On 10/23/25 17:08, Christoph Hellwig wrote:
On Wed, Oct 22, 2025 at 10:35:28AM +0200, Jörg Rödel wrote:
Hi all,
This morning I pushed out my current Linux and QEMU branches which support
running COCONUT-SVSM on AMD SEV-SNP based on kernel v6.17 and the original KVM
Planes patch-set from Paolo.
Can you explain what this alphabet-soup even means?
With pleasure :)
- SEV-SNP: virtualization feature to encrypt VM memory (SEV) and also
protect from attacks from the hypervisor (SNP), by matching the
hypervisor's page tables against a reverse page mapping (from host
physical to guest physical address) maintained by processor firmware in
collaboration with the guest
- VMPL (bonus): SNP feature to create privilege levels within a single
VM, for example to manage persistent secrets. The firmware at VMPL0 can
hold secrets that even the guest OS at VMPL1+ cannot access.
- KVM planes: KVM feature to create privilege levels within a single
VM, including VMPLs
- SVSM (Secure VM Service Module): privileged firmware running at VMPL0
- COCONUT-SVSM: one implementation of SVSM
Paolo
