github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-06-20 20:53:46 +00:00
Code Issues Projects Releases Wiki Activity

trusty: add key_info for trusty bring-up

Browse Source 
For trusty bring-up, key_info is needed.
Currently, bootloader did not transfer key_info to hypervisor.
So in this patch, use dummy key_info temporarily.

Derive vSeed from dSeed before trusty startup, the vSeed will
bind with UUID of each VM.

Remove key_info from sworld_control structure.

Signed-off-by: Qi Yadong <yadong.qi@intel.com>
This commit is contained in:
Qi Yadong 2018-03-27 17:28:51 +08:00 committed by Jack Ren
parent b124e0da28
commit 922daae198
3 changed files with 42 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hypervisor/Makefile
View File

@ -60,6 +60,7 @@ ARCH_LDSCRIPT_IN = bsp/ld/link_ram.ld.in
INCLUDE_PATH += include INCLUDE_PATH += include
INCLUDE_PATH += include/lib INCLUDE_PATH += include/lib
INCLUDE_PATH += include/lib/crypto
INCLUDE_PATH += include/common INCLUDE_PATH += include/common
INCLUDE_PATH += include/arch/x86 INCLUDE_PATH += include/arch/x86
INCLUDE_PATH += include/arch/x86/guest INCLUDE_PATH += include/arch/x86/guest

49
hypervisor/arch/x86/trusty.c
View File

@ -33,6 +33,7 @@
#include <hv_arch.h> #include <hv_arch.h>
#include <acrn_hv_defs.h> #include <acrn_hv_defs.h>
#include <hv_debug.h> #include <hv_debug.h>
#include <hkdf.h>
_Static_assert(NR_WORLD == 2, "Only 2 Worlds supported!"); _Static_assert(NR_WORLD == 2, "Only 2 Worlds supported!");
@ -67,6 +68,13 @@ struct trusty_mem {
uint8_t left_mem[0]; uint8_t left_mem[0];
}; };
static struct key_info g_key_info = {
.size_of_this_struct = sizeof(g_key_info),
.version = 0,
.platform = 3,
.num_seeds = 1
};
_Static_assert(sizeof(struct trusty_startup_param) _Static_assert(sizeof(struct trusty_startup_param)
+ sizeof(struct key_info) < 0x1000, + sizeof(struct key_info) < 0x1000,
"trusty_startup_param + key_info > 1Page size(4KB)!"); "trusty_startup_param + key_info > 1Page size(4KB)!");
@ -275,15 +283,36 @@ void switch_world(struct vcpu *vcpu, int next_world)
/* Put key_info and trusty_startup_param in the first Page of Trusty /* Put key_info and trusty_startup_param in the first Page of Trusty
* runtime memory * runtime memory
*/ */
static void setup_trusty_info(struct vcpu *vcpu, static bool setup_trusty_info(struct vcpu *vcpu,
uint32_t mem_size, uint64_t mem_base_hpa) uint32_t mem_size, uint64_t mem_base_hpa)
{ {
uint32_t i;
struct trusty_mem *mem; struct trusty_mem *mem;
mem = (struct trusty_mem *)(HPA2HVA(mem_base_hpa)); mem = (struct trusty_mem *)(HPA2HVA(mem_base_hpa));
/* TODO: prepare vkey_info */ /* TODO: prepare vkey_info */
/* copy key_info to the first page of trusty memory */
mem->first_page.key_info = g_key_info;
memset(mem->first_page.key_info.dseed_list, 0,
sizeof(mem->first_page.key_info.dseed_list));
/* Derive dvseed from dseed for Trusty */
for (i = 0; i < g_key_info.num_seeds; i++) {
if (!hkdf_sha256(mem->first_page.key_info.dseed_list[i].seed,
BUP_MKHI_BOOTLOADER_SEED_LEN,
g_key_info.dseed_list[i].seed,
BUP_MKHI_BOOTLOADER_SEED_LEN,
NULL, 0,
vcpu->vm->GUID, sizeof(vcpu->vm->GUID))) {
memset(&mem->first_page.key_info, 0,
sizeof(struct key_info));
pr_err("%s: derive dvseed failed!", __func__);
return false;
}
}
/* Prepare trusty startup info */ /* Prepare trusty startup info */
mem->first_page.startup_param.size_of_this_struct = mem->first_page.startup_param.size_of_this_struct =
sizeof(struct trusty_startup_param); sizeof(struct trusty_startup_param);
@ -297,6 +326,8 @@ static void setup_trusty_info(struct vcpu *vcpu,
*/ */
vcpu->arch_vcpu.contexts[SECURE_WORLD].guest_cpu_regs.regs.rdi vcpu->arch_vcpu.contexts[SECURE_WORLD].guest_cpu_regs.regs.rdi
= (uint64_t)TRUSTY_EPT_REBASE_GPA + sizeof(struct key_info); = (uint64_t)TRUSTY_EPT_REBASE_GPA + sizeof(struct key_info);
return true;
} }
/* Secure World will reuse environment of UOS_Loder since they are /* Secure World will reuse environment of UOS_Loder since they are
@ -304,7 +335,7 @@ static void setup_trusty_info(struct vcpu *vcpu,
* RIP, RSP and RDI are specified below, other GP registers are leaved * RIP, RSP and RDI are specified below, other GP registers are leaved
* as 0. * as 0.
*/ */
static void init_secure_world_env(struct vcpu *vcpu, static bool init_secure_world_env(struct vcpu *vcpu,
uint64_t entry_gpa, uint64_t entry_gpa,
uint64_t base_hpa, uint64_t base_hpa,
uint32_t size) uint32_t size)
@ -316,7 +347,7 @@ static void init_secure_world_env(struct vcpu *vcpu,
exec_vmwrite(VMX_GUEST_RSP, exec_vmwrite(VMX_GUEST_RSP,
TRUSTY_EPT_REBASE_GPA + size); TRUSTY_EPT_REBASE_GPA + size);
setup_trusty_info(vcpu, size, base_hpa); return setup_trusty_info(vcpu, size, base_hpa);
} }
bool initialize_trusty(struct vcpu *vcpu, uint64_t param) bool initialize_trusty(struct vcpu *vcpu, uint64_t param)
@ -363,12 +394,14 @@ bool initialize_trusty(struct vcpu *vcpu, uint64_t param)
save_world_ctx(&vcpu->arch_vcpu.contexts[NORMAL_WORLD]); save_world_ctx(&vcpu->arch_vcpu.contexts[NORMAL_WORLD]);
/* init secure world environment */ /* init secure world environment */
init_secure_world_env(vcpu, if (init_secure_world_env(vcpu,
trusty_entry_gpa - trusty_base_gpa + TRUSTY_EPT_REBASE_GPA, trusty_entry_gpa - trusty_base_gpa + TRUSTY_EPT_REBASE_GPA,
trusty_base_hpa, boot_param->mem_size); trusty_base_hpa, boot_param->mem_size)) {
/* switch to Secure World */ /* switch to Secure World */
vcpu->arch_vcpu.cur_context = SECURE_WORLD; vcpu->arch_vcpu.cur_context = SECURE_WORLD;
return true;
}
return true; return false;
} }

2
hypervisor/include/arch/x86/trusty.h
View File

@ -122,8 +122,6 @@ struct secure_world_memory {
struct secure_world_control { struct secure_world_control {
/* Whether secure world is enabled for current VM */ /* Whether secure world is enabled for current VM */
bool sworld_enabled; bool sworld_enabled;
/* key info structure */
struct key_info key_info;
/* Secure world memory structure */ /* Secure world memory structure */
struct secure_world_memory sworld_memory; struct secure_world_memory sworld_memory;
}; };