aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames Bottomley <jejb@linux.ibm.com>2021-02-04 11:39:39 -0800
committerPaolo Bonzini <pbonzini@redhat.com>2021-02-16 17:15:39 +0100
commitf522cef9b352ac2f9880c5c8b2ea7b2033bdc9f0 (patch)
tree464b4028edfcc75bb8b4407556f8cddc845e4259
parent9617cddb72649f563eef8114648140b8c5607a71 (diff)
downloadqemu-f522cef9b352ac2f9880c5c8b2ea7b2033bdc9f0.zip
qemu-f522cef9b352ac2f9880c5c8b2ea7b2033bdc9f0.tar.gz
qemu-f522cef9b352ac2f9880c5c8b2ea7b2033bdc9f0.tar.bz2
sev: update sev-inject-launch-secret to make gpa optional
If the gpa isn't specified, it's value is extracted from the OVMF properties table located below the reset vector (and if this doesn't exist, an error is returned). OVMF has defined the GUID for the SEV secret area as 4c2eb361-7d9b-4cc3-8081-127c90d3d294 and the format of the <data> is: <base>|<size> where both are uint32_t. We extract <base> and use it as the gpa for the injection. Note: it is expected that the injected secret will also be GUID described but since qemu can't interpret it, the format is left undefined here. Signed-off-by: James Bottomley <jejb@linux.ibm.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20210204193939.16617-3-jejb@linux.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-rw-r--r--qapi/misc-target.json2
-rw-r--r--target/i386/monitor.c23
2 files changed, 23 insertions, 2 deletions
diff --git a/qapi/misc-target.json b/qapi/misc-target.json
index 06ef875..0c7491c 100644
--- a/qapi/misc-target.json
+++ b/qapi/misc-target.json
@@ -216,7 +216,7 @@
#
##
{ 'command': 'sev-inject-launch-secret',
- 'data': { 'packet-header': 'str', 'secret': 'str', 'gpa': 'uint64' },
+ 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' },
'if': 'defined(TARGET_I386)' }
##
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index 1bc9144..5994408 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -34,6 +34,7 @@
#include "sev_i386.h"
#include "qapi/qapi-commands-misc-target.h"
#include "qapi/qapi-commands-misc.h"
+#include "hw/i386/pc.h"
/* Perform linear address sign extension */
static hwaddr addr_canonical(CPUArchState *env, hwaddr addr)
@@ -730,9 +731,29 @@ SevCapability *qmp_query_sev_capabilities(Error **errp)
return sev_get_capabilities(errp);
}
+#define SEV_SECRET_GUID "4c2eb361-7d9b-4cc3-8081-127c90d3d294"
+struct sev_secret_area {
+ uint32_t base;
+ uint32_t size;
+};
+
void qmp_sev_inject_launch_secret(const char *packet_hdr,
- const char *secret, uint64_t gpa,
+ const char *secret,
+ bool has_gpa, uint64_t gpa,
Error **errp)
{
+ if (!has_gpa) {
+ uint8_t *data;
+ struct sev_secret_area *area;
+
+ if (!pc_system_ovmf_table_find(SEV_SECRET_GUID, &data, NULL)) {
+ error_setg(errp, "SEV: no secret area found in OVMF,"
+ " gpa must be specified.");
+ return;
+ }
+ area = (struct sev_secret_area *)data;
+ gpa = area->base;
+ }
+
sev_inject_launch_secret(packet_hdr, secret, gpa, errp);
}