Add TDP support for IGVM #14
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
For confidential guests a policy can be provided that defines the security level, debug status, expected launch measurement and other parameters that define the configuration of the confidential platform. This commit adds a new function named set_guest_policy() that can be implemented by each confidential platform, such as AMD SEV to set the policy. This will allow configuration of the policy from a multi-platform resource such as an IGVM file without the IGVM processor requiring specific implementation details for each platform. Signed-off-by: Roy Hopkins <[email protected]>
The initialization secions in IGVM files contains configuration that should be applied to the guest platform before it is started. This includes guest policy and other information that can affect the security level and measurement of a confidential guest. This commit refactors the existing section processing code to prepare it for handling initialization sections as well as directives and iterates the initialization sections in the IGVM file. Signed-off-by: Roy Hopkins <[email protected]>
Adds a handler for the guest policy initialization IGVM section and builds an SEV policy based on this information and the ID block directive if present. The policy is applied using by calling 'set_guest_policy()' on the ConfidentialGuestSupport object. Signed-off-by: Roy Hopkins <[email protected]>
The new cgs_set_guest_policy() function is provided to receive the guest policy flags, SNP ID block and SNP ID authentication from guest configuration such as an IGVM file and apply it to the platform prior to launching the guest. The policy is used to populate values for the existing 'policy', 'id_block' and 'id_auth' parameters. When provided, the guest policy is applied and the ID block configuration is used to verify the launch measurement and signatures. The guest is only successfully started if the expected launch measurements match the actual measurements and the signatures are valid. Signed-off-by: Roy Hopkins <[email protected]>
Always pair igvm_get_buffer() with igvm_free_buffer() before exiting the loop in supported_platform_compat_mask(). Signed-off-by: Peter Fang <[email protected]>
Take the compatibility mask into consideration when processing IGVM_VHT_PARAMETER_INSERT. Signed-off-by: Peter Fang <[email protected]>
Following b2c88ed, add the same parameter to TDX as well. Signed-off-by: Peter Fang <[email protected]>
This commit adds a new function named memory_is_shared() that can be implemented by each confidential platform. This function should return 1 if the default memory state is shared, and return 0 if the default memory state is private. For AMD SEV platforms, the current implementation always returns 1. This function is used to generate the ENVIRONMENT_INFO directive. Signed-off-by: Peter Fang <[email protected]>
Memory-related IGVM directives require KVM_MEMORY_MAPPING ioctl calls to be made when finalizing the guest. Allow these directives to add fw metadata. - Initialize fw entries as empty - Initialize mem_ptr to address 0 since the IGVM backend uses absolute memory addresses - Add an interface to allow metadata to be added as a fw entry - Expand data_offset in TdxFirmwareEntry to uint64_t since absolute addresses are used in IGVM mode Signed-off-by: Peter Fang <[email protected]>
Add TDX's implementation of CGS functions. Currently, only TD Partitioning is supported. TDX only supports a subset of the CGS page types. For PAGE_TYPE_NORMAL/ZERO/UNMEASURED, we directly create private pages using IGVM's prepared pages. For PAGE_TYPE_REQUIRED_MEMORY, we ask to create private memory pages during finalization. Always return 0 on memory_is_shared() calls as the default memory state on TDX platforms is always private. Signed-off-by: Peter Fang <[email protected]>
When the platform header indicates a TDX platform, use check_support() to check for TDP support. TDP is the only configuration supported right now. Signed-off-by: Peter Fang <[email protected]>
Prepare TDX fw for IGVM directives when an IGVM file is used. TDX fw needs to be initialized in this case just like when TD BIOS is used. Signed-off-by: Peter Fang <[email protected]>
- No need to create SVSM-specific fw_cfg files in IGVM mode - No need to explicitly create an SVSM memory region in IGVM mode since that will be prepared by the backend through igvm_prepare_memory() - Always try to mark pages as TDX_RAM_ADDED when processing fw entries as they could now be in RAM regions - Don't assume a TDVF image is always present Signed-off-by: Peter Fang <[email protected]>
peterfang
force-pushed
the
svsm-tdp-igvm
branch
from
2400a87
to
e6a5d1c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patchset adds TDP support for IGVM mode in host QEMU. The usage mirrors its SEV counterpart (
igvm-file=...).TDP only supports a subset of the existing IGVM directives. Internally, we translate IGVM directives into TDX fw metadata so that they can be processed the same way as TDVF during finalization.