The command is used to encrypt a region of guest memory for debug. See docs/amd-memory-encryption.txt for command parameters detail
The command will be used by gdbserver when writing the data into guest memory for debug purposes (e.g setting breakpoint) A typical usage looks like: cpu_memory_rw_debug cpu_physical_memory_rw_debug_internal sev_debug_encrypt Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- sev.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/sev.c b/sev.c index c0f6ae4..8a07c0d 100644 --- a/sev.c +++ b/sev.c @@ -1100,18 +1100,38 @@ sev_debug_decrypt(SEVState *s, uint8_t *dst, const uint8_t *src, uint32_t len) } static int +sev_debug_encrypt(SEVState *s, uint8_t *dst, const uint8_t *src, uint32_t len) +{ + int ret; + struct kvm_sev_dbg_encrypt *dbg; + + dbg = g_malloc0(sizeof(*dbg)); + dbg->src_addr = (unsigned long)src; + dbg->dst_addr = (unsigned long)dst; + dbg->length = len; + + ret = sev_ioctl(KVM_SEV_DBG_ENCRYPT, dbg); + DPRINTF("SEV: debug encrypt src %#lx dst %#lx len %#x\n", + (unsigned long)src, (unsigned long)dst, len); + g_free(dbg); + + return ret; +} + +static int sev_mem_write(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs) { SEVState *s = kvm_memory_encryption_get_handle(); assert(s != NULL); + assert(attrs.debug || s->state != SEV_STATE_RUNNING); if (s->state == SEV_STATE_LAUNCHING) { memcpy(dst, src, len); return sev_launch_update(s, dst, len); } - return 0; + return sev_debug_encrypt(s, dst, src, len); } static int