On 3/17/25 6:23 AM, Nikunj A Dadhania wrote:
The hypervisor controls TSC value calculations for the guest. A malicious hypervisor can prevent the guest from progressing. The Secure TSC feature for SEV-SNP allows guests to securely use the RDTSC and RDTSCP instructions. This ensures the guest has a consistent view of time and prevents a malicious hypervisor from manipulating time, such as making it appear to move backward or advance too quickly. For more details, refer to the "Secure Nested Paging (SEV-SNP)" section, subsection "Secure TSC" in APM Volume 2. This patch set is also available at: https://github.com/AMDESE/linux-kvm/tree/sectsc-host-latest and is based on kvm/queue Testing Secure TSC ----------------- Secure TSC guest patches are available as part of v6.14-rc1. QEMU changes: https://github.com/nikunjad/qemu/tree/snp-securetsc-latest QEMU command line SEV-SNP with Secure TSC: qemu-system-x86_64 -cpu EPYC-Milan-v2 -smp 4 \ -object memory-backend-memfd,id=ram1,size=1G,share=true,prealloc=false,reserve=false \ -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,secure-tsc=on,stsc-freq=2000000000 \ -machine q35,confidential-guest-support=sev0,memory-backend=ram1 \ ...
Hi Nikunj, I've been trying to test this patchset with the above QEMU command line and with the OVMF built from upstream master. But I'm encountering following errors: " !!!!!!!! Image Section Alignment(0x40) does not match Required Alignment (0x1000) !!!!!!!! ProtectUefiImage failed to create image properties record " I briefly looked at this[1] branch as well but it appears to be no longer actively maintained as I ran into some build errors which are fixed in upstream. The build command I'm using to build the OVMF is as follows: build -a X64 -b DEBUG -t GCC5 -D DEBUG_VERBOSE -p OvmfPkg/OvmfPkgX64.dsc So, I was wondering if you've some extra patches on top of upstream OVMF to test SecureTSC or are there any modifications required in my build command? Thank you! [1] https://github.com/AMDESE/ovmf/tree/snp-latest
Changelog: ---------- v5: * Rebased on top of kvm/queue that includes protected TSC patches https://lore.kernel.org/kvm/20250314183422.2990277-1-pbonzini@xxxxxxxxxx/ * Dropped patch 4/5 as it is not required after protected TSC patches * Set guest_tsc_protected when Secure TSC is enabled (Paolo) * Collect Reviewed-by from Tom * Base the desired_tsc_freq on KVM's ABI (Sean) v4: https://lore.kernel.org/kvm/20250310063938.13790-1-nikunj@xxxxxxx/ * Rebased on top of latest kvm-x86/next * Collect Reviewed-by from Tom * Use "KVM: SVM" instead of "crypto: ccp" (Tom) * Clear the intercept in sev_es_init_vmcb() (Tom) * Differentiate between guest and host MSR_IA32_TSC writes (Tom) Ketan Chaturvedi (1): KVM: SVM: Enable Secure TSC for SNP guests Nikunj A Dadhania (3): x86/cpufeatures: Add SNP Secure TSC KVM: SVM: Add missing member in SNP_LAUNCH_START command structure KVM: SVM: Add GUEST_TSC_FREQ MSR for Secure TSC enabled guests arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/svm.h | 1 + arch/x86/include/uapi/asm/kvm.h | 3 ++- arch/x86/kvm/svm/sev.c | 17 +++++++++++++++++ arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 11 ++++++++++- include/linux/psp-sev.h | 2 ++ 7 files changed, 34 insertions(+), 2 deletions(-) base-commit: 9f443c33263385cbb8565ab58db3f7983e769bed
