From patchwork Fri Jan 27 11:39:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suzuki K Poulose X-Patchwork-Id: 49278 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp787407wrn; Fri, 27 Jan 2023 03:44:21 -0800 (PST) X-Google-Smtp-Source: AMrXdXtjFlcuZdV8tZ+zarGs4DvF3wfvrGVx/L1h3Uoi5P4w1HDT+8vL0Ss9VN8VmrAb0WwmD/xf X-Received: by 2002:a05:6a20:6f06:b0:ad:5cde:8f05 with SMTP id gt6-20020a056a206f0600b000ad5cde8f05mr36467443pzb.37.1674819861699; Fri, 27 Jan 2023 03:44:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674819861; cv=none; d=google.com; s=arc-20160816; b=z3avgceO4V7xvjHwaqcioBnKE9eFwk9qZHeTSHWzm7aaea749DEeQQr8s4SSAHs313 fR1QLQLzLo1euN/IZN3th3EA2CtadJZw+Bg45U0a60KzLOb/jPWXPLsgVVeDqypUpWjF PGiHIqV56uQw9D9DaLXQaP7gGxuXc7po6ba5UM/VlR5Ii6KmEqaIzhGxxU4N8HGkrFxz BopoNiVqEjIXA8xZZCex95JOcpxRgVxP9rv9qPNZr14HeX8fBlKboFG/MUVKG71P97bG CDCvSweHHrGl/r38DSfub42WDYy2yFNnhqCWANjkJvYjbP5aXrS94CsedJRMhodVwiq3 ukMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=AEetKLrO/EAAOpcCFNMbF8UYHwul1xyne71qn3eMHU8=; b=NmhqRTfLs5ZDnJOqwKGPyZXWY84GdnZnepqL6auf35ldCPrz+0RoTIhaVAbYmR+rov sMH/Z9yyWEJSsgHQQsdjlMbY+20VtL8aQhac5VkOmqpvgO35pxZmU1uhUJM2WVvMhqPI i3h5wF6eeWq62SsKgjZjcLrK2P7vBi4vbUlbxp/t6YtgLGZCw15p9CO79t+SZg3pW6be 8TqYoZ64pxlwCWG3xu5CVytswvUi56M9RqibzZfHWDd7ZMRGrhoWYok22WhNUupLzNbM jwo9Uj7K7jC/Vh4KK+Om5tGm09gID5392Lj3rCLXpDZlSpBKmyrJQRFlLQ9MpOi5ipD8 cv6g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j71-20020a638b4a000000b004dfb11310dbsi1785662pge.164.2023.01.27.03.44.08; Fri, 27 Jan 2023 03:44:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229819AbjA0Llp (ORCPT + 99 others); Fri, 27 Jan 2023 06:41:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60340 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233878AbjA0LlM (ORCPT ); Fri, 27 Jan 2023 06:41:12 -0500 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 66D6C22A39; Fri, 27 Jan 2023 03:40:45 -0800 (PST) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E28C316F8; Fri, 27 Jan 2023 03:41:07 -0800 (PST) Received: from ewhatever.cambridge.arm.com (ewhatever.cambridge.arm.com [10.1.197.1]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 6552D3F64C; Fri, 27 Jan 2023 03:40:23 -0800 (PST) From: Suzuki K Poulose To: kvm@vger.kernel.org, kvmarm@lists.linux.dev Cc: suzuki.poulose@arm.com, Alexandru Elisei , Andrew Jones , Christoffer Dall , Fuad Tabba , Jean-Philippe Brucker , Joey Gouly , Marc Zyngier , Mark Rutland , Oliver Upton , Paolo Bonzini , Quentin Perret , Steven Price , Thomas Huth , Will Deacon , Zenghui Yu , linux-coco@lists.linux.dev, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [RFC kvmtool 13/31] arm64: Add --measurement-algo command line option for a realm Date: Fri, 27 Jan 2023 11:39:14 +0000 Message-Id: <20230127113932.166089-14-suzuki.poulose@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230127113932.166089-1-suzuki.poulose@arm.com> References: <20230127112248.136810-1-suzuki.poulose@arm.com> <20230127113932.166089-1-suzuki.poulose@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756175911328360157?= X-GMAIL-MSGID: =?utf-8?q?1756175911328360157?= From: Christoffer Dall Add the command line option to specify the algorithm that will be used to create the cryptographic measurement of the realm. Valid options are "sha256" and "sha512". The final measurement will be a hash using the selected algorithm Signed-off-by: Christoffer Dall Signed-off-by: Alexandru Elisei Signed-off-by: Suzuki K Poulose --- arm/aarch64/include/kvm/kvm-config-arch.h | 5 ++++- arm/aarch64/kvm.c | 17 ++++++++++++++++- arm/include/arm-common/kvm-arch.h | 1 + arm/include/arm-common/kvm-config-arch.h | 1 + 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/arm/aarch64/include/kvm/kvm-config-arch.h b/arm/aarch64/include/kvm/kvm-config-arch.h index d2df850a..b93999b6 100644 --- a/arm/aarch64/include/kvm/kvm-config-arch.h +++ b/arm/aarch64/include/kvm/kvm-config-arch.h @@ -23,7 +23,10 @@ int vcpu_affinity_parser(const struct option *opt, const char *arg, int unset); OPT_BOOLEAN('\0', "disable-sve", &(cfg)->disable_sve, \ "Disable SVE"), \ OPT_BOOLEAN('\0', "realm", &(cfg)->is_realm, \ - "Create VM running in a realm using Arm RME"), + "Create VM running in a realm using Arm RME"), \ + OPT_STRING('\0', "measurement-algo", &(cfg)->measurement_algo, \ + "sha256, sha512", \ + "Realm Measurement algorithm, default: sha256"), #include "arm-common/kvm-config-arch.h" diff --git a/arm/aarch64/kvm.c b/arm/aarch64/kvm.c index 5db4c572..a5a98b2e 100644 --- a/arm/aarch64/kvm.c +++ b/arm/aarch64/kvm.c @@ -53,12 +53,27 @@ static void validate_mem_cfg(struct kvm *kvm) static void validate_realm_cfg(struct kvm *kvm) { - if (!kvm->cfg.arch.is_realm) + if (!kvm->cfg.arch.is_realm) { + if (kvm->cfg.arch.measurement_algo) + die("--measurement-algo valid only with --realm"); return; + } if (kvm->cfg.arch.aarch32_guest) die("Realms supported only for 64bit guests"); + if (kvm->cfg.arch.measurement_algo) { + if (strcmp(kvm->cfg.arch.measurement_algo, "sha256") == 0) + kvm->arch.measurement_algo = KVM_CAP_ARM_RME_MEASUREMENT_ALGO_SHA256; + else if (strcmp(kvm->cfg.arch.measurement_algo, "sha512") == 0) + kvm->arch.measurement_algo = KVM_CAP_ARM_RME_MEASUREMENT_ALGO_SHA512; + else + die("unknown realm measurement algorithm"); + } else { + pr_debug("Realm Hash algorithm: Using default SHA256\n"); + kvm->arch.measurement_algo = KVM_CAP_ARM_RME_MEASUREMENT_ALGO_SHA256; + } + die("Realms not supported"); } diff --git a/arm/include/arm-common/kvm-arch.h b/arm/include/arm-common/kvm-arch.h index b2ae373c..68224b1c 100644 --- a/arm/include/arm-common/kvm-arch.h +++ b/arm/include/arm-common/kvm-arch.h @@ -113,6 +113,7 @@ struct kvm_arch { u64 dtb_guest_start; cpu_set_t *vcpu_affinity_cpuset; + u64 measurement_algo; }; #endif /* ARM_COMMON__KVM_ARCH_H */ diff --git a/arm/include/arm-common/kvm-config-arch.h b/arm/include/arm-common/kvm-config-arch.h index 5eb791da..a2faa3af 100644 --- a/arm/include/arm-common/kvm-config-arch.h +++ b/arm/include/arm-common/kvm-config-arch.h @@ -6,6 +6,7 @@ struct kvm_config_arch { const char *dump_dtb_filename; const char *vcpu_affinity; + const char *measurement_algo; unsigned int force_cntfrq; bool virtio_trans_pci; bool aarch32_guest;