From d2670e7b1909e9e525daafd6ffd3526538e9fcad Mon Sep 17 00:00:00 2001 From: Tyler Fanelli Date: Thu, 12 Dec 2024 00:14:43 -0500 Subject: [PATCH] amd-sev: Update sev dependency to 5.0.0 Signed-off-by: Tyler Fanelli --- Cargo.lock | 42 +++++++++++++++++++++++++-------- src/vmm/Cargo.toml | 4 ++-- src/vmm/src/linux/tee/amdsnp.rs | 28 ++++++++++------------ 3 files changed, 47 insertions(+), 27 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5d1d5e22..3c65b424 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -360,7 +360,7 @@ dependencies = [ "polly", "rand", "rutabaga_gfx", - "thiserror", + "thiserror 1.0.69", "utils", "virtio-bindings", "vm-memory", @@ -689,13 +689,15 @@ dependencies = [ [[package]] name = "kbs-types" -version = "0.8.0" +version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "21350cefefc9715198c3c5319a5eb23ce4cc89b4b567599fb88f0d4a011c1d2d" +checksum = "f7b7dad1b68c1fee4a7749f9163f4ac7c7f9cd21df3f6dcc5790f8978e12ccf1" dependencies = [ + "base64", "serde", "serde_json", "sev", + "thiserror 2.0.6", ] [[package]] @@ -1021,7 +1023,7 @@ dependencies = [ "nix 0.27.1", "once_cell", "pipewire-sys", - "thiserror", + "thiserror 1.0.69", ] [[package]] @@ -1138,7 +1140,7 @@ checksum = "ba009ff324d1fc1b900bd1fdb31564febe58a8ccc8a6fdbb93b543d33b13ca43" dependencies = [ "getrandom", "libredox", - "thiserror", + "thiserror 1.0.69", ] [[package]] @@ -1213,7 +1215,7 @@ dependencies = [ "nix 0.26.4", "pkg-config", "remain", - "thiserror", + "thiserror 1.0.69", "winapi", "zerocopy 0.6.6", ] @@ -1300,9 +1302,9 @@ dependencies = [ [[package]] name = "sev" -version = "4.0.0" +version = "5.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a97bd0b2e2d937951add10c8512a2dacc6ad29b39e5c5f26565a3e443329857d" +checksum = "b06afe5192a43814047ea0072f4935f830a1de3c8cb43b56c90ae6918468b94d" dependencies = [ "base64", "bincode", @@ -1413,7 +1415,16 @@ version = "1.0.69" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52" dependencies = [ - "thiserror-impl", + "thiserror-impl 1.0.69", +] + +[[package]] +name = "thiserror" +version = "2.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fec2a1820ebd077e2b90c4df007bebf344cd394098a13c563957d0afc83ea47" +dependencies = [ + "thiserror-impl 2.0.6", ] [[package]] @@ -1427,6 +1438,17 @@ dependencies = [ "syn", ] +[[package]] +name = "thiserror-impl" +version = "2.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d65750cab40f4ff1929fb1ba509e9914eb756131cef4210da8d5d700d26f6312" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "tokio" version = "1.41.1" @@ -1571,7 +1593,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f1720e7240cdc739f935456eb77f370d7e9b2a3909204da1e2b47bef1137a013" dependencies = [ "libc", - "thiserror", + "thiserror 1.0.69", "winapi", ] diff --git a/src/vmm/Cargo.toml b/src/vmm/Cargo.toml index 25ed38d7..ab7e4be0 100644 --- a/src/vmm/Cargo.toml +++ b/src/vmm/Cargo.toml @@ -28,12 +28,12 @@ polly = { path = "../polly" } # Dependencies for amd-sev codicon = { version = "3.0.0", optional = true } -kbs-types = { version = "0.8.0", features = ["tee-sev", "tee-snp"], optional = true } +kbs-types = { version = "0.9.2", features = ["tee-sev", "tee-snp"], optional = true } procfs = { version = "0.12", optional = true } rdrand = { version = "^0.8", optional = true } serde = { version = "1.0.125", optional = true } serde_json = { version = "1.0.64", optional = true } -sev = { version = "4.0.0", features = ["openssl"], optional = true } +sev = { version = "5.0.0", features = ["openssl"], optional = true } curl = { version = "0.4", optional = true } nix = "0.24.1" diff --git a/src/vmm/src/linux/tee/amdsnp.rs b/src/vmm/src/linux/tee/amdsnp.rs index 91a255aa..e0d99e92 100644 --- a/src/vmm/src/linux/tee/amdsnp.rs +++ b/src/vmm/src/linux/tee/amdsnp.rs @@ -6,8 +6,11 @@ use std::{ use crate::vstate::MeasuredRegion; use arch::x86_64::layout::*; -use sev::firmware::{guest::GuestPolicy, host::Firmware}; use sev::launch::snp::*; +use sev::{ + error::FirmwareError as SevFirmwareError, + firmware::{guest::GuestPolicy, host::Firmware}, +}; use kvm_bindings::{ kvm_create_guest_memfd, kvm_userspace_memory_region2, CpuId, KVM_CPUID_FLAG_SIGNIFCANT_INDEX, @@ -22,12 +25,12 @@ use vm_memory::{ pub enum Error { CpuIdWrite, CpuIdFull, - CreateLauncher(std::io::Error), + CreateLauncher(SevFirmwareError), GuestMemoryWrite(vm_memory::GuestMemoryError), GuestMemoryRead(vm_memory::GuestMemoryError), - LaunchStart(std::io::Error), - LaunchUpdate(std::io::Error), - LaunchFinish(std::io::Error), + LaunchStart(SevFirmwareError), + LaunchUpdate(SevFirmwareError), + LaunchFinish(SevFirmwareError), MemoryEncryptRegion, OpenFirmware(std::io::Error), } @@ -130,7 +133,7 @@ impl AmdSnp { let mut policy = GuestPolicy(0); policy.set_smt_allowed(1); - let start = Start::new(None, policy, false, [0; 16]); + let start = Start::new(policy, [0; 16]); let launcher = launcher.start(start).map_err(Error::LaunchStart)?; @@ -304,7 +307,6 @@ impl AmdSnp { launcher: &mut Launcher, page_type: PageType, ) -> Result<(), Error> { - let dp = VmplPerms::empty(); let ga = GuestAddress(region.guest_addr); /* @@ -319,15 +321,11 @@ impl AmdSnp { let ptr = bytes.ptr_guard().as_ptr(); let slice: &[u8] = unsafe { slice::from_raw_parts(ptr, region.size) }; - let update = Update::new( - region.guest_addr >> 12, - slice, - false, - page_type, - (dp, dp, dp), - ); + let update = Update::new(region.guest_addr >> 12, slice, page_type); - launcher.update_data(update).map_err(Error::LaunchUpdate) + launcher + .update_data(update, ga.0, region.size.try_into().unwrap()) + .map_err(Error::LaunchUpdate) } pub fn vm_measure(