From ce1e1752a511bd9656f2e41d2f5ed8f799a44942 Mon Sep 17 00:00:00 2001 From: Wojciech Ozga Date: Thu, 5 Sep 2024 04:23:45 -0500 Subject: [PATCH 1/3] Adjusted to proper CoVE naming of the SBI extension Signed-off-by: Wojciech Ozga --- .../src/confidential_flow/declassify_to_confidential_vm.rs | 2 +- .../src/non_confidential_flow/finite_state_machine.rs | 2 +- .../destroy_confidential_vm.rs | 0 .../get_security_monitor_info.rs | 0 .../{cove_hypervisor_extension => cove_host_extension}/mod.rs | 0 .../promote_to_confidential_vm.rs | 0 .../run_confidential_hart.rs | 0 security-monitor/src/non_confidential_flow/handlers/mod.rs | 2 +- 8 files changed, 3 insertions(+), 3 deletions(-) rename security-monitor/src/non_confidential_flow/handlers/{cove_hypervisor_extension => cove_host_extension}/destroy_confidential_vm.rs (100%) rename security-monitor/src/non_confidential_flow/handlers/{cove_hypervisor_extension => cove_host_extension}/get_security_monitor_info.rs (100%) rename security-monitor/src/non_confidential_flow/handlers/{cove_hypervisor_extension => cove_host_extension}/mod.rs (100%) rename security-monitor/src/non_confidential_flow/handlers/{cove_hypervisor_extension => cove_host_extension}/promote_to_confidential_vm.rs (100%) rename security-monitor/src/non_confidential_flow/handlers/{cove_hypervisor_extension => cove_host_extension}/run_confidential_hart.rs (100%) diff --git a/security-monitor/src/confidential_flow/declassify_to_confidential_vm.rs b/security-monitor/src/confidential_flow/declassify_to_confidential_vm.rs index cc7384a5..37c38e06 100644 --- a/security-monitor/src/confidential_flow/declassify_to_confidential_vm.rs +++ b/security-monitor/src/confidential_flow/declassify_to_confidential_vm.rs @@ -3,7 +3,7 @@ // SPDX-License-Identifier: Apache-2.0 use crate::confidential_flow::handlers::mmio::{MmioLoadResponse, MmioStoreResponse}; use crate::confidential_flow::handlers::sbi::SbiResponse; -use crate::non_confidential_flow::handlers::cove_hypervisor_extension::RunConfidentialHart; +use crate::non_confidential_flow::handlers::cove_host_extension::RunConfidentialHart; /// Declassifiers that expose part of the hypervisor's state to a confidential VM's hart. pub enum DeclassifyToConfidentialVm { diff --git a/security-monitor/src/non_confidential_flow/finite_state_machine.rs b/security-monitor/src/non_confidential_flow/finite_state_machine.rs index 9a1fef90..572d8bb3 100644 --- a/security-monitor/src/non_confidential_flow/finite_state_machine.rs +++ b/security-monitor/src/non_confidential_flow/finite_state_machine.rs @@ -11,7 +11,7 @@ use crate::core::architecture::TrapCause; use crate::core::architecture::TrapCause::*; use crate::core::control_data::{ConfidentialVmId, HardwareHart, HypervisorHart}; use crate::error::Error; -use crate::non_confidential_flow::handlers::cove_hypervisor_extension::{ +use crate::non_confidential_flow::handlers::cove_host_extension::{ DestroyConfidentialVm, GetSecurityMonitorInfo, PromoteToConfidentialVm, RunConfidentialHart, }; use crate::non_confidential_flow::handlers::nested_acceleration_extension::{NaclProbeFeature, NaclSetupSharedMemory}; diff --git a/security-monitor/src/non_confidential_flow/handlers/cove_hypervisor_extension/destroy_confidential_vm.rs b/security-monitor/src/non_confidential_flow/handlers/cove_host_extension/destroy_confidential_vm.rs similarity index 100% rename from security-monitor/src/non_confidential_flow/handlers/cove_hypervisor_extension/destroy_confidential_vm.rs rename to security-monitor/src/non_confidential_flow/handlers/cove_host_extension/destroy_confidential_vm.rs diff --git a/security-monitor/src/non_confidential_flow/handlers/cove_hypervisor_extension/get_security_monitor_info.rs b/security-monitor/src/non_confidential_flow/handlers/cove_host_extension/get_security_monitor_info.rs similarity index 100% rename from security-monitor/src/non_confidential_flow/handlers/cove_hypervisor_extension/get_security_monitor_info.rs rename to security-monitor/src/non_confidential_flow/handlers/cove_host_extension/get_security_monitor_info.rs diff --git a/security-monitor/src/non_confidential_flow/handlers/cove_hypervisor_extension/mod.rs b/security-monitor/src/non_confidential_flow/handlers/cove_host_extension/mod.rs similarity index 100% rename from security-monitor/src/non_confidential_flow/handlers/cove_hypervisor_extension/mod.rs rename to security-monitor/src/non_confidential_flow/handlers/cove_host_extension/mod.rs diff --git a/security-monitor/src/non_confidential_flow/handlers/cove_hypervisor_extension/promote_to_confidential_vm.rs b/security-monitor/src/non_confidential_flow/handlers/cove_host_extension/promote_to_confidential_vm.rs similarity index 100% rename from security-monitor/src/non_confidential_flow/handlers/cove_hypervisor_extension/promote_to_confidential_vm.rs rename to security-monitor/src/non_confidential_flow/handlers/cove_host_extension/promote_to_confidential_vm.rs diff --git a/security-monitor/src/non_confidential_flow/handlers/cove_hypervisor_extension/run_confidential_hart.rs b/security-monitor/src/non_confidential_flow/handlers/cove_host_extension/run_confidential_hart.rs similarity index 100% rename from security-monitor/src/non_confidential_flow/handlers/cove_hypervisor_extension/run_confidential_hart.rs rename to security-monitor/src/non_confidential_flow/handlers/cove_host_extension/run_confidential_hart.rs diff --git a/security-monitor/src/non_confidential_flow/handlers/mod.rs b/security-monitor/src/non_confidential_flow/handlers/mod.rs index 388ca6de..ac562078 100644 --- a/security-monitor/src/non_confidential_flow/handlers/mod.rs +++ b/security-monitor/src/non_confidential_flow/handlers/mod.rs @@ -1,7 +1,7 @@ // SPDX-FileCopyrightText: 2023 IBM Corporation // SPDX-FileContributor: Wojciech Ozga , IBM Research - Zurich // SPDX-License-Identifier: Apache-2.0 -pub mod cove_hypervisor_extension; +pub mod cove_host_extension; pub mod nested_acceleration_extension; pub mod opensbi; pub mod supervisor_binary_interface; From 21b1351833cc2386854ef5ac64fb87a2224ecdbe Mon Sep 17 00:00:00 2001 From: Wojciech Ozga Date: Thu, 5 Sep 2024 05:35:04 -0500 Subject: [PATCH 2/3] Adjusting COVH structures to the newest CoVE spec Signed-off-by: Wojciech Ozga --- .../architecture/riscv/sbi/covh_extension.rs | 28 +++++++++++-------- .../get_security_monitor_info.rs | 18 ++++++------ 2 files changed, 27 insertions(+), 19 deletions(-) diff --git a/security-monitor/src/core/architecture/riscv/sbi/covh_extension.rs b/security-monitor/src/core/architecture/riscv/sbi/covh_extension.rs index 6ea690ad..2c40fc3e 100644 --- a/security-monitor/src/core/architecture/riscv/sbi/covh_extension.rs +++ b/security-monitor/src/core/architecture/riscv/sbi/covh_extension.rs @@ -47,21 +47,27 @@ impl CovhExtension { } } -/// State of the security monitor communicated to the hypervisor. This structure is defined in CoVE specification. -#[repr(u32)] -pub enum SecurityMonitorState { - NotLoaded = 0, - Loaded = 1, - Ready = 2, -} - /// Information written by the security monitor to the hypervisor memory, representing the state of the security monitor. This structure is /// defined in CoVE specification. #[repr(C)] -pub struct SecurityMonitorInfo { - pub security_monitor_state: SecurityMonitorState, - pub security_monitor_version: u32, +pub struct TsmInfo { + pub tsm_state: u32, + pub tsm_impl_id: u32, + pub tsm_version: u32, + pub tsm_capabilities: u64, pub state_pages: u64, pub max_vcpus: u64, pub vcpu_state_pages: u64, } + +impl TsmInfo { + pub const COVE_TSM_STATE_NOT_LOADED: u32 = 0; + pub const COVE_TSM_STATE_LOADED: u32 = 1; + pub const COVE_TSM_STATE_READY: u32 = 2; + pub const COVE_TSM_IMPL_ACE: u32 = 2; + pub const COVE_TSM_CAP_ATTESTATION_LOCAL_MASK: u64 = 1 << 1; + pub const COVE_TSM_CAP_ATTESTATION_REMOTE_MASK: u64 = 1 << 2; + pub const COVE_TSM_CAP_AIA_MASK: u64 = 1 << 3; + pub const COVE_TSM_CAP_MRIF_MASK: u64 = 1 << 4; + pub const COVE_TSM_CAP_MEMORY_ALLOCATION_MASK: u64 = 1 << 5; +} diff --git a/security-monitor/src/non_confidential_flow/handlers/cove_host_extension/get_security_monitor_info.rs b/security-monitor/src/non_confidential_flow/handlers/cove_host_extension/get_security_monitor_info.rs index 38ade5fa..d0571428 100644 --- a/security-monitor/src/non_confidential_flow/handlers/cove_host_extension/get_security_monitor_info.rs +++ b/security-monitor/src/non_confidential_flow/handlers/cove_host_extension/get_security_monitor_info.rs @@ -1,7 +1,7 @@ // SPDX-FileCopyrightText: 2023 IBM Corporation // SPDX-FileContributor: Wojciech Ozga , IBM Research - Zurich // SPDX-License-Identifier: Apache-2.0 -use crate::core::architecture::riscv::sbi::{SecurityMonitorInfo, SecurityMonitorState}; +use crate::core::architecture::riscv::sbi::TsmInfo; use crate::core::architecture::GeneralPurposeRegister; use crate::core::control_data::{ConfidentialVm, HypervisorHart}; use crate::core::memory_layout::NonConfidentialMemoryAddress; @@ -37,22 +37,24 @@ impl GetSecurityMonitorInfo { } fn fill_tsm_info_state(&self) -> Result { - let info = SecurityMonitorInfo { - security_monitor_state: SecurityMonitorState::Ready, - security_monitor_version: self.get_version(), + let info = TsmInfo { + tsm_state: TsmInfo::COVE_TSM_STATE_READY, + tsm_impl_id: TsmInfo::COVE_TSM_IMPL_ACE, + tsm_version: self.get_version(), + tsm_capabilities: TsmInfo::COVE_TSM_CAP_ATTESTATION_LOCAL_MASK, state_pages: 0, max_vcpus: u64::try_from(ConfidentialVm::MAX_NUMBER_OF_HARTS_PER_VM).unwrap_or(0), vcpu_state_pages: 0, }; // Check that the input arguments define a memory region in non-confidential memory that is large enough to store the - // `SecurityMonitorInfo` structure. + // `TsmInfo` structure. let ptr = NonConfidentialMemoryAddress::new(self.tsm_info_address as *mut usize)?; NonConfidentialMemoryAddress::new((self.tsm_info_address + self.tsm_info_len) as *mut usize)?; - ensure!(self.tsm_info_len >= core::mem::size_of::(), Error::InvalidParameter())?; + ensure!(self.tsm_info_len >= core::mem::size_of::(), Error::InvalidParameter())?; // below unsafe operation is ok because pointer is a valid address in non-confidential memory, and we have enough space to write the // reponse. - unsafe { (ptr.as_ptr() as *mut SecurityMonitorInfo).write(info) }; - Ok(core::mem::size_of::()) + unsafe { (ptr.as_ptr() as *mut TsmInfo).write(info) }; + Ok(core::mem::size_of::()) } fn get_version(&self) -> u32 { From c1cacfacef94df67a62e7abbfff533b21457223a Mon Sep 17 00:00:00 2001 From: Wojciech Ozga Date: Thu, 5 Sep 2024 08:24:19 -0500 Subject: [PATCH 3/3] Added missing capability to allow for promote to tvm calls Signed-off-by: Wojciech Ozga --- .../src/core/architecture/riscv/sbi/covh_extension.rs | 1 + .../handlers/cove_host_extension/get_security_monitor_info.rs | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/security-monitor/src/core/architecture/riscv/sbi/covh_extension.rs b/security-monitor/src/core/architecture/riscv/sbi/covh_extension.rs index 2c40fc3e..6d4a008e 100644 --- a/security-monitor/src/core/architecture/riscv/sbi/covh_extension.rs +++ b/security-monitor/src/core/architecture/riscv/sbi/covh_extension.rs @@ -65,6 +65,7 @@ impl TsmInfo { pub const COVE_TSM_STATE_LOADED: u32 = 1; pub const COVE_TSM_STATE_READY: u32 = 2; pub const COVE_TSM_IMPL_ACE: u32 = 2; + pub const COVE_TSM_CAP_PROMOTE_TVM: u64 = 1 << 0; pub const COVE_TSM_CAP_ATTESTATION_LOCAL_MASK: u64 = 1 << 1; pub const COVE_TSM_CAP_ATTESTATION_REMOTE_MASK: u64 = 1 << 2; pub const COVE_TSM_CAP_AIA_MASK: u64 = 1 << 3; diff --git a/security-monitor/src/non_confidential_flow/handlers/cove_host_extension/get_security_monitor_info.rs b/security-monitor/src/non_confidential_flow/handlers/cove_host_extension/get_security_monitor_info.rs index d0571428..c8e92e5a 100644 --- a/security-monitor/src/non_confidential_flow/handlers/cove_host_extension/get_security_monitor_info.rs +++ b/security-monitor/src/non_confidential_flow/handlers/cove_host_extension/get_security_monitor_info.rs @@ -41,7 +41,7 @@ impl GetSecurityMonitorInfo { tsm_state: TsmInfo::COVE_TSM_STATE_READY, tsm_impl_id: TsmInfo::COVE_TSM_IMPL_ACE, tsm_version: self.get_version(), - tsm_capabilities: TsmInfo::COVE_TSM_CAP_ATTESTATION_LOCAL_MASK, + tsm_capabilities: TsmInfo::COVE_TSM_CAP_PROMOTE_TVM | TsmInfo::COVE_TSM_CAP_ATTESTATION_LOCAL_MASK, state_pages: 0, max_vcpus: u64::try_from(ConfidentialVm::MAX_NUMBER_OF_HARTS_PER_VM).unwrap_or(0), vcpu_state_pages: 0,