Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp920482rwr; Wed, 19 Apr 2023 15:29:45 -0700 (PDT) X-Google-Smtp-Source: AKy350bzy272FN83/EFCDvT6ibRAX5SY5lhTv658NKV+a+0IoiPumcs7RuH37yUTgdckm1x6dC/j X-Received: by 2002:a05:6a20:6a04:b0:ef:2389:66ca with SMTP id p4-20020a056a206a0400b000ef238966camr184129pzk.7.1681943384812; Wed, 19 Apr 2023 15:29:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681943384; cv=none; d=google.com; s=arc-20160816; b=f0ACjX6C0RalEZ8PzYFxdjRHc6ot/3lbcWgaDIfnvJrKxAw79IX7WOOtVD8tCm8NfC PbIBsi1Dc4P0UbOdAiJ6ZLcTqoYcqqiZ71o4DYw1t2xIesnGbARthVmnkxzh/5zFcJIF D0SMo22O//0G6tmLczQUWFYQrHizlWaLOP1AwM5VOLnC+o1m6ee8ImIVNlxWydqYzb9j Aj4e8TlQCp5RRaFtw34gwrG0k7OyBPNYbZzTtMRw3YqlLe5GIXElpNgJhhg2nN027wDp Y4NYmbnQPLfEDYSZt8T7C1R/j/bkOEzKgLRI4RC5rxHq8XnCCqsg5vjVBgz/iXRmXuMX ixeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=DqxJzuQg4YHoKMLWmjQ5z9IqDd25T8M3gtHVASWlMsA=; b=EQqxFeRRAkpvY7tB5wEYbF0CJ/WpEzeERco+uw3Wh74k0MCwCusw+sPS9mft5S3zlt ttcSGLcUm6wT5Ifinv+/lGISPI7vdcCVrkwi9Ycz3oK1LefX13tCcouDF2BAtrMJfVGq T0aDYedReXd5BFE1Nf2+PJzyV4jmTSr6tj8Zyk+wlwm6eSz8de4aK8px4iwPrUMfgsGP tzKRRfXmuTf29LL2wi2cg156bp7Cw+2HhzZAcB07lANIn4OCWYlD6kd5Qw0+xe5YQYuI uoIuL4w8SQ7R02xAHAMug3goR8LXMwZ1zB72e10X5Hn46iWrwlJUIrVr602J7egyxEUq +rkw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@rivosinc-com.20221208.gappssmtp.com header.s=20221208 header.b=CdFLGUbJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x31-20020a63171f000000b0051384f6edf2si16141035pgl.640.2023.04.19.15.29.28; Wed, 19 Apr 2023 15:29:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@rivosinc-com.20221208.gappssmtp.com header.s=20221208 header.b=CdFLGUbJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233603AbjDSW2a (ORCPT + 99 others); Wed, 19 Apr 2023 18:28:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48784 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233743AbjDSW2G (ORCPT ); Wed, 19 Apr 2023 18:28:06 -0400 Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C4A8BCC23 for ; Wed, 19 Apr 2023 15:26:31 -0700 (PDT) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-1a66b9bd7dfso5258405ad.2 for ; Wed, 19 Apr 2023 15:26:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20221208.gappssmtp.com; s=20221208; t=1681943050; x=1684535050; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DqxJzuQg4YHoKMLWmjQ5z9IqDd25T8M3gtHVASWlMsA=; b=CdFLGUbJVpNnlbN6H0RysN3QwK8Q22dGILzUyKn1eed3BCAW6+MEMsBRDq2/F3MfEN 8F/42PROs9h1k2Q7VrH4EPO6wp5xxtsziRkW162nuTlbeuaKnWv/CAiPccnTCWWIYPQk oJLjTPMoTHn4eG+8ibMKGv7GyStv5zxs81LmeyyaemazO9r8w0RuVqYmdLVQ/35zsHF4 Epuj0d4WbFCdWHPxERyyC/wFKBbzXDxx2K1QzNu3em+Y/D7eT+3ZwnJpBriORGuqa1bG mG11CSzZymcMK9J81Dm4lnZ1qJfC6fNYaISOIHAhx4fE/+Qh3aPrGDxSYFrQFc63TMHE cEug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681943050; x=1684535050; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DqxJzuQg4YHoKMLWmjQ5z9IqDd25T8M3gtHVASWlMsA=; b=XxT3LkhMh5joT4pqsE5N5pXV5rLC0qi18VoJxopSVtRiiASYtgCqDnsauEafjXscHU x+i/h/vXuRjZbOyOQZzQ9VULus4BKvgwmxtU7cUrWLTU7OiFrYBXE+sVjLRArtsGJxd/ kfMOFz8lpzCbbzwpDE/se+aH3c3AbCjPuEyE0SmU5OqqVDr0U/5b0EfownM2GO88Sjd1 nInvbpEcjH+ibsX6OtsIRB/qjgSckNWNPzKAqYsq4Kty96RJKAt/C1j6F0kZxy9TfuJB eH0QQ0NNFuYXT9cP7z2D06VuIUIO3OflOMnX/o0u1Rnn8qwYnG73jL4ZfA00JeFPWpQR /wkw== X-Gm-Message-State: AAQBX9cq/1hB7wfKc18JIGQyNX41Em2GhdYs1r3GXXg/jQ8F6tF82I6h OrQUlNJ8WnKsha1YwRjx1vGwn81H9v28DVN/db0= X-Received: by 2002:a17:902:db08:b0:1a6:8405:f709 with SMTP id m8-20020a170902db0800b001a68405f709mr8145477plx.20.1681943049834; Wed, 19 Apr 2023 15:24:09 -0700 (PDT) Received: from atishp.ba.rivosinc.com ([66.220.2.162]) by smtp.gmail.com with ESMTPSA id e4-20020a170902744400b001a681fb3e77sm11867810plt.44.2023.04.19.15.24.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 19 Apr 2023 15:24:09 -0700 (PDT) From: Atish Patra To: linux-kernel@vger.kernel.org Cc: Atish Patra , Alexandre Ghiti , Andrew Jones , Andrew Morton , Anup Patel , Atish Patra , Suzuki K Poulose , Will Deacon , Marc Zyngier , Sean Christopherson , linux-coco@lists.linux.dev, Dylan Reid , abrestic@rivosinc.com, Samuel Ortiz , Jiri Slaby , kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, Palmer Dabbelt , Paolo Bonzini , Rajnesh Kanwal , Uladzislau Rezki Subject: [RFC kvmtool 04/10] riscv: Invoke measure region for VM images Date: Wed, 19 Apr 2023 15:23:44 -0700 Message-Id: <20230419222350.3604274-5-atishp@rivosinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230419222350.3604274-1-atishp@rivosinc.com> References: <20230419222350.3604274-1-atishp@rivosinc.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The DT, initrd and kernel images needs to be measured before a CoVE VM can be started to validate its authenticity. Hookup the measure region API for these three components. Signed-off-by: Atish Patra --- riscv/fdt.c | 3 +++ riscv/kvm.c | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/riscv/fdt.c b/riscv/fdt.c index 61a28bb..07ec336 100644 --- a/riscv/fdt.c +++ b/riscv/fdt.c @@ -254,6 +254,9 @@ static int setup_fdt(struct kvm *kvm) if (kvm->cfg.arch.dump_dtb_filename) dump_fdt(kvm->cfg.arch.dump_dtb_filename, fdt_dest); + + kvm_cove_measure_region(kvm, (unsigned long)fdt_dest, + kvm->arch.dtb_guest_start, FDT_MAX_SIZE); return 0; } late_init(setup_fdt); diff --git a/riscv/kvm.c b/riscv/kvm.c index 99b253e..d59e8bc 100644 --- a/riscv/kvm.c +++ b/riscv/kvm.c @@ -148,6 +148,8 @@ bool kvm__arch_load_kernel_image(struct kvm *kvm, int fd_kernel, int fd_initrd, pr_debug("Loaded kernel to 0x%llx (%zd bytes)", kvm->arch.kern_guest_start, file_size); + kvm_cove_measure_region(kvm, (unsigned long)pos, kvm->arch.kern_guest_start, + file_size); /* Place FDT just after kernel at FDT_ALIGN address */ pos = kernel_end + FDT_ALIGN; guest_addr = ALIGN(host_to_guest_flat(kvm, pos), FDT_ALIGN); @@ -188,6 +190,8 @@ bool kvm__arch_load_kernel_image(struct kvm *kvm, int fd_kernel, int fd_initrd, pr_debug("Loaded initrd to 0x%llx (%llu bytes)", kvm->arch.initrd_guest_start, kvm->arch.initrd_size); + kvm_cove_measure_region(kvm, (unsigned long)pos, initrd_start, + file_size); } else { kvm->arch.initrd_size = 0; } -- 2.25.1