memory regions.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Richard Henderson <r...@twiddle.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
target/i386/sev.c| 41 +
targe
e.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Cc: "Michael S. Tsirkin" <m...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
hw/i386/pc.c | 9 +
hw/i386/pc_sysfw.c | 6 ++
2 files changed, 15 insertions(+)
diff --git a/hw/i38
...@twiddle.net>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Paolo Bonzini <pbonz...@redhat.com>
---
exec.c| 40
include/exec/cpu-common.h | 15 +++
2 files changed, 55 insertions(+)
diff
Updates kmv.h to include memory encryption ioctls and SEV commands.
Cc: Christian Borntraeger <borntrae...@de.ibm.com>
Cc: Cornelia Huck <cornelia.h...@de.ibm.com>
Cc: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
linux-
an Hajnoczi <stefa...@gmail.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
hw/core/machine.c | 22 ++
include/hw/boards.h | 1 +
qemu-options.hx | 2 ++
3 files changed, 25 insertions(+)
diff --git a/hw/core/machine.c b/hw/core/machine.c
in
om>
Cc: Richard Henderson <richard.hender...@linaro.org>
Cc: Paolo Bonzini <pbonz...@redhat.com>
Reviewed-by: "Edgar E. Iglesias" <edgar.igles...@xilinx.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
include/exec/memattrs.h | 2 ++
1 file changed, 2 inse
SEV memory encrytion object without modifying interfaces.
- Drop patch to load OS image at fixed location.
- updated LAUNCH_FINISH command structure. Now the structure contains
just 'measurement' field. Other fields are not used and will also be removed
from newer SEV firmware API spec.
Brijesh Si
;
ops.write = mem_write;
memory_region_init_ram(mem, NULL, "memory", size, NULL);
memory_region_set_ram_debug_ops(mem, ops);
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Peter Crosthwaite <crosthwaite.pe...@gmail.com>
Cc: Richard Henderson <r...@twiddle.net>
Signed-off-b
On Mon, Feb 12, 2018 at 3:19 PM, Borislav Petkov <b...@suse.de> wrote:
> On Mon, Feb 12, 2018 at 03:07:26PM -0600, Brijesh Singh wrote:
> > In current implementation, when -cpu ...,+sev is passed without
> > appropriate SEV configuration then we populate the Fn8000_00
On 2/12/18 12:38 PM, Eduardo Habkost wrote:
> On Mon, Feb 12, 2018 at 09:36:52AM -0600, Brijesh Singh wrote:
>> AMD EPYC processors support memory encryption feature. The feature
>> is reported through CPUID 8000_001F[EAX].
>>
>> Fn8000_001F [EAX]:
>> Bit
On 2/12/18 11:27 AM, Eric Blake wrote:
> On 02/12/2018 09:37 AM, Brijesh Singh wrote:
>> The QMP query command can used to retrieve the SEV information when
>> memory encryption is enabled on AMD platform.
>>
>> Cc: "Daniel P. Berrangé" <berra...@re
The command is used to query the current SEV guest status. We use this
command to query the guest policy for QMP query-sev command.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Richard Henderson <r...@twiddle.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Signed-off-by: Brijesh
The header file provide the ioctl command and structure to communicate
with /dev/sev device.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Richard Henderson <r...@twiddle.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
In SEV-enabled guest the pte entry will have C-bit set, we need to
clear the C-bit when walking the page table.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Richard Henderson <r...@twiddle.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Signed-off-by: Brijesh Singh <
e.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Cc: "Michael S. Tsirkin" <m...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
hw/i386/pc.c | 9 +
hw/i386/pc_sysfw.c | 6 ++
2 files changed, 15 insertions(+)
diff --git a/hw/i38
; <dgilb...@redhat.com>
Cc: Markus Armbruster <arm...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
tests/qmp-test.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tests/qmp-test.c b/tests/qmp-test.c
index 908f9b981f6e..d8720798ad0b 100644
--- a/tests
correctly by the firmware.
VM management tools like libvirt can query the measurement using
query-sev-launch-measure QMP command.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Richard Henderson <r...@twiddle.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Signed-off-by: Brijesh
SEV guest migration is not implemented yet.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Dr. David Alan Gilbert <dgilb...@redhat.com>
---
target/i386/sev.c | 13 +
1 file changed, 13 insertions(+)
diff --git a/target/i386/sev.c b/target/i386
ilb...@redhat.com>
Cc: Markus Armbruster <arm...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
qapi-schema.json | 29 +
qmp.c| 17 +
2 files changed, 46 insertions(+)
diff --git a/qapi-schema.json b/qapi-
SEV launch flow requires us to issue LAUNCH_FINISH command before guest
is ready to run.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Richard Henderson <r...@twiddle.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
bkost <ehabk...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
include/sysemu/sev.h | 10 +
target/i386/sev.c| 99
target/i386/trace-events | 2 +
3 files changed, 111 insertions(+)
diff --git a/includ
SEV requires that guest bios must be encrypted before booting the guest.
Cc: "Michael S. Tsirkin" <m...@redhat.com>
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Richard Henderson <r...@twiddle.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Signed-off-by: Br
The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory
region using the VM Encryption Key created using LAUNCH_START.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Richard Henderson <r...@twiddle.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Signed-off
an Hajnoczi <stefa...@gmail.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
hw/core/machine.c | 22 ++
include/hw/boards.h | 1 +
qemu-options.hx | 2 ++
3 files changed, 25 insertions(+)
diff --git a/hw/core/machine.c b/hw/core/machine.c
in
bkost <ehabk...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
accel/kvm/kvm-all.c | 1 +
include/sysemu/sev.h | 1 +
stubs/sev.c | 4 +++
target/i386/sev.c| 72
target/i386/trace-events |
The command can be used to show the SEV information when memory
encryption is enabled on AMD platform.
Cc: "Daniel P. Berrangé" <berra...@redhat.com>
Cc: "Dr. David Alan Gilbert" <dgilb...@redhat.com>
Cc: Markus Armbruster <arm...@redhat.com>
Signed-off-by
Updates kmv.h to include memory encryption ioctls and SEV commands.
Cc: Christian Borntraeger <borntrae...@de.ibm.com>
Cc: Cornelia Huck <cornelia.h...@de.ibm.com>
Cc: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
linux-
Create a documentation entry to describe the AMD Secure Encrypted
Virtualization (SEV) feature.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
docs/amd-memory-encryption.txt | 92 ++
1 file
memory regions.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Richard Henderson <r...@twiddle.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
target/i386/sev.c| 41 +
targe
The QMP query command can used to retrieve the SEV information when
memory encryption is enabled on AMD platform.
Cc: "Daniel P. Berrangé" <berra...@redhat.com>
Cc: "Dr. David Alan Gilbert" <dgilb...@redhat.com>
Cc: Markus Armbruster <arm...@redhat.com>
Si
com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
target/i386/cpu.c | 36
target/i386/cpu.h | 3 +++
2 files changed, 39 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index b5e431e769da..475d98a44880 100644
--- a/target
by the SEV firmware.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Richard Henderson <r...@twiddle.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
accel/kvm/kvm-all.c | 15 +
include/sysemu/sev.h | 16 ++
...@twiddle.net>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Paolo Bonzini <pbonz...@redhat.com>
---
exec.c| 40
include/exec/cpu-common.h | 15 +++
2 files changed, 55 insertions(+)
diff
Inorder to integerate the Secure Encryption Virtualization (SEV) support
add few high-level memory encryption APIs which can be used for encrypting
the guest memory region.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: k...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si..
;
ops.write = mem_write;
memory_region_init_ram(mem, NULL, "memory", size, NULL);
memory_region_set_ram_debug_ops(mem, ops);
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Peter Crosthwaite <crosthwaite.pe...@gmail.com>
Cc: Richard Henderson <r...@twiddle.net>
Signed-off-b
firmware.
e.g to launch SEV guest
# $QEMU \
-object sev-guest,id=sev0 \
-machine ,memory-encryption=sev0
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Richard Henderson <r...@twiddle.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Signed-off-by: Brijesh Singh <
com>
Cc: Markus Armbruster <arm...@redhat.com>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
cpus.c| 2 +-
disas.c | 2 +-
monitor.c | 6 +++---
target/i386/hel
om>
Cc: Richard Henderson <richard.hender...@linaro.org>
Cc: Paolo Bonzini <pbonz...@redhat.com>
Reviewed-by: "Edgar E. Iglesias" <edgar.igles...@xilinx.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
include/exec/memattrs.h | 2 ++
1 file changed, 2 inse
and structure. Now the structure contains
just 'measurement' field. Other fields are not used and will also be removed
from newer SEV firmware API spec.
Brijesh Singh (28):
memattrs: add debug attribute
exec: add ram_debug_ops support
exec: add debug version of physical memory read and write
On 2/9/18 12:28 PM, Dr. David Alan Gilbert wrote:
> * Brijesh Singh (brijesh.si...@amd.com) wrote:
>> SEV requires that guest bios must be encrypted before booting the guest.
> I'm curious; is it just the main BIOS that needs encryption - what about
> things like device/PXE ro
On Fri, Feb 2, 2018 at 9:16 AM, Daniel P. Berrangé <berra...@redhat.com>
wrote:
> On Fri, Feb 02, 2018 at 09:11:41AM -0600, Brijesh Singh wrote:
> >
> >
> > On 02/01/2018 11:27 AM, Dr. David Alan Gilbert wrote:
> > > * Brijesh Singh (brijesh.si...@amd.com) wr
On 02/07/2018 10:51 AM, Paolo Bonzini wrote:
On 07/02/2018 17:06, Brijesh Singh wrote:
@@ -3148,7 +3152,11 @@ MemTxResult flatview_read_continue(FlatView *fv, hwaddr
addr,
} else {
/* RAM case */
ptr = qemu_ram_ptr_length(mr->ram_block, addr1, , fa
On 02/07/2018 10:54 AM, Paolo Bonzini wrote:
On 07/02/2018 17:06, Brijesh Singh wrote:
AMD EPYC processors support memory encryption feature. The feature
is reported through CPUID 8000_001F[EAX].
Fn8000_001F [EAX]:
Bit 0 Secure Memory Encryption (SME) supported
Bit 1 Secure Encrypted
On 02/07/2018 10:29 AM, Eric Blake wrote:
...
+#
+# Since: 2.12
+#
+# Notes: If measurement is not available then a null measurement is
returned.
Null measurement, as in empty string? Would it be better to have
query-sev-launch-measure return an error instead of an
SevLaunchMeasureInfo
On 2/7/18 10:19 AM, Eric Blake wrote:
> On 02/07/2018 10:06 AM, Brijesh Singh wrote:
>> Currently, the guest memory access for the debug purpose is performed
>> using the memcpy(). Lets extend the 'struct MemoryRegion' to include
>> ram_debug_ops callbacks. The ram_
On 2/7/18 10:22 AM, Eric Blake wrote:
>> +#
>> +# @enabled: true if SEV is active
>> +#
>> +# @api_major: SEV API major version
>
> New QMP structures should prefer '-' over '_'; this should be
> 'api-major'.
I will fix it. thanks
>> +##
>> +# @query-sev:
>> +#
>> +# Returns information
e.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Cc: "Michael S. Tsirkin" <m...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
hw/i386/pc.c | 9 +
hw/i386/pc_sysfw.c | 6 ++
2 files changed, 15 insertions(+)
diff --git a/hw/i38
KVM_SEV_DBG_DECRYPT and KVM_SEV_DBG_ENCRYPT commands are used for
decrypting and encrypting guest memory region. The command works only if
the guest policy allows the debugging.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: k...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si..
The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory
region using the VM Encryption Key created using LAUNCH_START.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
accel/kvm/kvm-all.c| 2 ++
accel/kvm/sev.c
The header file provide the ioctl command and structure to communicate
with /dev/sev device.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: k...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
linux-headers/linux/psp-sev.h | 142 +
correctly by the firmware.
VM management tools like libvirt can query the measurement using
query-launch-measure QMP command.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: k...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
accel/kvm/sev.c
firmware.
e.g to launch SEV guest
# $QEMU \
-object sev-guest,id=sev0 \
-machine ,memory-encryption=sev0
Cc: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
accel/kvm/Makefile.objs| 2 +-
accel/kvm/sev.c
ilb...@redhat.com>
Cc: Markus Armbruster <arm...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
qapi-schema.json | 30 ++
qmp.c| 14 ++
2 files changed, 44 insertions(+)
diff --git a/qapi-schema.json b/qapi-schema.
SEV requires that guest bios must be encrypted before booting the guest.
Cc: "Michael S. Tsirkin" <m...@redhat.com>
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Richard Henderson <r...@twiddle.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Signed-off-by: Br
SEV launch flow requires us to issue LAUNCH_FINISH command before guest
is ready to run.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: k...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
accel/kvm/sev.c| 29 +
accel/kvm/
The KVM_SEV_LAUNCH_START command creates a new VM encryption key (VEK).
The encryption key created with the command will be used for encrypting
the bootstrap images (such as guest bios).
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: k...@vger.kernel.org
Signed-off-by: Brijesh Singh <b
The command is used to query the current SEV guest status. We use this
command to query the guest policy for QMP query-sev command.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: k...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
accel/kvm/sev.c | 12
com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
target/i386/cpu.c | 36
target/i386/cpu.h | 6 ++
2 files changed, 42 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index a49d2221adc9..4147eb6e18a9 100644
--- a/target
by the SEV firmware.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
accel/kvm/kvm-all.c| 15 +
accel/kvm/sev.c| 161 +
accel/kvm/trace-events | 2 +
accel/stubs/kvm-
In SEV-enabled guest the pte entry will have C-bit set, we need to
clear the C-bit when walking the page table.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Richard Henderson <r...@twiddle.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Signed-off-by: Brijesh Singh <
...@twiddle.net>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Paolo Bonzini <pbonz...@redhat.com>
---
exec.c| 41 +
include/exec/cpu-common.h | 15 +++
2 files changed, 56 insertions(+)
diff
The command can be used to show the SEV information when memory
encryption is enabled on AMD platform.
Cc: "Daniel P. Berrangé" <berra...@redhat.com>
Cc: "Dr. David Alan Gilbert" <dgilb...@redhat.com>
Cc: Markus Armbruster <arm...@redhat.com>
Signed-off-by
Updates kmv.h to include memory encryption ioctls and SEV commands.
Cc: Christian Borntraeger <borntrae...@de.ibm.com>
Cc: Cornelia Huck <cornelia.h...@de.ibm.com>
Cc: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
linux-
Create a documentation entry to describe the AMD Secure Encrypted
Virtualization (SEV) feature.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
docs/amd-memory-encryption.txt | 92 ++
1 file
Inorder to integerate the Secure Encryption Virtualization (SEV) support
add few high-level memory encryption APIs which can be used for encrypting
the guest memory region.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: k...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si..
;
ops.write = mem_write;
memory_region_init_ram(mem, NULL, "memory", size, NULL);
memory_region_set_ram_debug_ops(mem, ops);
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Peter Crosthwaite <crosthwaite.pe...@gmail.com>
Cc: Richard Henderson <r...@twiddle.net>
Signed-off-b
an Hajnoczi <stefa...@gmail.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
hw/core/machine.c | 22 ++
include/hw/boards.h | 1 +
qemu-options.hx | 2 ++
3 files changed, 25 insertions(+)
diff --git a/hw/core/machine.c b/hw/core/machine.c
in
The QMP query command can used to retrieve the SEV information when
memory encryption is enabled on AMD platform.
Cc: "Daniel P. Berrangé" <berra...@redhat.com>
Cc: "Dr. David Alan Gilbert" <dgilb...@redhat.com>
Cc: Markus Armbruster <arm...@redhat.com>
Si
om>
Cc: Richard Henderson <richard.hender...@linaro.org>
Cc: Paolo Bonzini <pbonz...@redhat.com>
Reviewed-by: "Edgar E. Iglesias" <edgar.igles...@xilinx.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
include/exec/memattrs.h | 2 ++
1 file changed, 2 inse
memory regions.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
accel/kvm/sev.c| 41 +
accel/kvm/trace-events | 2 ++
2 files changed, 43 insertions(+)
diff --git a/accel/kvm/sev.c b/acc
and structure. Now the structure contains
just 'measurement' field. Other fields are not used and will also be removed
from newer SEV firmware API spec.
Brijesh Singh (26):
memattrs: add debug attribute
exec: add ram_debug_ops support
exec: add debug version of physical memory read and write
com>
Cc: Markus Armbruster <arm...@redhat.com>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
cpus.c| 2 +-
disas.c | 2 +-
monitor.c | 8 ---
target/i386/hel
On 2/6/18 9:51 AM, Bruce Rogers wrote:
On 1/29/2018 at 10:41 AM, wrote:
>> This patch series provides support for AMD's new Secure Encrypted
>> Virtualization (SEV) feature.
>>
>> SEV is an extension to the AMD‑V architecture which supports running
>> multiple VMs
On 02/01/2018 11:27 AM, Dr. David Alan Gilbert wrote:
* Brijesh Singh (brijesh.si...@amd.com) wrote:
On 1/30/18 2:08 PM, Dr. David Alan Gilbert wrote:
* Brijesh Singh (brijesh.si...@amd.com) wrote:
During machine creation we encrypted the guest bios image, the
LAUNCH_MEASURE command can
On 2/2/18 7:08 AM, Daniel P. Berrangé wrote:
> On Thu, Feb 01, 2018 at 08:04:43PM +, Dr. David Alan Gilbert wrote:
>> * Brijesh Singh (brijesh.si...@amd.com) wrote:
>>>
>>> On 2/1/18 11:58 AM, Dr. David Alan Gilbert wrote:
>>>> * Brijesh Singh (bri
On 2/1/18 11:58 AM, Dr. David Alan Gilbert wrote:
> * Brijesh Singh (brijesh.si...@amd.com) wrote:
>> update 'info kvm' to display the memory encryption support.
>>
>> (qemu) info kvm
>> kvm support: enabled
>> memory encryption: disabled
> As Marku
On 02/01/2018 06:13 AM, Dr. David Alan Gilbert wrote:
* Brijesh Singh (brijesh.si...@amd.com) wrote:
When memory encryption is enabled, KVM_SEV_INIT command is used to
initialize the platform. The command loads the SEV related persistent
data from non-volatile storage and initializes
On 01/31/2018 11:45 AM, Markus Armbruster wrote:
Brijesh Singh <brijesh.si...@amd.com> writes:
Add SEV_MEASUREMENT event which can be used by libvirt to get the
measurement of the memory regions encrypted through the SEV launch
flow. The measurement value is base64 encoded.
Cc: Da
On 01/31/2018 11:43 AM, Markus Armbruster wrote:
Brijesh Singh <brijesh.si...@amd.com> writes:
update 'info kvm' to display the memory encryption support.
(qemu) info kvm
kvm support: enabled
memory encryption: disabled
Cc: "Dr. David Alan Gilbert" <dgilb...@redhat.com&g
On 01/31/2018 07:41 AM, Eduardo Habkost wrote:
On Tue, Jan 30, 2018 at 03:46:45PM -0600, Brijesh Singh wrote:
On 1/30/18 11:49 AM, Dr. David Alan Gilbert wrote:
* Brijesh Singh (brijesh.si...@amd.com) wrote:
AMD EPYC processors support memory encryption feature. The feature
is reported
On 1/30/18 4:37 PM, Edgar E. Iglesias wrote:
> On Tue, Jan 30, 2018 at 04:34:37PM -0600, Brijesh Singh wrote:
>>
>> On 1/30/18 3:59 PM, Edgar E. Iglesias wrote:
>>> On Mon, Jan 29, 2018 at 11:41:11AM -0600, Brijesh Singh wrote:
>>>> Currently, the guest
On 1/30/18 3:59 PM, Edgar E. Iglesias wrote:
> On Mon, Jan 29, 2018 at 11:41:11AM -0600, Brijesh Singh wrote:
>> Currently, the guest memory access for the debug purpose is performed
>> using the memcpy(). Lets extend the 'struct MemoryRegion' to include
>> ra
On 1/30/18 3:46 PM, Brijesh Singh wrote:
>
> On 1/30/18 11:49 AM, Dr. David Alan Gilbert wrote:
>> * Brijesh Singh (brijesh.si...@amd.com) wrote:
>>> AMD EPYC processors support memory encryption feature. The feature
>>> is reported through CPUID 8000_001F[
On 1/30/18 2:08 PM, Dr. David Alan Gilbert wrote:
> * Brijesh Singh (brijesh.si...@amd.com) wrote:
>> During machine creation we encrypted the guest bios image, the
>> LAUNCH_MEASURE command can be used to retrieve the measurement of
>> the encrypted memory region. Emit the
On 1/30/18 11:49 AM, Dr. David Alan Gilbert wrote:
> * Brijesh Singh (brijesh.si...@amd.com) wrote:
>> AMD EPYC processors support memory encryption feature. The feature
>> is reported through CPUID 8000_001F[EAX].
>>
>> Fn8000_001F [EAX]:
>> Bit 0 Secure
The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory
region using the VM Encryption Key created using LAUNCH_START.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
accel/kvm/kvm-all.c| 2 ++
accel/kvm/sev.c
Bonzini <pbonz...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
hmp.c| 2 ++
qapi-schema.json | 5 -
qmp.c| 1 +
3 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/hmp.c b/hmp.c
index 056bf70cf1e2..6ceb6b30af75 100644
--- a/
memory regions.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
accel/kvm/sev.c| 41 +
accel/kvm/trace-events | 2 ++
2 files changed, 43 insertions(+)
diff --git a/accel/kvm/sev.c b/acc
KVM_SEV_DBG_DECRYPT and KVM_SEV_DBG_ENCRYPT commands are used for
decrypting and encrypting guest memory region. The command works only if
the guest policy allows the debugging.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: k...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si..
by the SEV firmware.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
accel/kvm/kvm-all.c| 15 ++
accel/kvm/sev.c| 124 +
accel/kvm/trace-events | 2 +
include/sysemu/sev.h |
SEV guest migration is not implemented yet.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Reviewed-by: Dr. David Alan Gilbert <dgilb...@redhat.com>
---
accel/kvm/sev.c | 13 +
1 file changed, 13 insertions(+)
diff --git a/accel/kvm/sev.c b/accel/kvm/sev.c
index
firmware.
e.g to launch SEV guest
# $QEMU \
-object sev-guest,id=sev0 \
-machine ,memory-encryption=sev0
Cc: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
accel/kvm/Makefile.objs| 2 +-
accel/kvm/sev.c
e.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Cc: "Michael S. Tsirkin" <m...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
hw/i386/pc.c | 9 +
hw/i386/pc_sysfw.c | 6 ++
2 files changed, 15 insertions(+)
diff --git a/hw/i38
bkost <ehabk...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
target/i386/helper.c | 46 +++
target/i386/monitor.c | 86 ---
2 files changed, 94 insertions(+), 38 deletions(-)
diff --git a/target/i38
The KVM_SEV_LAUNCH_START command creates a new VM encryption key (VEK).
The encryption key created with the command will be used for encrypting
the bootstrap images (such as guest bios).
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: k...@vger.kernel.org
Signed-off-by: Brijesh Singh <b
SEV launch flow requires us to issue LAUNCH_FINISH command before guest
is ready to run.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: k...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
accel/kvm/sev.c| 29 +
accel/kvm/
Create a documentation entry to describe the AMD Secure Encrypted
Virtualization (SEV) feature.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
docs/amd-memory-encryption.txt | 92 ++
1 file
bruster <arm...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
qapi-schema.json | 13 +
1 file changed, 13 insertions(+)
diff --git a/qapi-schema.json b/qapi-schema.json
index 2046c96669bf..e1f5d14e2e3f 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -319
SEV requires that guest bios must be encrypted before booting the guest.
Cc: "Michael S. Tsirkin" <m...@redhat.com>
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: Richard Henderson <r...@twiddle.net>
Cc: Eduardo Habkost <ehabk...@redhat.com>
Signed-off-by: Br
Inorder to integerate the Secure Encryption Virtualization (SEV) support
add few high-level memory encryption APIs which can be used for encrypting
the guest memory region.
Cc: Paolo Bonzini <pbonz...@redhat.com>
Cc: k...@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.si..
201 - 300 of 459 matches
Mail list logo