From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83F96C77B73 for ; Wed, 19 Apr 2023 22:24:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1A06C900033; Wed, 19 Apr 2023 18:24:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 151B8900002; Wed, 19 Apr 2023 18:24:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F3385900033; Wed, 19 Apr 2023 18:24:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id E2E45900002 for ; Wed, 19 Apr 2023 18:24:12 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id A7AF61A0121 for ; Wed, 19 Apr 2023 22:24:12 +0000 (UTC) X-FDA: 80699569944.14.269E2F9 Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by imf22.hostedemail.com (Postfix) with ESMTP id DA6B9C0018 for ; Wed, 19 Apr 2023 22:24:10 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=rivosinc-com.20221208.gappssmtp.com header.s=20221208 header.b=CdFLGUbJ; spf=pass (imf22.hostedemail.com: domain of atishp@rivosinc.com designates 209.85.210.169 as permitted sender) smtp.mailfrom=atishp@rivosinc.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1681943050; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=DqxJzuQg4YHoKMLWmjQ5z9IqDd25T8M3gtHVASWlMsA=; b=iQqx9CFq35Z7S0GweUf03igD5xvkvVu/h/OgqdG6Hva4WxDygZtDp0kHEXhRq6m6XrJJLx k0WBynlGw/xaGm4EBfDcejS+5wPGumirv6adV+zR42ZPPDggAvNZ7xRWnv1AtK4EPJjDmD JF6DKwDjRSjG7lyww5/J9YByG7gNxXA= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=rivosinc-com.20221208.gappssmtp.com header.s=20221208 header.b=CdFLGUbJ; spf=pass (imf22.hostedemail.com: domain of atishp@rivosinc.com designates 209.85.210.169 as permitted sender) smtp.mailfrom=atishp@rivosinc.com; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681943050; a=rsa-sha256; cv=none; b=YSAN50/WYneH2VSCiGYdmxYhEhRApgsmn7k+bWLwMwvYHJfCRuihK3com+LNzwhd4EDviK njFw1+mgLDvcwZGWbzajJZ+Rq4kUjfVvrroJZ5AobPjAy8HPX75LK8aOL4ikQFvtwa++MS LD/W9KtPdcGXRrJfMB2fNelIV1mbetY= Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-63b64a32fd2so482784b3a.2 for ; Wed, 19 Apr 2023 15:24:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20221208.gappssmtp.com; s=20221208; t=1681943050; x=1684535050; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DqxJzuQg4YHoKMLWmjQ5z9IqDd25T8M3gtHVASWlMsA=; b=CdFLGUbJVpNnlbN6H0RysN3QwK8Q22dGILzUyKn1eed3BCAW6+MEMsBRDq2/F3MfEN 8F/42PROs9h1k2Q7VrH4EPO6wp5xxtsziRkW162nuTlbeuaKnWv/CAiPccnTCWWIYPQk oJLjTPMoTHn4eG+8ibMKGv7GyStv5zxs81LmeyyaemazO9r8w0RuVqYmdLVQ/35zsHF4 Epuj0d4WbFCdWHPxERyyC/wFKBbzXDxx2K1QzNu3em+Y/D7eT+3ZwnJpBriORGuqa1bG mG11CSzZymcMK9J81Dm4lnZ1qJfC6fNYaISOIHAhx4fE/+Qh3aPrGDxSYFrQFc63TMHE cEug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681943050; x=1684535050; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DqxJzuQg4YHoKMLWmjQ5z9IqDd25T8M3gtHVASWlMsA=; b=V6ZIZD8cLOTQA+tzTil1QHVcb4eY3vYjUlb2WHrDZmfxT4HSar2uN7FCPJjh6ghkon eQMt2gizplD1JrRKT1Dd7Rf6U32CXC7635tQBdKQn5TI5HSKaDn2uq5bPjChsy0m2gga Wy2mOSS+GZpK08msjnGiX6XVQjWV8nP534qRRmhaNq69Uf6EtwOWUr4AWfAy5AMSb2mK 4nI6OTnpXEq8k4jwQR+TveYHxEIEy3ZNV/TomXlkOWhKBtHgFNyhnV8Yy+2I5pel7/28 lTVMm+cHMHo8M/EgYlcNTllzfbdHmZtkzEf8+yUQBEb+zerOXfKnYfuGLNfajHmHg8Z7 gIUw== X-Gm-Message-State: AAQBX9ewzuIbs5aBDpsCAag0SfcyzNqFJn3na/wQiEVp2DxYmsLETgjJ g0Ieo1BCisxHpXsrgje08y5lbw== X-Google-Smtp-Source: AKy350Y1oJzpFyEWrofUoiBPrqInLwUP0IdbCjWNBlR0+a+fpEuwpi5wATQkdQOE2P7s+B2OF642XA== X-Received: by 2002:a17:902:db08:b0:1a6:8405:f709 with SMTP id m8-20020a170902db0800b001a68405f709mr8145477plx.20.1681943049834; Wed, 19 Apr 2023 15:24:09 -0700 (PDT) Received: from atishp.ba.rivosinc.com ([66.220.2.162]) by smtp.gmail.com with ESMTPSA id e4-20020a170902744400b001a681fb3e77sm11867810plt.44.2023.04.19.15.24.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 19 Apr 2023 15:24:09 -0700 (PDT) From: Atish Patra To: linux-kernel@vger.kernel.org Cc: Atish Patra , Alexandre Ghiti , Andrew Jones , Andrew Morton , Anup Patel , Atish Patra , Suzuki K Poulose , Will Deacon , Marc Zyngier , Sean Christopherson , linux-coco@lists.linux.dev, Dylan Reid , abrestic@rivosinc.com, Samuel Ortiz , Jiri Slaby , kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, Palmer Dabbelt , Paolo Bonzini , Rajnesh Kanwal , Uladzislau Rezki Subject: [RFC kvmtool 04/10] riscv: Invoke measure region for VM images Date: Wed, 19 Apr 2023 15:23:44 -0700 Message-Id: <20230419222350.3604274-5-atishp@rivosinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230419222350.3604274-1-atishp@rivosinc.com> References: <20230419222350.3604274-1-atishp@rivosinc.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: DA6B9C0018 X-Stat-Signature: 57y5wb7ii1h4o1fu7x81fnzfmne6q7fo X-HE-Tag: 1681943050-888709 X-HE-Meta: U2FsdGVkX19Eu7j/1C6X+mvJWUW5nSjF9Mtg88Ln6ZZr2nMWJ3g1+FLHsZ2ZCVL61M1pyxKrcUDwVIHfNBMiVWB5ftlnpKTBRtcJ4bsM9itEF5EjEHP1VVEW0E6T7WMRU6Ty8FjXa28SPz+KLPR2v1VExEuQBqProR23PvgrcbXkcx7eXt6o2Ah1sYYW2sKgX6Poi3Ks+SOy4Ogv+KMDmuxbxn5Zbt/Vo85B2+X8qhyzawCjOWDRaDUe8NikF7HVEQNdfgCSdfXo6PjgKaiH9l/Fp8HR9j1kEZyBAkeTT6TIrO0m7/FXWZfonUwz/HS1N63QPuSE+XxgoAF8zmQ7Plf4wcRaW/5XMsEEgFvChTkd4Jf6eRqd8dDL+CorEfBD/eBetM4He+eXjwq0YVST2RhVwIgrshXww+33PKNEEKVaiWPWpoopVT5a3qlbz3iaMD2JJZbF0WpZjRBuE2xX5p3OCnD800lnWdgJnt0tqV39SwX61vhr4yKGu+Ndu/DsBywnkL8KeL0+w7qmYoUOe8hXrT20VPo+PGReiTMs44dDpgk/JeZJSCUTAgSjyYBc0eWzoiNZ71NIT3OigTmE+8guJXPnpjWDUpMt6NtcttF2aOz1cY8ECUJ2w15COlZDrzka4Xioc4bHLDOBdM7KBrR0QhbC0ojOV0umZQB+BMUr/6eLY2iDl9bdun1DCR/qHNRgt6b3eYxzLRzcPBF4LKHUfAsML1Hd+oKySXx+7gOXEcq7duluXENTKIJNW1X0gXDS/+11IZ6Rv0GhKCcfS3hB50gA8DOoJn3bGzWFLBD051+RA24Uxpp1IAm22/rc+TmQlWNJCHAYOgbcHWbo4OxrOa/mChkjapy0ulamCJY7o2hsV4FNfbk2z60iBAYmk4JaLC3C5KwelKzAuQJGj2K5zAqchJMGLLCsZeeH09kDFbtaGiiMJvU6HCXu8gbs7K6WKwQJaIceKaaMxoR d66g/3yt 8nV3CXCvBwJTmiQwAZqMuDBZCl1TQxlXP7M6HP1S8wxKISgYVw7vR9/vcM6oyJ0x8wA8S6N+kpfoltqzB9ATVbfMzg7b5qyOATumEI4gm+pQcPLMx+yqWtUXU8DXvcd+DJiFOH5xcR+EKaBNRDFeMBTRChrZV4ADg2ocfdms8ylXQjedmAb3rFh+s4L2PgkI+EC29umL9ZHRxsuCtpvFLv+OBcM45uNpFRKonHAPP1Py+qzH6WfPZUxHU0+S07MyYH8gtoivAg3p757ovfcIBau41o5f2yTcN4LtgIOBvdV4c1M51afGNmKeGkHg1P+GMXLqBfVBWQZXnrXWTflzpqwlINRD00jlBV1H0ZeQz8AKc4mUglpsgRTYoB3EI4b8xEfPycvwm9uIQVS3OKod5EDAILmnSbc+r9P+7sszw8tIAp7Lie4VC0BiV4x6BFSqEE6EtdNS3wGII4bDnHpYfowWWSQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The DT, initrd and kernel images needs to be measured before a CoVE VM can be started to validate its authenticity. Hookup the measure region API for these three components. Signed-off-by: Atish Patra --- riscv/fdt.c | 3 +++ riscv/kvm.c | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/riscv/fdt.c b/riscv/fdt.c index 61a28bb..07ec336 100644 --- a/riscv/fdt.c +++ b/riscv/fdt.c @@ -254,6 +254,9 @@ static int setup_fdt(struct kvm *kvm) if (kvm->cfg.arch.dump_dtb_filename) dump_fdt(kvm->cfg.arch.dump_dtb_filename, fdt_dest); + + kvm_cove_measure_region(kvm, (unsigned long)fdt_dest, + kvm->arch.dtb_guest_start, FDT_MAX_SIZE); return 0; } late_init(setup_fdt); diff --git a/riscv/kvm.c b/riscv/kvm.c index 99b253e..d59e8bc 100644 --- a/riscv/kvm.c +++ b/riscv/kvm.c @@ -148,6 +148,8 @@ bool kvm__arch_load_kernel_image(struct kvm *kvm, int fd_kernel, int fd_initrd, pr_debug("Loaded kernel to 0x%llx (%zd bytes)", kvm->arch.kern_guest_start, file_size); + kvm_cove_measure_region(kvm, (unsigned long)pos, kvm->arch.kern_guest_start, + file_size); /* Place FDT just after kernel at FDT_ALIGN address */ pos = kernel_end + FDT_ALIGN; guest_addr = ALIGN(host_to_guest_flat(kvm, pos), FDT_ALIGN); @@ -188,6 +190,8 @@ bool kvm__arch_load_kernel_image(struct kvm *kvm, int fd_kernel, int fd_initrd, pr_debug("Loaded initrd to 0x%llx (%llu bytes)", kvm->arch.initrd_guest_start, kvm->arch.initrd_size); + kvm_cove_measure_region(kvm, (unsigned long)pos, initrd_start, + file_size); } else { kvm->arch.initrd_size = 0; } -- 2.25.1