From: Brijesh Singh <brijesh.singh@amd.com>
To: Eduardo Habkost <ehabkost@redhat.com>
Cc: brijesh.singh@amd.com, crosthwaite.peter@gmail.com,
armbru@redhat.com, mst@redhat.com, p.fedin@samsung.com,
qemu-devel@nongnu.org, lcapitulino@redhat.com,
pbonzini@redhat.com, rth@twiddle.net, Thomas.Lendacky@amd.com
Subject: Re: [Qemu-devel] [RFC PATCH v4 00/20] x86: Secure Encrypted Virtualization (AMD)
Date: Wed, 8 Mar 2017 15:37:25 -0600 [thread overview]
Message-ID: <849e49ba-67c7-9df6-bb4f-8a59619d9e19@amd.com> (raw)
In-Reply-To: <20170308212715.GQ4694@thinpad.lan.raisama.net>
On 03/08/2017 03:27 PM, Eduardo Habkost wrote:
> On Wed, Mar 08, 2017 at 03:51:07PM -0500, Brijesh Singh wrote:
>> This RFC series provides support for AMD's new Secure Encrypted
>> Virtualization (SEV) feature. This RFC is based KVM RFC [1].
>>
>> SEV is an extension to the AMD-V architecture which supports running
>> multiple VMs under the control of a hypervisor. The SEV feature allows
>> the memory contents of a virtual machine (VM) to be transparently encrypted
>> with a key unique to the guest VM. The memory controller contains a
>> high performance encryption engine which can be programmed with multiple
>> keys for use by a different VMs in the system. The programming and
>> management of these keys is handled by the AMD Secure Processor firmware
>> which exposes a commands for these tasks.
>>
>> The KVM RFC introduced a new ioctl (KVM_MEMORY_ENCRYPTION_OP) which can be
>> used by qemu to issue the SEV commands to assist performing common hypervisor
>> activities such as a launching, running, snapshooting, migration and debugging
>> guests.
>>
>> The following links provide additional details:
>>
>> AMD Memory Encryption whitepaper:
>>
>> http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
>>
>> AMD64 Architecture Programmer's Manual:
>> http://support.amd.com/TechDocs/24593.pdf
>> SME is section 7.10
>> SEV is section 15.34
>
> I am looking for detailed CPUID documentation, and latest version
> of Volume 3 I can find
> (http://support.amd.com/TechDocs/24594.pdf) is from June 2015 and
> doesn't include CPUID Fn8000_001F.
>
> Is there a public updated version of AMD64 Architecture
> Programmer's Manual Volume 3 including SEV CPUID info?
>
Right now the SEV specific CPUID is in AMD64 APM volume 2 [1].
[1] http://support.amd.com/TechDocs/24593.pdf
I will ask around to check when documentation team will update volume 3 to include this CPUID.
~ Brijesh
>>
>> Secure Encrypted Virutualization Key Management:
>> http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf
>>
>> KVM Forum slides:
>> http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf
>>
>> KVM RFC link:
>>
>> [1] http://marc.info/?l=linux-mm&m=148846752931115&w=2
>>
>> Video of the KVM Forum Talk:
>> https://www.youtube.com/watch?v=RcvQ1xN55Ew
>>
> [...]
>
next prev parent reply other threads:[~2017-03-08 21:37 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-08 20:51 [Qemu-devel] [RFC PATCH v4 00/20] x86: Secure Encrypted Virtualization (AMD) Brijesh Singh
2017-03-08 20:51 ` [Qemu-devel] [RFC PATCH v4 01/20] kvm: update kvm.h header file Brijesh Singh
2017-03-08 20:51 ` [Qemu-devel] [RFC PATCH v4 02/20] memattrs: add debug attribute Brijesh Singh
2017-03-23 11:29 ` Stefan Hajnoczi
2017-03-23 18:14 ` Brijesh Singh
2017-03-24 15:36 ` Stefan Hajnoczi
2017-03-24 16:43 ` Brijesh Singh
2017-03-08 20:51 ` [Qemu-devel] [RFC PATCH v4 03/20] exec: add guest RAM read and write ops Brijesh Singh
2017-03-08 20:51 ` [Qemu-devel] [RFC PATCH v4 04/20] exec: add debug version of physical memory read and write api Brijesh Singh
2017-03-08 20:51 ` [Qemu-devel] [RFC PATCH v4 05/20] monitor/i386: use debug apis when accessing guest memory Brijesh Singh
2017-03-08 20:52 ` [Qemu-devel] [RFC PATCH v4 06/20] core: add new security-policy object Brijesh Singh
2017-03-23 11:35 ` Stefan Hajnoczi
2017-03-23 18:59 ` Brijesh Singh
2017-03-24 15:40 ` Stefan Hajnoczi
2017-03-24 19:42 ` Brijesh Singh
2017-03-27 12:04 ` Stefan Hajnoczi
2017-03-27 16:11 ` Brijesh Singh
2017-03-08 20:52 ` [Qemu-devel] [RFC PATCH v4 07/20] kvm: add memory encryption api support Brijesh Singh
2017-03-08 21:06 ` Eduardo Habkost
2017-03-08 20:52 ` [Qemu-devel] [RFC PATCH v4 08/20] sev: add Secure Encrypted Virtulization (SEV) support Brijesh Singh
2017-03-08 20:52 ` [Qemu-devel] [RFC PATCH v4 09/20] hmp: display memory encryption support in 'info kvm' Brijesh Singh
2017-03-08 21:43 ` Eric Blake
2017-03-08 20:52 ` [Qemu-devel] [RFC PATCH v4 10/20] vl: add memory encryption support Brijesh Singh
2017-03-08 20:53 ` [Qemu-devel] [RFC PATCH v4 11/20] sev: add LAUNCH_START command Brijesh Singh
2017-03-08 21:13 ` Eduardo Habkost
2017-03-08 21:39 ` Brijesh Singh
2017-03-08 20:53 ` [Qemu-devel] [RFC PATCH v4 12/20] SEV: add GUEST_STATUS command Brijesh Singh
2017-03-08 20:53 ` [Qemu-devel] [RFC PATCH v4 13/20] sev: add LAUNCH_UPDATE_DATA command Brijesh Singh
2017-03-08 20:53 ` [Qemu-devel] [RFC PATCH v4 14/20] sev: add LAUNCH_FINISH command Brijesh Singh
2017-03-08 20:53 ` [Qemu-devel] [RFC PATCH v4 15/20] sev: add DEBUG_DECRYPT command Brijesh Singh
2017-03-08 20:53 ` [Qemu-devel] [RFC PATCH v4 16/20] sev: add DEBUG_ENCRYPT command Brijesh Singh
2017-03-08 20:54 ` [Qemu-devel] [RFC PATCH v4 17/20] target/i386: encrypt bios rom when memory encryption is enabled Brijesh Singh
2017-03-08 20:54 ` [Qemu-devel] [RFC PATCH v4 18/20] target/i386: add cpuid Fn8000_001f Brijesh Singh
2017-03-08 21:29 ` Eduardo Habkost
2017-03-08 20:54 ` [Qemu-devel] [RFC PATCH v4 19/20] target/i386: clear memory encryption bit when walking SEV guest page table Brijesh Singh
2017-03-08 20:54 ` [Qemu-devel] [RFC PATCH v4 20/20] migration: disable save/restore and migration when SEV is active Brijesh Singh
2017-03-08 21:32 ` Eduardo Habkost
2017-03-08 21:40 ` Brijesh Singh
2017-03-08 21:27 ` [Qemu-devel] [RFC PATCH v4 00/20] x86: Secure Encrypted Virtualization (AMD) Eduardo Habkost
2017-03-08 21:37 ` Brijesh Singh [this message]
2017-03-08 22:29 ` no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=849e49ba-67c7-9df6-bb4f-8a59619d9e19@amd.com \
--to=brijesh.singh@amd.com \
--cc=Thomas.Lendacky@amd.com \
--cc=armbru@redhat.com \
--cc=crosthwaite.peter@gmail.com \
--cc=ehabkost@redhat.com \
--cc=lcapitulino@redhat.com \
--cc=mst@redhat.com \
--cc=p.fedin@samsung.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.