From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933455AbdKAVQn (ORCPT ); Wed, 1 Nov 2017 17:16:43 -0400 Received: from mail-bn3nam01on0043.outbound.protection.outlook.com ([104.47.33.43]:12256 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933175AbdKAVQk (ORCPT ); Wed, 1 Nov 2017 17:16:40 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Jonathan Corbet , Borislav Petkov , Tom Lendacky , x86@kernel.org Subject: [Part2 PATCH v7 01/38] Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV) Date: Wed, 1 Nov 2017 16:15:46 -0500 Message-Id: <20171101211623.71496-2-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171101211623.71496-1-brijesh.singh@amd.com> References: <20171101211623.71496-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM5PR06CA0064.namprd06.prod.outlook.com (2603:10b6:3:37::26) To DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 04fc4b8c-8348-408a-1f68-08d5216dd5da X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(4534020)(4602075)(2017052603199);SRVR:DM2PR12MB0155; X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;3:oAZ8iNeNq3AC3Lc0gGeyHNWKkd1RX13s+r/si7Ypxw+/qWlwp7+1q+cbCVF4D/HT+9RL2wB+JrFBTPS4B+zt7UmKUjU/AtI2sGUVNdF/m0CUsr0EMs40Vq+FJxoQgQoNBBBJlWlWpyko5SmZmh4D5pKZDPp2CrN9XfSjc5o6BLdmQ4w8kjQlkPx8iKivbtrhAuRb3QYncVeVgSiG8eO8Tjft6NkhHhwpDccr3cdQHR/7NZmu1uhztUzdjBgc+LNk;25:6m/dq+cE81GlQqo7Yf2LCgu6cSWEHZxlCL7IQvgNnVnXf+GhMolBTleZzhsScrlzMXkQzuvqFltak1/vZjfBiwenXVv3s35PRAY0bbpasHA1TYQSWzGmzFpce4ZkuD3lrt+XOTcWJcjsFkzF/lYEnfn0ZyjQa0F2j6xyFAF9bmndpQO0d3AIUkDlb53EuvQ+CFRM4EgJRP5KPYyyyTTCbtNjTbHqFieLEatJkcEuxHucF9Q85V7pUpEMdvYMf0MVob70JL+N2/EsWjxFmNPoK/+mk0tcKUa5E2d4/MTZ31GQJt5GP90Xb1qfBlugzSU/uzc7y78iSNOidevroro5Lg==;31:NvmdSt1BdpO/XtiqTNuDRVBBl8TW7/HSkAUI35zLQu34Pr2Snnwa6017c14UxCb3icSsTWwxa6RfcRJdbaVPJG9WcN+xhZZpqWVWHFEQ6bwSk0Cz3n82/Qh9gTVGcvAyFRoOKgWuL1fI3WH34SFV5uSBBfoKGYgaZaypdwJ9LertfYQ7UBDOJQlzbHvaUUVGwD5i00RZzPXpxAc7Gd/eIP/PWtFl0PeOlF+RqK06mdM= X-MS-TrafficTypeDiagnostic: DM2PR12MB0155: X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;20:PxFXT5xlPUFrc/vZwupNr98FZawOfF+B0LEeAPfXUVfZbo94q2yi2p/TuwbIbm/Y9h6NWh7YWaFp2K+/6y47r+I7iAKVrNwVdIqs+YCM/ZlyLH4gS9X3SY/pAKwNwphzkFeF/hY5XNK+0VdNcNJM+FigocDoQd35Y6MBQsqzUUM5cA7mAcesAFuMSZb5eXwX6xKhKF56PhD7laJ1lrhC9HGWUv0Rd8yH5NT7eXgzIFqryuVbHjV6quY+EiGpBlePNUvY0VT4Djk/ZRTN1KLfYZiNU66Sjs0BuddF9960naYnTWjvKDGTOqn8q3mwa5DMaNCQU0pJz7iRPFYeC+krFr/l6o9OYtmZ/XhkF+pRZO6KyzyQkTvEp33tmajfBwJIYn48+dAFifb7/g9DKP6KxlixNFNB1kfHbyIEXSb4g+87bhxIFqq7eRudEpy5bo0WYcMccDSqXysZd3YGLspqSJIaXIfWISrOaymZREihhXGxYtWIZ9SzDJEGpvYmSidv;4:h1udwDcug+8EZHdwBzoNve7YCjJ351pIJJIcqX55KMrt9oqZkMZ1l/nADNd71PJYmLoPjGvDohdV4JpamZrZgFmYru50NshkgPwTLbCzOhsiUd+opR9vJhOn5iDOedhplDUAZvJM0sMKaVm+aogaXwWt1GbjM+/9uwF9gwAol1kVSvx8q+nECRgamogwXt6U0NCZ9yMG0h4AZxk0lDqQi4oVZ6P4wyKNm2l7OjefQrmyLgamzewbnol4llpO+I9d1HcVS9lKbLMRCAmxtYNwty/fZYPNCK8Y9AOrUCdS8M3eaBq4/ohvghvqRm2KQNDB6TUlikP8/yFxeEBLesoemtMOwIM2n/eFEsifDKdgPXtf4G/u6RN4xgneQxneyiJB X-Exchange-Antispam-Report-Test: UriScan:(20558992708506)(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3231020)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123560025)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:DM2PR12MB0155;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:DM2PR12MB0155; X-Forefront-PRVS: 0478C23FE0 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(39860400002)(376002)(346002)(189002)(199003)(1076002)(6116002)(97736004)(66066001)(50466002)(3846002)(25786009)(4326008)(54906003)(316002)(8676002)(47776003)(36756003)(23676003)(50986999)(478600001)(7416002)(81156014)(81166006)(105586002)(53416004)(53936002)(189998001)(106356001)(2906002)(16526018)(2870700001)(76176999)(33646002)(305945005)(7736002)(86362001)(5660300001)(6486002)(101416001)(50226002)(68736007)(8936002)(2950100002)(6666003)(19627235001);DIR:OUT;SFP:1101;SCL:1;SRVR:DM2PR12MB0155;H:wsp141597wss.amd.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjEyTUIwMTU1OzIzOjdUdmx5OFgvdTRxdHJKODJLYmZoaVFhcXp4?= =?utf-8?B?SksvTisxSjFCM0V1Wi9DSWZpY3F0eXFhYjFGcEorS2R2MjJzZlRQMnhQbCtx?= =?utf-8?B?YlB4akJDeHZTeXg2SlgxR2ZFMWNqWjRFTVd6TnZmY202MGhQRlFud1ZDQTFt?= =?utf-8?B?NWRsd1FyOUtOUVBxdzBxbytndTVWbzZIZCtqWHE3UVBKa2NucHpnUlJUSUx0?= =?utf-8?B?NjlJd0JUSGxPeTF5eVBYdEhqb21pME0yV0NxVElHMVh4dktQdklkTTNMSzVT?= =?utf-8?B?TjZTbDBiRUtwek5WbG1mejZtczdpcXp5allHOGJteTdJVnVPdHJqOG5HVnZJ?= =?utf-8?B?WG5iaWoxTlFjanJlMFZPRngweVRMTnJQRFhFMHk3TFErK1Fhb0tDcVp5WVVy?= =?utf-8?B?eWttL2FVQmpOMWdiYWtpNHhOZW9tTjZsb3VFbDJpT25ncWo4YjZEV09CM2JF?= =?utf-8?B?SkFJbWszbFROM080TUxRdFJldjZnd0M3Y1hTRTc4L3JmbDh2VzJTeTB5b0lP?= =?utf-8?B?QXdZMFNieFVyMTBlbnMvOVZEekxUZ0dSdW9ibGgwUjdCNU8vNHpwZW5UcVYw?= =?utf-8?B?SzZLOUdJVWpkdTVrWEpXaGpCeGlDbEY4dEwzUlA1N0NzS0p3TGJLVXFBU2Zw?= =?utf-8?B?VnpqOWhSaU5WQ25DVjhpRXVOa0ZaNXJLZFg3L0puMzlHeGdTc0UzM3hCZG1y?= =?utf-8?B?M1F3bStadm9naDNkaWh2UE1VUGd6eE9oWHdnc3J4aGNzUjJJa2FLUnd5aUQz?= =?utf-8?B?RTZka2J3WjQ5cXJGSk5NalJEQ2tBUUk0QkZYYkZkWnRIb1Q5cWphdENtU09N?= =?utf-8?B?bjVBVlRMZStIQy8rMFo2RGk2T3c0aXloZkNTcmxiUDBEVENFdzRnSlZPWS9P?= =?utf-8?B?bm54OHZpRzJ5VThIOEI3RjhHWStaNUhKaGdodEptZTErQ0xETnN6VlI4MGRu?= =?utf-8?B?bmR6d3BIWGFGaVJURVcySW9hejQ4WUdScUY3YWVneFpManN2YnBsT1JjVDJW?= =?utf-8?B?bzFYMWk2VTVmZTV2clFEb2RPb3hrdWJ4emg5enZBN1p3aCtTQXVIcWZXUG9z?= =?utf-8?B?aWJzOE95T2VFOTBURW9mbVFINm9TMldLVDZTMUZqSHdhR2JwSko4bmVJN2Zi?= =?utf-8?B?bmc5c0hIUG5MQ2lKSkVBcGpJVnJWV0hNcjdRMnlaN2wyUmIyYkFaZTJEcFlX?= =?utf-8?B?b1I0eTdNZlNmbmtySjJwSVpwSWtRVGlqY3d5VFY0bE5tdS8wRm9ESUZJb3Va?= =?utf-8?B?S0lacUNCRUFzN0hSSFlIWThFN0MvR0tjMVZkR3gxOTdOZVltVWxXK25FNWJK?= =?utf-8?B?U0F1YlJjeTVONWVmeFViZlV2bWVEemY2LzNtdzlQaWdxZk4xYlNMbHI0dldh?= =?utf-8?B?ajJkYVJObVVHNHFmVTRRMXd0WFY2b1R5STBtS0hwM09sZXg5ckp6VldIV3hw?= =?utf-8?B?c3ArSlJwN0NGem16VXFhQmpaM1JYUVRZU3d1amJsNERjeFJPQURkcHQzdzhi?= =?utf-8?Q?3cq2EmeKV80Oj+4FbgrfIlvhE=3D?= X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;6:KfbeopIFcHKvgkDt4C0Tq9nFcHd8msAwUUeYUyiy4cfkZZMVZqkKKpgCXn92lVLiPi1EamXi2GL1PtIgROOlWMC8eZGZby8TJoYAYhIh5GQetsnviqGACA9Dml9lxM62eUY7mQXSGU2HcC23da+r81TnyPi+S1e6dgZWJgZipZjkNSaxWUiP2Dcl1JfrKn8ZIpj/dh5Hox6BbcwE7nHZavcHipGc7vPYWLKIW7CFKN2ZRq9RytdMy8XUEu+It9tNd7DIXHAt+drOZQjch2dndKO/9R//aGWnGNr4LRa8X4Y0TQy8VCQcVvBHjhrJ2xyn5Vv2mN5Qp4QOmdf8GGkieqpHgb2uSDH8nGfW6fGJVS4=;5:rMP6GS2aAoFYQ1SUl0BQyFPa/I2k7SNYDfveOeUMwmfFCMV8osW09KC2UM+rSWHQp7Hixmj4MR4oP16SaT/7wYXX3Nq7J/lE0YtVXhfNJDF1pPvhgQ1oOeWN24KawZKqGafvHDLkgtttiESscouyD0iGhtiINgfvyiSACQI104c=;24:1olFAYr7eXcMyI70GxAOf8mm09jRCS9KAfAXRY6Qgs+pVvq5VhBGXjJXXm9SzsSvLStiMKi7bGwquuxwpLiTfRKLVTeIrSUQxoRl/4xbccA=;7:lQmQW/v8lAePN3rj/ve1AFZ9UzUlaPkdmD+FaF3lpfT2UuxkTuFTBQNINmC+r2ON4MpOvtZ8anBvNEZzCpBQ30P0KqfthJ9TCe79Ph8chHRucsrCAj6oKQCqyQNLX6w3Ln8/zx6stsv/PubSmRse0RfGp4w0tVFw+m/itOIsgcbbB796nsQFiRffTrMIV8XZ99/Cl1fkmR5SdGGpZRtAM4+jm53leGyhUHvr7EPoOY/YtHVC1UT4JRhu2e2hv6Lf SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;20:uSwN2zWQ9QgVE/CR7lV+PuKQnh4/Tm8fRK1wUn36Nt4ETOVapHTFHkSOtvzF/UXTVE+1BGxfqW/cYHHSW3SK3ZvHHnWlq/8Pch0/luvtORwJbOreb8JOTz6jAXugn5MuI8Z/9b18QNwyyXKm9KmtyV9JR5LjPYYDRl5tDbVT6LVGWJUN7fOoq8nYnJWr0pTcI1litcMSfhMh6U3RPcpZeMO17h8kKtvHnmqqR3HeZohQAhbqc9hlUhB+XIyAJfc2 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2017 21:16:36.1880 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 04fc4b8c-8348-408a-1f68-08d5216dd5da X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Create a Documentation entry to describe the AMD Secure Encrypted Virtualization (SEV) feature. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Jonathan Corbet Cc: Borislav Petkov Cc: Tom Lendacky Cc: kvm@vger.kernel.org Cc: x86@kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- Documentation/virtual/kvm/00-INDEX | 3 ++ .../virtual/kvm/amd-memory-encryption.rst | 45 ++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 Documentation/virtual/kvm/amd-memory-encryption.rst diff --git a/Documentation/virtual/kvm/00-INDEX b/Documentation/virtual/kvm/00-INDEX index 69fe1a8b7ad1..3da73aabff5a 100644 --- a/Documentation/virtual/kvm/00-INDEX +++ b/Documentation/virtual/kvm/00-INDEX @@ -26,3 +26,6 @@ s390-diag.txt - Diagnose hypercall description (for IBM S/390) timekeeping.txt - timekeeping virtualization for x86-based architectures. +amd-memory-encryption.txt + - notes on AMD Secure Encrypted Virtualization feature and SEV firmware + command description diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst new file mode 100644 index 000000000000..a8ef21e737db --- /dev/null +++ b/Documentation/virtual/kvm/amd-memory-encryption.rst @@ -0,0 +1,45 @@ +====================================== +Secure Encrypted Virtualization (SEV) +====================================== + +Overview +======== + +Secure Encrypted Virtualization (SEV) is a feature found on AMD processors. + +SEV is an extension to the AMD-V architecture which supports running +virtual machines (VMs) under the control of a hypervisor. When enabled, +the memory contents of a VM will be transparently encrypted with a key +unique to that VM. + +The hypervisor can determine the SEV support through the CPUID +instruction. The CPUID function 0x8000001f reports information related +to SEV:: + + 0x8000001f[eax]: + Bit[1] indicates support for SEV + ... + [ecx]: + Bits[31:0] Number of encrypted guests supported simultaneously + +If support for SEV is present, MSR 0xc001_0010 (MSR_K8_SYSCFG) and MSR 0xc001_0015 +(MSR_K7_HWCR) can be used to determine if it can be enabled:: + + 0xc001_0010: + Bit[23] 1 = memory encryption can be enabled + 0 = memory encryption can not be enabled + + 0xc001_0015: + Bit[0] 1 = memory encryption can be enabled + 0 = memory encryption can not be enabled + +When SEV support is available, it can be enabled in a specific VM by +setting the SEV bit before executing VMRUN.:: + + VMCB[0x90]: + Bit[1] 1 = SEV is enabled + 0 = SEV is disabled + +SEV hardware uses ASIDs to associate a memory encryption key with a VM. +Hence, the ASID for the SEV-enabled guests must be from 1 to a maximum value +defined in the CPUID 0x8000001f[ecx] field. -- 2.9.5