[RFC kvmtool 15/31] arm64: Add support for Realm Personalisation Value

From: Suzuki K Poulose
Date: Fri Jan 27 2023 - 07:20:31 EST


Add option to specify Realm personalisation value

Signed-off-by: Suzuki K Poulose <suzuki.poulose@xxxxxxx>
---
arm/aarch64/include/kvm/kvm-config-arch.h | 6 +++++-
arm/aarch64/kvm.c | 7 +++++++
arm/aarch64/realm.c | 23 +++++++++++++++++++++++
arm/include/arm-common/kvm-config-arch.h | 1 +
4 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/arm/aarch64/include/kvm/kvm-config-arch.h b/arm/aarch64/include/kvm/kvm-config-arch.h
index b93999b6..f2e659ad 100644
--- a/arm/aarch64/include/kvm/kvm-config-arch.h
+++ b/arm/aarch64/include/kvm/kvm-config-arch.h
@@ -26,7 +26,11 @@ int vcpu_affinity_parser(const struct option *opt, const char *arg, int unset);
"Create VM running in a realm using Arm RME"), \
OPT_STRING('\0', "measurement-algo", &(cfg)->measurement_algo, \
"sha256, sha512", \
- "Realm Measurement algorithm, default: sha256"),
+ "Realm Measurement algorithm, default: sha256"),\
+ OPT_STRING('\0', "realm-pv", &(cfg)->realm_pv, \
+ "personalisation value", \
+ "Personalisation Value (only) for Realm VMs"),
+

#include "arm-common/kvm-config-arch.h"

diff --git a/arm/aarch64/kvm.c b/arm/aarch64/kvm.c
index a5a98b2e..4798e359 100644
--- a/arm/aarch64/kvm.c
+++ b/arm/aarch64/kvm.c
@@ -56,6 +56,8 @@ static void validate_realm_cfg(struct kvm *kvm)
if (!kvm->cfg.arch.is_realm) {
if (kvm->cfg.arch.measurement_algo)
die("--measurement-algo valid only with --realm");
+ if (kvm->cfg.arch.realm_pv)
+ die("--realm-pv valid only with --realm");
return;
}

@@ -74,6 +76,11 @@ static void validate_realm_cfg(struct kvm *kvm)
kvm->arch.measurement_algo = KVM_CAP_ARM_RME_MEASUREMENT_ALGO_SHA256;
}

+ if (kvm->cfg.arch.realm_pv) {
+ if (strlen(kvm->cfg.arch.realm_pv) > KVM_CAP_ARM_RME_RPV_SIZE)
+ die("Invalid size for Realm Personalization Value\n");
+ }
+
die("Realms not supported");
}

diff --git a/arm/aarch64/realm.c b/arm/aarch64/realm.c
index 31543e55..2e0be982 100644
--- a/arm/aarch64/realm.c
+++ b/arm/aarch64/realm.c
@@ -20,9 +20,32 @@ static void realm_configure_hash_algo(struct kvm *kvm)
die_perror("KVM_CAP_RME(KVM_CAP_ARM_RME_CONFIG_REALM) hash_algo");
}

+static void realm_configure_rpv(struct kvm *kvm)
+{
+ struct kvm_cap_arm_rme_config_item rpv_cfg = {
+ .cfg = KVM_CAP_ARM_RME_CFG_RPV,
+ };
+
+ struct kvm_enable_cap rme_config = {
+ .cap = KVM_CAP_ARM_RME,
+ .args[0] = KVM_CAP_ARM_RME_CONFIG_REALM,
+ .args[1] = (u64)&rpv_cfg,
+ };
+
+ if (!kvm->cfg.arch.realm_pv)
+ return;
+
+ memset(&rpv_cfg.rpv, 0, sizeof(rpv_cfg.rpv));
+ memcpy(&rpv_cfg.rpv, kvm->cfg.arch.realm_pv, strlen(kvm->cfg.arch.realm_pv));
+
+ if (ioctl(kvm->vm_fd, KVM_ENABLE_CAP, &rme_config) < 0)
+ die_perror("KVM_CAP_RME(KVM_CAP_ARM_RME_CONFIG_REALM) RPV");
+}
+
static void realm_configure_parameters(struct kvm *kvm)
{
realm_configure_hash_algo(kvm);
+ realm_configure_rpv(kvm);
}

void kvm_arm_realm_create_realm_descriptor(struct kvm *kvm)
diff --git a/arm/include/arm-common/kvm-config-arch.h b/arm/include/arm-common/kvm-config-arch.h
index a2faa3af..80a3b18e 100644
--- a/arm/include/arm-common/kvm-config-arch.h
+++ b/arm/include/arm-common/kvm-config-arch.h
@@ -7,6 +7,7 @@ struct kvm_config_arch {
const char *dump_dtb_filename;
const char *vcpu_affinity;
const char *measurement_algo;
+ const char *realm_pv;
unsigned int force_cntfrq;
bool virtio_trans_pci;
bool aarch32_guest;
--
2.34.1