guest from which to share

the key.

The @option{dh-cert-file} and @option{session-file} provides the guest owner's

Public Diffie-Hillman key defined in SEV spec. The PDH and session parameters

are used for establishing a cryptographic session with the guest owner to

negotiate keys used for attestation. The file must be encoded in base64.

e.g to launch a SEV guest

@example

 # $QEMU \

     ......

     -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5 \

     -machine ...,memory-encryption=sev0

     .....

@end example

@end table

ETEXI

obj-$(CONFIG_TCG) += seg_helper.o smm_helper.o svm_helper.o

obj-$(CONFIG_SOFTMMU) += machine.o arch_memory_mapping.o arch_dump.o monitor.o

obj-$(CONFIG_KVM) += kvm.o hyperv.o

obj-$(CONFIG_SEV) += sev.o

obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o

# HAX support

ifdef CONFIG_WIN32