www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Brijesh Singh <brijesh.singh@amd.com>
	Wed, 1 May 2024 08:51:57 +0000 (03:51 -0500)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Sun, 12 May 2024 08:09:30 +0000 (04:09 -0400)
commit	ad27ce155566f2b4400fa865859834592bd18777
tree	76770420dcf67b91cee18b804c624bfcfdbe1a36	tree
parent	dee5a47cc7a45287ec1137edb745bb4dffbe85f6	commit \| diff

KVM: SEV: Add KVM_SEV_SNP_LAUNCH_FINISH command

Add a KVM_SEV_SNP_LAUNCH_FINISH command to finalize the cryptographic
launch digest which stores the measurement of the guest at launch time.
Also extend the existing SNP firmware data structures to support
disabling the use of Versioned Chip Endorsement Keys (VCEK) by guests as
part of this command.

While finalizing the launch flow, the code also issues the LAUNCH_UPDATE
SNP firmware commands to encrypt/measure the initial VMSA pages for each
configured vCPU, which requires setting the RMP entries for those pages
to private, so also add handling to clean up the RMP entries for these
pages whening freeing vCPUs during shutdown.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Co-developed-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Harald Hoyer <harald@profian.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
Message-ID: <20240501085210.2213060-8-michael.roth@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Documentation/virt/kvm/x86/amd-memory-encryption.rst		diff \| blob \| history
arch/x86/include/uapi/asm/kvm.h		diff \| blob \| history
arch/x86/kvm/svm/sev.c		diff \| blob \| history
include/linux/psp-sev.h		diff \| blob \| history