]> www.infradead.org Git - users/jedix/linux-maple.git/commit
KVM: SEV: Add initial SEV-SNP support
authorBrijesh Singh <brijesh.singh@amd.com>
Wed, 1 May 2024 08:51:54 +0000 (03:51 -0500)
committerPaolo Bonzini <pbonzini@redhat.com>
Sun, 12 May 2024 08:09:28 +0000 (04:09 -0400)
commit1dfe571c12cf99244b933208fb77f29471ded677
tree84e45353f5140b4fdc49cb2dce34c75dc2cade6c
parenta8e31983335554193c2cb373161d08880230abfd
KVM: SEV: Add initial SEV-SNP support

SEV-SNP builds upon existing SEV and SEV-ES functionality while adding
new hardware-based security protection. SEV-SNP adds strong memory
encryption and integrity protection to help prevent malicious
hypervisor-based attacks such as data replay, memory re-mapping, and
more, to create an isolated execution environment.

Define a new KVM_X86_SNP_VM type which makes use of these capabilities
and extend the KVM_SEV_INIT2 ioctl to support it. Also add a basic
helper to check whether SNP is enabled and set PFERR_PRIVATE_ACCESS for
private #NPFs so they are handled appropriately by KVM MMU.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Co-developed-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20240501085210.2213060-5-michael.roth@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
arch/x86/include/asm/svm.h
arch/x86/include/uapi/asm/kvm.h
arch/x86/kvm/svm/sev.c
arch/x86/kvm/svm/svm.c
arch/x86/kvm/svm/svm.h