diff options
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/core/machine.c | 22 | ||||
| -rw-r--r-- | hw/i386/pc_sysfw.c | 13 |
2 files changed, 35 insertions, 0 deletions
diff --git a/hw/core/machine.c b/hw/core/machine.c index 5e2bbcdace..2040177664 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -334,6 +334,22 @@ static bool machine_get_enforce_config_section(Object *obj, Error **errp) return ms->enforce_config_section; } +static char *machine_get_memory_encryption(Object *obj, Error **errp) +{ + MachineState *ms = MACHINE(obj); + + return g_strdup(ms->memory_encryption); +} + +static void machine_set_memory_encryption(Object *obj, const char *value, + Error **errp) +{ + MachineState *ms = MACHINE(obj); + + g_free(ms->memory_encryption); + ms->memory_encryption = g_strdup(value); +} + void machine_class_allow_dynamic_sysbus_dev(MachineClass *mc, const char *type) { strList *item = g_new0(strList, 1); @@ -612,6 +628,12 @@ static void machine_class_init(ObjectClass *oc, void *data) &error_abort); object_class_property_set_description(oc, "enforce-config-section", "Set on to enforce configuration section migration", &error_abort); + + object_class_property_add_str(oc, "memory-encryption", + machine_get_memory_encryption, machine_set_memory_encryption, + &error_abort); + object_class_property_set_description(oc, "memory-encryption", + "Set memory encyption object to use", &error_abort); } static void machine_class_base_init(ObjectClass *oc, void *data) diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index 4325575e7d..73ac783f20 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -113,6 +113,8 @@ static void pc_system_flash_init(MemoryRegion *rom_memory) pflash_t *system_flash; MemoryRegion *flash_mem; char name[64]; + void *flash_ptr; + int ret, flash_size; sector_bits = 12; sector_size = 1 << sector_bits; @@ -169,6 +171,17 @@ static void pc_system_flash_init(MemoryRegion *rom_memory) if (unit == 0) { flash_mem = pflash_cfi01_get_memory(system_flash); pc_isa_bios_init(rom_memory, flash_mem, size); + + /* Encrypt the pflash boot ROM */ + if (kvm_memcrypt_enabled()) { + flash_ptr = memory_region_get_ram_ptr(flash_mem); + flash_size = memory_region_size(flash_mem); + ret = kvm_memcrypt_encrypt_data(flash_ptr, flash_size); + if (ret) { + error_report("failed to encrypt pflash rom"); + exit(1); + } + } } } } |