Merge pull request #365 from stefano-garzarella/fix-launch-measurement

joergroedel · web-flow · commit a247c827c4c6 · 2024-06-05T12:37:05.000+02:00
igvm tools: fix pre-calculated launch measurement with QEMU/KVM
diff --git a/igvmbuilder/src/cmd_options.rs b/igvmbuilder/src/cmd_options.rs
@@ -51,6 +51,14 @@ pub struct CmdOptions {
     /// Include NATIVE platform target
     #[arg(long, default_value_t = false)]
     pub native: bool,
+
+    /// Enable debug features (e.g. SNP debug_swap)
+    #[arg(short, long, default_value_t = false)]
+    pub debug: bool,
+
+    /// Extra SEV features to be enabled in the VMSA (multiple values can be provided separated by ',')
+    #[arg(long, value_delimiter = ',')]
+    pub sev_features: Vec<SevExtraFeatures>,
 }
 
 impl CmdOptions {
@@ -73,3 +81,12 @@ pub enum Hypervisor {
     /// Build an IGVM file compatible with Hyper-V
     HyperV,
 }
+
+#[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, ValueEnum, Debug)]
+pub enum SevExtraFeatures {
+    ReflectVc,
+    AlternateInjection,
+    DebugSwap,
+    PreventHostIBS,
+    SNPBTBIsolation,
+}
diff --git a/igvmbuilder/src/igvm_builder.rs b/igvmbuilder/src/igvm_builder.rs
@@ -347,6 +347,7 @@ impl IgvmBuilder {
                 self.gpa_map.vmsa.get_start(),
                 param_block.vtom,
                 SNP_COMPATIBILITY_MASK,
+                &self.options.sev_features,
             ));
         }
 
diff --git a/igvmbuilder/src/vmsa.rs b/igvmbuilder/src/vmsa.rs
@@ -11,6 +11,7 @@ use igvm::IgvmDirectiveHeader;
 use igvm_defs::IgvmNativeVpContextX64;
 use zerocopy::FromZeroes;
 
+use crate::cmd_options::SevExtraFeatures;
 use crate::stage2_stack::Stage2Stack;
 
 pub fn construct_start_context() -> Box<IgvmNativeVpContextX64> {
@@ -49,6 +50,7 @@ pub fn construct_vmsa(
     gpa_start: u64,
     vtom: u64,
     compatibility_mask: u32,
+    extra_features: &Vec<SevExtraFeatures>,
 ) -> IgvmDirectiveHeader {
     let mut vmsa_box = SevVmsa::new_box_zeroed();
     let vmsa = vmsa_box.as_mut();
@@ -115,7 +117,17 @@ pub fn construct_vmsa(
         vmsa.virtual_tom = vtom;
         features.set_vtom(true);
     }
-    features.set_debug_swap(true);
+
+    for extra_f in extra_features {
+        match extra_f {
+            SevExtraFeatures::ReflectVc => features.set_reflect_vc(true),
+            SevExtraFeatures::AlternateInjection => features.set_alternate_injection(true),
+            SevExtraFeatures::DebugSwap => features.set_debug_swap(true),
+            SevExtraFeatures::PreventHostIBS => features.set_prevent_host_ibs(true),
+            SevExtraFeatures::SNPBTBIsolation => features.set_snp_btb_isolation(true),
+        }
+    }
+
     vmsa.sev_features = features;
 
     IgvmDirectiveHeader::SnpVpContext {
diff --git a/igvmmeasure/src/igvm_measure.rs b/igvmmeasure/src/igvm_measure.rs
@@ -339,7 +339,7 @@ impl IgvmMeasure {
             if vmsa.cr0 != 0x31 {
                 return Err(IgvmMeasureError::InvalidVmsaCr0);
             }
-            if !vmsa.sev_features.debug_swap() {
+            if vmsa.sev_features.debug_swap() {
                 return Err(IgvmMeasureError::InvalidDebugSwap);
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -347,6 +347,7 @@ impl IgvmBuilder {`
`347`	`347`	`self.gpa_map.vmsa.get_start(),`
`348`	`348`	`param_block.vtom,`
`349`	`349`	`SNP_COMPATIBILITY_MASK,`
	`350`	`+ &self.options.sev_features,`
`350`	`351`	`));`
`351`	`352`	`}`
`352`	`353`
Original file line number	Diff line number	Diff line change
`@@ -339,7 +339,7 @@ impl IgvmMeasure {`
`339`	`339`	`if vmsa.cr0 != 0x31 {`
`340`	`340`	`return Err(IgvmMeasureError::InvalidVmsaCr0);`
`341`	`341`	`}`
`342`		`- if !vmsa.sev_features.debug_swap() {`
	`342`	`+ if vmsa.sev_features.debug_swap() {`
`343`	`343`	`return Err(IgvmMeasureError::InvalidDebugSwap);`
`344`	`344`	`}`
`345`	`345`	`}`