xref: /OK3568_Linux_fs/kernel/Documentation/powerpc/ultravisor.rst (revision 4882a59341e53eb6f0b4789bf948001014eff981)

.. SPDX-License-Identifier: GPL-2.0
.. _ultravisor:

============================
Protected Execution Facility
============================

.. contents::
    :depth: 3

Introduction
############

    Protected Execution Facility (PEF) is an architectural change for
    POWER 9 that enables Secure Virtual Machines (SVMs). DD2.3 chips
    (PVR=0x004e1203) or greater will be PEF-capable. A new ISA release
    will include the PEF RFC02487 changes.

    When enabled, PEF adds a new higher privileged mode, called Ultravisor
    mode, to POWER architecture. Along with the new mode there is new
    firmware called the Protected Execution Ultravisor (or Ultravisor
    for short). Ultravisor mode is the highest privileged mode in POWER
    architecture.

	+------------------+
	| Privilege States |
	+==================+
	|  Problem         |
	+------------------+
	|  Supervisor      |
	+------------------+
	|  Hypervisor      |
	+------------------+
	|  Ultravisor      |
	+------------------+

    PEF protects SVMs from the hypervisor, privileged users, and other
    VMs in the system. SVMs are protected while at rest and can only be
    executed by an authorized machine. All virtual machines utilize
    hypervisor services. The Ultravisor filters calls between the SVMs
    and the hypervisor to assure that information does not accidentally
    leak. All hypercalls except H_RANDOM are reflected to the hypervisor.
    H_RANDOM is not reflected to prevent the hypervisor from influencing
    random values in the SVM.

    To support this there is a refactoring of the ownership of resources
    in the CPU. Some of the resources which were previously hypervisor
    privileged are now ultravisor privileged.

Hardware
========

    The hardware changes include the following:

    * There is a new bit in the MSR that determines whether the current
      process is running in secure mode, MSR(S) bit 41. MSR(S)=1, process
      is in secure mode, MSR(s)=0 process is in normal mode.

    * The MSR(S) bit can only be set by the Ultravisor.

    * HRFID cannot be used to set the MSR(S) bit. If the hypervisor needs
      to return to a SVM it must use an ultracall. It can determine if
      the VM it is returning to is secure.

    * There is a new Ultravisor privileged register, SMFCTRL, which has an
      enable/disable bit SMFCTRL(E).

    * The privilege of a process is now determined by three MSR bits,
      MSR(S, HV, PR). In each of the tables below the modes are listed
      from least privilege to highest privilege. The higher privilege
      modes can access all the resources of the lower privilege modes.

      **Secure Mode MSR Settings**

      +---+---+---+---------------+
      | S | HV| PR|Privilege      |
      +===+===+===+===============+
      | 1 | 0 | 1 | Problem       |
      +---+---+---+---------------+
      | 1 | 0 | 0 | Privileged(OS)|
      +---+---+---+---------------+
      | 1 | 1 | 0 | Ultravisor    |
      +---+---+---+---------------+
      | 1 | 1 | 1 | Reserved      |
      +---+---+---+---------------+

      **Normal Mode MSR Settings**

      +---+---+---+---------------+
      | S | HV| PR|Privilege      |
      +===+===+===+===============+
      | 0 | 0 | 1 | Problem       |
      +---+---+---+---------------+
      | 0 | 0 | 0 | Privileged(OS)|
      +---+---+---+---------------+
      | 0 | 1 | 0 | Hypervisor    |
      +---+---+---+---------------+
      | 0 | 1 | 1 | Problem (Host)|
      +---+---+---+---------------+

    * Memory is partitioned into secure and normal memory. Only processes
      that are running in secure mode can access secure memory.

    * The hardware does not allow anything that is not running secure to
      access secure memory. This means that the Hypervisor cannot access
      the memory of the SVM without using an ultracall (asking the
      Ultravisor). The Ultravisor will only allow the hypervisor to see
      the SVM memory encrypted.

    * I/O systems are not allowed to directly address secure memory. This
      limits the SVMs to virtual I/O only.

    * The architecture allows the SVM to share pages of memory with the
      hypervisor that are not protected with encryption. However, this
      sharing must be initiated by the SVM.

    * When a process is running in secure mode all hypercalls
      (syscall lev=1) go to the Ultravisor.

    * When a process is in secure mode all interrupts go to the
      Ultravisor.

    * The following resources have become Ultravisor privileged and
      require an Ultravisor interface to manipulate:

      * Processor configurations registers (SCOMs).

      * Stop state information.

      * The debug registers CIABR, DAWR, and DAWRX when SMFCTRL(D) is set.
        If SMFCTRL(D) is not set they do not work in secure mode. When set,
        reading and writing requires an Ultravisor call, otherwise that
        will cause a Hypervisor Emulation Assistance interrupt.

      * PTCR and partition table entries (partition table is in secure
        memory). An attempt to write to PTCR will cause a Hypervisor
        Emulation Assitance interrupt.

      * LDBAR (LD Base Address Register) and IMC (In-Memory Collection)
        non-architected registers. An attempt to write to them will cause a
        Hypervisor Emulation Assistance interrupt.

      * Paging for an SVM, sharing of memory with Hypervisor for an SVM.
        (Including Virtual Processor Area (VPA) and virtual I/O).


Software/Microcode
==================

    The software changes include:

    * SVMs are created from normal VM using (open source) tooling supplied
      by IBM.

    * All SVMs start as normal VMs and utilize an ultracall, UV_ESM
      (Enter Secure Mode), to make the transition.

    * When the UV_ESM ultracall is made the Ultravisor copies the VM into
      secure memory, decrypts the verification information, and checks the
      integrity of the SVM. If the integrity check passes the Ultravisor
      passes control in secure mode.

    * The verification information includes the pass phrase for the
      encrypted disk associated with the SVM. This pass phrase is given
      to the SVM when requested.

    * The Ultravisor is not involved in protecting the encrypted disk of
      the SVM while at rest.

    * For external interrupts the Ultravisor saves the state of the SVM,
      and reflects the interrupt to the hypervisor for processing.
      For hypercalls, the Ultravisor inserts neutral state into all
      registers not needed for the hypercall then reflects the call to
      the hypervisor for processing. The H_RANDOM hypercall is performed
      by the Ultravisor and not reflected.

    * For virtual I/O to work bounce buffering must be done.

    * The Ultravisor uses AES (IAPM) for protection of SVM memory. IAPM
      is a mode of AES that provides integrity and secrecy concurrently.

    * The movement of data between normal and secure pages is coordinated
      with the Ultravisor by a new HMM plug-in in the Hypervisor.

    The Ultravisor offers new services to the hypervisor and SVMs. These
    are accessed through ultracalls.

Terminology
===========

    * Hypercalls: special system calls used to request services from
      Hypervisor.

    * Normal memory: Memory that is accessible to Hypervisor.

    * Normal page: Page backed by normal memory and available to
      Hypervisor.

    * Shared page: A page backed by normal memory and available to both
      the Hypervisor/QEMU and the SVM (i.e page has mappings in SVM and
      Hypervisor/QEMU).

    * Secure memory: Memory that is accessible only to Ultravisor and
      SVMs.

    * Secure page: Page backed by secure memory and only available to
      Ultravisor and SVM.

    * SVM: Secure Virtual Machine.

    * Ultracalls: special system calls used to request services from
      Ultravisor.


Ultravisor calls API
####################

    This section describes Ultravisor calls (ultracalls) needed to
    support Secure Virtual Machines (SVM)s and Paravirtualized KVM. The
    ultracalls allow the SVMs and Hypervisor to request services from the
    Ultravisor such as accessing a register or memory region that can only
    be accessed when running in Ultravisor-privileged mode.

    The specific service needed from an ultracall is specified in register
    R3 (the first parameter to the ultracall). Other parameters to the
    ultracall, if any, are specified in registers R4 through R12.

    Return value of all ultracalls is in register R3. Other output values
    from the ultracall, if any, are returned in registers R4 through R12.
    The only exception to this register usage is the ``UV_RETURN``
    ultracall described below.

    Each ultracall returns specific error codes, applicable in the context
    of the ultracall. However, like with the PowerPC Architecture Platform
    Reference (PAPR), if no specific error code is defined for a
    particular situation, then the ultracall will fallback to an erroneous
    parameter-position based code. i.e U_PARAMETER, U_P2, U_P3 etc
    depending on the ultracall parameter that may have caused the error.

    Some ultracalls involve transferring a page of data between Ultravisor
    and Hypervisor.  Secure pages that are transferred from secure memory
    to normal memory may be encrypted using dynamically generated keys.
    When the secure pages are transferred back to secure memory, they may
    be decrypted using the same dynamically generated keys. Generation and
    management of these keys will be covered in a separate document.

    For now this only covers ultracalls currently implemented and being
    used by Hypervisor and SVMs but others can be added here when it
    makes sense.

    The full specification for all hypercalls/ultracalls will eventually
    be made available in the public/OpenPower version of the PAPR
    specification.

    .. note::

        If PEF is not enabled, the ultracalls will be redirected to the
        Hypervisor which must handle/fail the calls.

Ultracalls used by Hypervisor
=============================

    This section describes the virtual memory management ultracalls used
    by the Hypervisor to manage SVMs.

UV_PAGE_OUT
-----------

    Encrypt and move the contents of a page from secure memory to normal
    memory.

Syntax
~~~~~~

.. code-block:: c

	uint64_t ultracall(const uint64_t UV_PAGE_OUT,
		uint16_t lpid,		/* LPAR ID */
		uint64_t dest_ra,	/* real address of destination page */
		uint64_t src_gpa,	/* source guest-physical-address */
		uint8_t  flags,		/* flags */
		uint64_t order)		/* page size order */

Return values
~~~~~~~~~~~~~

    One of the following values:

	* U_SUCCESS	on success.
	* U_PARAMETER	if ``lpid`` is invalid.
	* U_P2 		if ``dest_ra`` is invalid.
	* U_P3		if the ``src_gpa`` address is invalid.
	* U_P4		if any bit in the ``flags`` is unrecognized
	* U_P5		if the ``order`` parameter is unsupported.
	* U_FUNCTION	if functionality is not supported.
	* U_BUSY	if page cannot be currently paged-out.

Description
~~~~~~~~~~~

    Encrypt the contents of a secure-page and make it available to
    Hypervisor in a normal page.

    By default, the source page is unmapped from the SVM's partition-
    scoped page table. But the Hypervisor can provide a hint to the
    Ultravisor to retain the page mapping by setting the ``UV_SNAPSHOT``
    flag in ``flags`` parameter.

    If the source page is already a shared page the call returns
    U_SUCCESS, without doing anything.

Use cases
~~~~~~~~~

    #. QEMU attempts to access an address belonging to the SVM but the
       page frame for that address is not mapped into QEMU's address
       space. In this case, the Hypervisor will allocate a page frame,
       map it into QEMU's address space and issue the ``UV_PAGE_OUT``
       call to retrieve the encrypted contents of the page.

    #. When Ultravisor runs low on secure memory and it needs to page-out
       an LRU page. In this case, Ultravisor will issue the
       ``H_SVM_PAGE_OUT`` hypercall to the Hypervisor. The Hypervisor will
       then allocate a normal page and issue the ``UV_PAGE_OUT`` ultracall
       and the Ultravisor will encrypt and move the contents of the secure
       page into the normal page.

    #. When Hypervisor accesses SVM data, the Hypervisor requests the
       Ultravisor to transfer the corresponding page into a insecure page,
       which the Hypervisor can access. The data in the normal page will
       be encrypted though.

UV_PAGE_IN
----------

    Move the contents of a page from normal memory to secure memory.

Syntax
~~~~~~

.. code-block:: c

	uint64_t ultracall(const uint64_t UV_PAGE_IN,
		uint16_t lpid,		/* the LPAR ID */
		uint64_t src_ra,	/* source real address of page */
		uint64_t dest_gpa,	/* destination guest physical address */
		uint64_t flags,		/* flags */
		uint64_t order)		/* page size order */

Return values
~~~~~~~~~~~~~

    One of the following values:

	* U_SUCCESS	on success.
	* U_BUSY	if page cannot be currently paged-in.
	* U_FUNCTION	if functionality is not supported
	* U_PARAMETER	if ``lpid`` is invalid.
	* U_P2 		if ``src_ra`` is invalid.
	* U_P3		if the ``dest_gpa`` address is invalid.
	* U_P4		if any bit in the ``flags`` is unrecognized
	* U_P5		if the ``order`` parameter is unsupported.

Description
~~~~~~~~~~~

    Move the contents of the page identified by ``src_ra`` from normal
    memory to secure memory and map it to the guest physical address
    ``dest_gpa``.

    If `dest_gpa` refers to a shared address, map the page into the
    partition-scoped page-table of the SVM.  If `dest_gpa` is not shared,
    copy the contents of the page into the corresponding secure page.
    Depending on the context, decrypt the page before being copied.

    The caller provides the attributes of the page through the ``flags``
    parameter. Valid values for ``flags`` are:

	* CACHE_INHIBITED
	* CACHE_ENABLED
	* WRITE_PROTECTION

    The Hypervisor must pin the page in memory before making
    ``UV_PAGE_IN`` ultracall.

Use cases
~~~~~~~~~

    #. When a normal VM switches to secure mode, all its pages residing
       in normal memory, are moved into secure memory.

    #. When an SVM requests to share a page with Hypervisor the Hypervisor
       allocates a page and informs the Ultravisor.

    #. When an SVM accesses a secure page that has been paged-out,
       Ultravisor invokes the Hypervisor to locate the page. After
       locating the page, the Hypervisor uses UV_PAGE_IN to make the
       page available to Ultravisor.

UV_PAGE_INVAL
-------------

    Invalidate the Ultravisor mapping of a page.

Syntax
~~~~~~

.. code-block:: c

	uint64_t ultracall(const uint64_t UV_PAGE_INVAL,
		uint16_t lpid,		/* the LPAR ID */
		uint64_t guest_pa,	/* destination guest-physical-address */
		uint64_t order)		/* page size order */

Return values
~~~~~~~~~~~~~

    One of the following values:

	* U_SUCCESS	on success.
	* U_PARAMETER	if ``lpid`` is invalid.
	* U_P2 		if ``guest_pa`` is invalid (or corresponds to a secure
                        page mapping).
	* U_P3		if the ``order`` is invalid.
	* U_FUNCTION	if functionality is not supported.
	* U_BUSY	if page cannot be currently invalidated.

Description
~~~~~~~~~~~

    This ultracall informs Ultravisor that the page mapping in Hypervisor
    corresponding to the given guest physical address has been invalidated
    and that the Ultravisor should not access the page. If the specified
    ``guest_pa`` corresponds to a secure page, Ultravisor will ignore the
    attempt to invalidate the page and return U_P2.

Use cases
~~~~~~~~~

    #. When a shared page is unmapped from the QEMU's page table, possibly
       because it is paged-out to disk, Ultravisor needs to know that the
       page should not be accessed from its side too.


UV_WRITE_PATE
-------------

    Validate and write the partition table entry (PATE) for a given
    partition.

Syntax
~~~~~~

.. code-block:: c

	uint64_t ultracall(const uint64_t UV_WRITE_PATE,
		uint32_t lpid,		/* the LPAR ID */
		uint64_t dw0		/* the first double word to write */
		uint64_t dw1)		/* the second double word to write */

Return values
~~~~~~~~~~~~~

    One of the following values:

	* U_SUCCESS	on success.
	* U_BUSY	if PATE cannot be currently written to.
	* U_FUNCTION	if functionality is not supported.
	* U_PARAMETER	if ``lpid`` is invalid.
	* U_P2 		if ``dw0`` is invalid.
	* U_P3		if the ``dw1`` address is invalid.
	* U_PERMISSION	if the Hypervisor is attempting to change the PATE
			of a secure virtual machine or if called from a
			context other than Hypervisor.

Description
~~~~~~~~~~~

    Validate and write a LPID and its partition-table-entry for the given
    LPID.  If the LPID is already allocated and initialized, this call
    results in changing the partition table entry.

Use cases
~~~~~~~~~

    #. The Partition table resides in Secure memory and its entries,
       called PATE (Partition Table Entries), point to the partition-
       scoped page tables for the Hypervisor as well as each of the
       virtual machines (both secure and normal). The Hypervisor
       operates in partition 0 and its partition-scoped page tables
       reside in normal memory.

    #. This ultracall allows the Hypervisor to register the partition-
       scoped and process-scoped page table entries for the Hypervisor
       and other partitions (virtual machines) with the Ultravisor.

    #. If the value of the PATE for an existing partition (VM) changes,
       the TLB cache for the partition is flushed.

    #. The Hypervisor is responsible for allocating LPID. The LPID and
       its PATE entry are registered together.  The Hypervisor manages
       the PATE entries for a normal VM and can change the PATE entry
       anytime. Ultravisor manages the PATE entries for an SVM and
       Hypervisor is not allowed to modify them.

UV_RETURN
---------

    Return control from the Hypervisor back to the Ultravisor after
    processing an hypercall or interrupt that was forwarded (aka
    *reflected*) to the Hypervisor.

Syntax
~~~~~~

.. code-block:: c

	uint64_t ultracall(const uint64_t UV_RETURN)

Return values
~~~~~~~~~~~~~

     This call never returns to Hypervisor on success.  It returns
     U_INVALID if ultracall is not made from a Hypervisor context.

Description
~~~~~~~~~~~

    When an SVM makes an hypercall or incurs some other exception, the
    Ultravisor usually forwards (aka *reflects*) the exceptions to the
    Hypervisor.  After processing the exception, Hypervisor uses the
    ``UV_RETURN`` ultracall to return control back to the SVM.

    The expected register state on entry to this ultracall is:

    * Non-volatile registers are restored to their original values.
    * If returning from an hypercall, register R0 contains the return
      value (**unlike other ultracalls**) and, registers R4 through R12
      contain any output values of the hypercall.
    * R3 contains the ultracall number, i.e UV_RETURN.
    * If returning with a synthesized interrupt, R2 contains the
      synthesized interrupt number.

Use cases
~~~~~~~~~

    #. Ultravisor relies on the Hypervisor to provide several services to
       the SVM such as processing hypercall and other exceptions. After
       processing the exception, Hypervisor uses UV_RETURN to return
       control back to the Ultravisor.

    #. Hypervisor has to use this ultracall to return control to the SVM.


UV_REGISTER_MEM_SLOT
--------------------

    Register an SVM address-range with specified properties.

Syntax
~~~~~~

.. code-block:: c

	uint64_t ultracall(const uint64_t UV_REGISTER_MEM_SLOT,
		uint64_t lpid,		/* LPAR ID of the SVM */
		uint64_t start_gpa,	/* start guest physical address */
		uint64_t size,		/* size of address range in bytes */
		uint64_t flags		/* reserved for future expansion */
		uint16_t slotid)	/* slot identifier */

Return values
~~~~~~~~~~~~~

    One of the following values:

	* U_SUCCESS	on success.
	* U_PARAMETER	if ``lpid`` is invalid.
	* U_P2 		if ``start_gpa`` is invalid.
	* U_P3		if ``size`` is invalid.
	* U_P4		if any bit in the ``flags`` is unrecognized.
	* U_P5		if the ``slotid`` parameter is unsupported.
	* U_PERMISSION	if called from context other than Hypervisor.
	* U_FUNCTION	if functionality is not supported.


Description
~~~~~~~~~~~

    Register a memory range for an SVM.  The memory range starts at the
    guest physical address ``start_gpa`` and is ``size`` bytes long.

Use cases
~~~~~~~~~


    #. When a virtual machine goes secure, all the memory slots managed by
       the Hypervisor move into secure memory. The Hypervisor iterates
       through each of memory slots, and registers the slot with
       Ultravisor.  Hypervisor may discard some slots such as those used
       for firmware (SLOF).

    #. When new memory is hot-plugged, a new memory slot gets registered.


UV_UNREGISTER_MEM_SLOT
----------------------

    Unregister an SVM address-range that was previously registered using
    UV_REGISTER_MEM_SLOT.

Syntax
~~~~~~

.. code-block:: c

	uint64_t ultracall(const uint64_t UV_UNREGISTER_MEM_SLOT,
		uint64_t lpid,		/* LPAR ID of the SVM */
		uint64_t slotid)	/* reservation slotid */

Return values
~~~~~~~~~~~~~

    One of the following values:

	* U_SUCCESS	on success.
	* U_FUNCTION	if functionality is not supported.
	* U_PARAMETER	if ``lpid`` is invalid.
	* U_P2 		if ``slotid`` is invalid.
	* U_PERMISSION	if called from context other than Hypervisor.

Description
~~~~~~~~~~~

    Release the memory slot identified by ``slotid`` and free any
    resources allocated towards the reservation.

Use cases
~~~~~~~~~

    #. Memory hot-remove.


UV_SVM_TERMINATE
----------------

    Terminate an SVM and release its resources.

Syntax
~~~~~~

.. code-block:: c

	uint64_t ultracall(const uint64_t UV_SVM_TERMINATE,
		uint64_t lpid,		/* LPAR ID of the SVM */)

Return values
~~~~~~~~~~~~~

    One of the following values:

	* U_SUCCESS	on success.
	* U_FUNCTION	if functionality is not supported.
	* U_PARAMETER	if ``lpid`` is invalid.
	* U_INVALID	if VM is not secure.
	* U_PERMISSION  if not called from a Hypervisor context.

Description
~~~~~~~~~~~

    Terminate an SVM and release all its resources.

Use cases
~~~~~~~~~

    #. Called by Hypervisor when terminating an SVM.


Ultracalls used by SVM
======================

UV_SHARE_PAGE
-------------

    Share a set of guest physical pages with the Hypervisor.

Syntax
~~~~~~

.. code-block:: c

	uint64_t ultracall(const uint64_t UV_SHARE_PAGE,
		uint64_t gfn,	/* guest page frame number */
		uint64_t num)	/* number of pages of size PAGE_SIZE */

Return values
~~~~~~~~~~~~~

    One of the following values:

	* U_SUCCESS	on success.
	* U_FUNCTION	if functionality is not supported.
	* U_INVALID	if the VM is not secure.
	* U_PARAMETER	if ``gfn`` is invalid.
	* U_P2 		if ``num`` is invalid.

Description
~~~~~~~~~~~

    Share the ``num`` pages starting at guest physical frame number ``gfn``
    with the Hypervisor. Assume page size is PAGE_SIZE bytes. Zero the
    pages before returning.

    If the address is already backed by a secure page, unmap the page and
    back it with an insecure page, with the help of the Hypervisor. If it
    is not backed by any page yet, mark the PTE as insecure and back it
    with an insecure page when the address is accessed. If it is already
    backed by an insecure page, zero the page and return.

Use cases
~~~~~~~~~

    #. The Hypervisor cannot access the SVM pages since they are backed by
       secure pages. Hence an SVM must explicitly request Ultravisor for
       pages it can share with Hypervisor.

    #. Shared pages are needed to support virtio and Virtual Processor Area
       (VPA) in SVMs.


UV_UNSHARE_PAGE
---------------

    Restore a shared SVM page to its initial state.

Syntax
~~~~~~

.. code-block:: c

	uint64_t ultracall(const uint64_t UV_UNSHARE_PAGE,
		uint64_t gfn,	/* guest page frame number */
		uint73 num)	/* number of pages of size PAGE_SIZE*/

Return values
~~~~~~~~~~~~~

    One of the following values:

	* U_SUCCESS	on success.
	* U_FUNCTION	if functionality is not supported.
	* U_INVALID	if VM is not secure.
	* U_PARAMETER	if ``gfn`` is invalid.
	* U_P2 		if ``num`` is invalid.

Description
~~~~~~~~~~~

    Stop sharing ``num`` pages starting at ``gfn`` with the Hypervisor.
    Assume that the page size is PAGE_SIZE. Zero the pages before
    returning.

    If the address is already backed by an insecure page, unmap the page
    and back it with a secure page. Inform the Hypervisor to release
    reference to its shared page. If the address is not backed by a page
    yet, mark the PTE as secure and back it with a secure page when that
    address is accessed. If it is already backed by an secure page zero
    the page and return.

Use cases
~~~~~~~~~

    #. The SVM may decide to unshare a page from the Hypervisor.


UV_UNSHARE_ALL_PAGES
--------------------

    Unshare all pages the SVM has shared with Hypervisor.

Syntax
~~~~~~

.. code-block:: c

	uint64_t ultracall(const uint64_t UV_UNSHARE_ALL_PAGES)

Return values
~~~~~~~~~~~~~

    One of the following values:

	* U_SUCCESS	on success.
	* U_FUNCTION	if functionality is not supported.
	* U_INVAL	if VM is not secure.

Description
~~~~~~~~~~~

    Unshare all shared pages from the Hypervisor. All unshared pages are
    zeroed on return. Only pages explicitly shared by the SVM with the
    Hypervisor (using UV_SHARE_PAGE ultracall) are unshared. Ultravisor
    may internally share some pages with the Hypervisor without explicit
    request from the SVM.  These pages will not be unshared by this
    ultracall.

Use cases
~~~~~~~~~

    #. This call is needed when ``kexec`` is used to boot a different
       kernel. It may also be needed during SVM reset.

UV_ESM
------

    Secure the virtual machine (*enter secure mode*).

Syntax
~~~~~~

.. code-block:: c

	uint64_t ultracall(const uint64_t UV_ESM,
		uint64_t esm_blob_addr,	/* location of the ESM blob */
		unint64_t fdt)		/* Flattened device tree */

Return values
~~~~~~~~~~~~~

    One of the following values:

	* U_SUCCESS	on success (including if VM is already secure).
	* U_FUNCTION	if functionality is not supported.
	* U_INVALID	if VM is not secure.
	* U_PARAMETER	if ``esm_blob_addr`` is invalid.
	* U_P2 		if ``fdt`` is invalid.
	* U_PERMISSION	if any integrity checks fail.
	* U_RETRY	insufficient memory to create SVM.
	* U_NO_KEY	symmetric key unavailable.

Description
~~~~~~~~~~~

    Secure the virtual machine. On successful completion, return
    control to the virtual machine at the address specified in the
    ESM blob.

Use cases
~~~~~~~~~

    #. A normal virtual machine can choose to switch to a secure mode.

Hypervisor Calls API
####################

    This document describes the Hypervisor calls (hypercalls) that are
    needed to support the Ultravisor. Hypercalls are services provided by
    the Hypervisor to virtual machines and Ultravisor.

    Register usage for these hypercalls is identical to that of the other
    hypercalls defined in the Power Architecture Platform Reference (PAPR)
    document.  i.e on input, register R3 identifies the specific service
    that is being requested and registers R4 through R11 contain
    additional parameters to the hypercall, if any. On output, register
    R3 contains the return value and registers R4 through R9 contain any
    other output values from the hypercall.

    This document only covers hypercalls currently implemented/planned
    for Ultravisor usage but others can be added here when it makes sense.

    The full specification for all hypercalls/ultracalls will eventually
    be made available in the public/OpenPower version of the PAPR
    specification.

Hypervisor calls to support Ultravisor
======================================

    Following are the set of hypercalls needed to support Ultravisor.

H_SVM_INIT_START
----------------

    Begin the process of converting a normal virtual machine into an SVM.

Syntax
~~~~~~

.. code-block:: c

	uint64_t hypercall(const uint64_t H_SVM_INIT_START)

Return values
~~~~~~~~~~~~~

    One of the following values:

	* H_SUCCESS	 on success.
        * H_STATE        if the VM is not in a position to switch to secure.

Description
~~~~~~~~~~~

    Initiate the process of securing a virtual machine. This involves
    coordinating with the Ultravisor, using ultracalls, to allocate
    resources in the Ultravisor for the new SVM, transferring the VM's
    pages from normal to secure memory etc. When the process is
    completed, Ultravisor issues the H_SVM_INIT_DONE hypercall.

Use cases
~~~~~~~~~

     #. Ultravisor uses this hypercall to inform Hypervisor that a VM
        has initiated the process of switching to secure mode.


H_SVM_INIT_DONE
---------------

    Complete the process of securing an SVM.

Syntax
~~~~~~

.. code-block:: c

	uint64_t hypercall(const uint64_t H_SVM_INIT_DONE)

Return values
~~~~~~~~~~~~~

    One of the following values:

	* H_SUCCESS 		on success.
	* H_UNSUPPORTED		if called from the wrong context (e.g.
				from an SVM or before an H_SVM_INIT_START
				hypercall).
	* H_STATE		if the hypervisor could not successfully
                                transition the VM to Secure VM.

Description
~~~~~~~~~~~

    Complete the process of securing a virtual machine. This call must
    be made after a prior call to ``H_SVM_INIT_START`` hypercall.

Use cases
~~~~~~~~~

    On successfully securing a virtual machine, the Ultravisor informs
    Hypervisor about it. Hypervisor can use this call to finish setting
    up its internal state for this virtual machine.


H_SVM_INIT_ABORT
----------------

    Abort the process of securing an SVM.

Syntax
~~~~~~

.. code-block:: c

	uint64_t hypercall(const uint64_t H_SVM_INIT_ABORT)

Return values
~~~~~~~~~~~~~

    One of the following values:

	* H_PARAMETER 		on successfully cleaning up the state,
				Hypervisor will return this value to the
				**guest**, to indicate that the underlying
				UV_ESM ultracall failed.

	* H_STATE		if called after a VM has gone secure (i.e
				H_SVM_INIT_DONE hypercall was successful).

	* H_UNSUPPORTED		if called from a wrong context (e.g. from a
				normal VM).

Description
~~~~~~~~~~~

    Abort the process of securing a virtual machine. This call must
    be made after a prior call to ``H_SVM_INIT_START`` hypercall and
    before a call to ``H_SVM_INIT_DONE``.

    On entry into this hypercall the non-volatile GPRs and FPRs are
    expected to contain the values they had at the time the VM issued
    the UV_ESM ultracall. Further ``SRR0`` is expected to contain the
    address of the instruction after the ``UV_ESM`` ultracall and ``SRR1``
    the MSR value with which to return to the VM.

    This hypercall will cleanup any partial state that was established for
    the VM since the prior ``H_SVM_INIT_START`` hypercall, including paging
    out pages that were paged-into secure memory, and issue the
    ``UV_SVM_TERMINATE`` ultracall to terminate the VM.

    After the partial state is cleaned up, control returns to the VM
    (**not Ultravisor**), at the address specified in ``SRR0`` with the
    MSR values set to the value in ``SRR1``.

Use cases
~~~~~~~~~

    If after a successful call to ``H_SVM_INIT_START``, the Ultravisor
    encounters an error while securing a virtual machine, either due
    to lack of resources or because the VM's security information could
    not be validated, Ultravisor informs the Hypervisor about it.
    Hypervisor should use this call to clean up any internal state for
    this virtual machine and return to the VM.

H_SVM_PAGE_IN
-------------

    Move the contents of a page from normal memory to secure memory.

Syntax
~~~~~~

.. code-block:: c

	uint64_t hypercall(const uint64_t H_SVM_PAGE_IN,
		uint64_t guest_pa,	/* guest-physical-address */
		uint64_t flags,		/* flags */
		uint64_t order)		/* page size order */

Return values
~~~~~~~~~~~~~

    One of the following values:

	* H_SUCCESS	on success.
	* H_PARAMETER	if ``guest_pa`` is invalid.
	* H_P2		if ``flags`` is invalid.
	* H_P3		if ``order`` of page is invalid.

Description
~~~~~~~~~~~

    Retrieve the content of the page, belonging to the VM at the specified
    guest physical address.

    Only valid value(s) in ``flags`` are:

        * H_PAGE_IN_SHARED which indicates that the page is to be shared
	  with the Ultravisor.

	* H_PAGE_IN_NONSHARED indicates that the UV is not anymore
          interested in the page. Applicable if the page is a shared page.

    The ``order`` parameter must correspond to the configured page size.

Use cases
~~~~~~~~~

    #. When a normal VM becomes a secure VM (using the UV_ESM ultracall),
       the Ultravisor uses this hypercall to move contents of each page of
       the VM from normal memory to secure memory.

    #. Ultravisor uses this hypercall to ask Hypervisor to provide a page
       in normal memory that can be shared between the SVM and Hypervisor.

    #. Ultravisor uses this hypercall to page-in a paged-out page. This
       can happen when the SVM touches a paged-out page.

    #. If SVM wants to disable sharing of pages with Hypervisor, it can
       inform Ultravisor to do so. Ultravisor will then use this hypercall
       and inform Hypervisor that it has released access to the normal
       page.

H_SVM_PAGE_OUT
---------------

    Move the contents of the page to normal memory.

Syntax
~~~~~~

.. code-block:: c

	uint64_t hypercall(const uint64_t H_SVM_PAGE_OUT,
		uint64_t guest_pa,	/* guest-physical-address */
		uint64_t flags,		/* flags (currently none) */
		uint64_t order)		/* page size order */

Return values
~~~~~~~~~~~~~

    One of the following values:

	* H_SUCCESS	on success.
	* H_PARAMETER	if ``guest_pa`` is invalid.
	* H_P2		if ``flags`` is invalid.
	* H_P3		if ``order`` is invalid.

Description
~~~~~~~~~~~

    Move the contents of the page identified by ``guest_pa`` to normal
    memory.

    Currently ``flags`` is unused and must be set to 0. The ``order``
    parameter must correspond to the configured page size.

Use cases
~~~~~~~~~

    #. If Ultravisor is running low on secure pages, it can move the
       contents of some secure pages, into normal pages using this
       hypercall. The content will be encrypted.

References
##########

- `Supporting Protected Computing on IBM Power Architecture <https://developer.ibm.com/articles/l-support-protected-computing/>`_