Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

* HVF fixes * Extra qos-test debugging output (Christian) * SEV secret address autodetection (James) * SEV-ES support (Thomas) * Relocatable paths bugfix (Stefan) * RR fix (Pavel) * EventNotifier fix (Greg) # gpg: Signature made Tue 16 Feb 2021 16:15:59 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini-gitlab/tags/for-upstream: (21 commits) replay: fix icount request when replaying clock access event_notifier: Set ->initialized earlier in event_notifier_init() hvf: Fetch cr4 before evaluating CPUID(1) target/i386/hvf: add rdmsr 35H MSR_CORE_THREAD_COUNT hvf: x86: Remove unused definitions target/i386/hvf: add vmware-cpuid-freq cpu feature hvf: Guard xgetbv call util/cutils: Skip "." when looking for next directory component tests/qtest/qos-test: dump QEMU command if verbose tests/qtest/qos-test: dump environment variables if verbose tests/qtest/qos-test: dump qos graph if verbose libqos/qgraph_internal: add qos_printf() and qos_printf_literal() libqos/qgraph: add qos_node_create_driver_named() sev/i386: Enable an SEV-ES guest based on SEV policy kvm/i386: Use a per-VM check for SMM capability sev/i386: Don't allow a system reset under an SEV-ES guest sev/i386: Allow AP booting under SEV-ES sev/i386: Require in-kernel irqchip support for SEV-ES guests sev/i386: Add initial support for SEV-ES sev: update sev-inject-launch-secret to make gpa optional ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
author: Peter Maydell <peter.maydell@linaro.org> 2021-02-17 13:04:48 +0000
committer: Peter Maydell <peter.maydell@linaro.org> 2021-02-17 13:04:48 +0000
commit: f0f75dc174b6c79eb78a161d1c0921f82d7f1bf0 (patch)
tree: e7c899d57931490b7bc760f8e800a4fe42416b55 /hw
parent: 65d6ae4927d2974bcfe9326c3fdfa0fac5c6295b (diff)
parent: 366a85e4bb748794b1ae0ca0ccc2d95f316679a0 (diff)
1 files changed, 126 insertions, 4 deletions
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
index 11172214f1..9fe72b370e 100644
--- a/hw/i386/pc_sysfw.c
+++ b/hw/i386/pc_sysfw.c
@@ -125,6 +125,113 @@ void pc_system_flash_cleanup_unused(PCMachineState *pcms)
     }
 }
 
+#define OVMF_TABLE_FOOTER_GUID "96b582de-1fb2-45f7-baea-a366c55a082d"
+
+static uint8_t *ovmf_table;
+static int ovmf_table_len;
+
+static void pc_system_parse_ovmf_flash(uint8_t *flash_ptr, size_t flash_size)
+{
+    uint8_t *ptr;
+    QemuUUID guid;
+    int tot_len;
+
+    /* should only be called once */
+    if (ovmf_table) {
+        return;
+    }
+
+    if (flash_size < TARGET_PAGE_SIZE) {
+        return;
+    }
+
+    /*
+     * if this is OVMF there will be a table footer
+     * guid 48 bytes before the end of the flash file.  If it's
+     * not found, silently abort the flash parsing.
+     */
+    qemu_uuid_parse(OVMF_TABLE_FOOTER_GUID, &guid);
+    guid = qemu_uuid_bswap(guid); /* guids are LE */
+    ptr = flash_ptr + flash_size - 48;
+    if (!qemu_uuid_is_equal((QemuUUID *)ptr, &guid)) {
+        return;
+    }
+
+    /* if found, just before is two byte table length */
+    ptr -= sizeof(uint16_t);
+    tot_len = le16_to_cpu(*(uint16_t *)ptr) - sizeof(guid) - sizeof(uint16_t);
+
+    if (tot_len <= 0) {
+        return;
+    }
+
+    ovmf_table = g_malloc(tot_len);
+    ovmf_table_len = tot_len;
+
+    /*
+     * ptr is the foot of the table, so copy it all to the newly
+     * allocated ovmf_table and then set the ovmf_table pointer
+     * to the table foot
+     */
+    memcpy(ovmf_table, ptr - tot_len, tot_len);
+    ovmf_table += tot_len;
+}
+
+bool pc_system_ovmf_table_find(const char *entry, uint8_t **data,
+                               int *data_len)
+{
+    uint8_t *ptr = ovmf_table;
+    int tot_len = ovmf_table_len;
+    QemuUUID entry_guid;
+
+    if (qemu_uuid_parse(entry, &entry_guid) < 0) {
+        return false;
+    }
+
+    if (!ptr) {
+        return false;
+    }
+
+    entry_guid = qemu_uuid_bswap(entry_guid); /* guids are LE */
+    while (tot_len >= sizeof(QemuUUID) + sizeof(uint16_t)) {
+        int len;
+        QemuUUID *guid;
+
+        /*
+         * The data structure is
+         *   arbitrary length data
+         *   2 byte length of entire entry
+         *   16 byte guid
+         */
+        guid = (QemuUUID *)(ptr - sizeof(QemuUUID));
+        len = le16_to_cpu(*(uint16_t *)(ptr - sizeof(QemuUUID) -
+                                        sizeof(uint16_t)));
+
+        /*
+         * just in case the table is corrupt, wouldn't want to spin in
+         * the zero case
+         */
+        if (len < sizeof(QemuUUID) + sizeof(uint16_t)) {
+            return false;
+        } else if (len > tot_len) {
+            return false;
+        }
+
+        ptr -= len;
+        tot_len -= len;
+        if (qemu_uuid_is_equal(guid, &entry_guid)) {
+            if (data) {
+                *data = ptr;
+            }
+            if (data_len) {
+                *data_len = len - sizeof(QemuUUID) - sizeof(uint16_t);
+            }
+            return true;
+        }
+    }
+    return false;
+}
+
 /*
  * Map the pcms->flash[] from 4GiB downward, and realize.
  * Map them in descending order, i.e. pcms->flash[0] at the top,
@@ -149,6 +256,7 @@ static void pc_system_flash_map(PCMachineState *pcms,
     MemoryRegion *flash_mem;
     void *flash_ptr;
     int flash_size;
+    int ret;
 
     assert(PC_MACHINE_GET_CLASS(pcms)->pci_enabled);
 
@@ -192,10 +300,24 @@ static void pc_system_flash_map(PCMachineState *pcms,
             flash_mem = pflash_cfi01_get_memory(system_flash);
             pc_isa_bios_init(rom_memory, flash_mem, size);
 
-            /* Encrypt the pflash boot ROM, if necessary */
-            flash_ptr = memory_region_get_ram_ptr(flash_mem);
-            flash_size = memory_region_size(flash_mem);
-            sev_encrypt_flash(flash_ptr, flash_size, &error_fatal);
+            /* Encrypt the pflash boot ROM */
+            if (sev_enabled()) {
+                flash_ptr = memory_region_get_ram_ptr(flash_mem);
+                flash_size = memory_region_size(flash_mem);
+                /*
+                 * OVMF places a GUIDed structures in the flash, so
+                 * search for them
+                 */
+                pc_system_parse_ovmf_flash(flash_ptr, flash_size);
+
+                ret = sev_es_save_reset_vector(flash_ptr, flash_size);
+                if (ret) {
+                    error_report("failed to locate and/or save reset vector");
+                    exit(1);
+                }
+
+                sev_encrypt_flash(flash_ptr, flash_size, &error_fatal);
+            }
         }
     }
 }
author	Peter Maydell <peter.maydell@linaro.org>	2021-02-17 13:04:48 +0000
committer	Peter Maydell <peter.maydell@linaro.org>	2021-02-17 13:04:48 +0000
commit	f0f75dc174b6c79eb78a161d1c0921f82d7f1bf0 (patch)
tree	e7c899d57931490b7bc760f8e800a4fe42416b55 /hw
parent	65d6ae4927d2974bcfe9326c3fdfa0fac5c6295b (diff)
parent	366a85e4bb748794b1ae0ca0ccc2d95f316679a0 (diff)