qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [RFC PATCH 0/6] Add AMD Secure Nested Paging (SEV-SNP) support
@ 2021-07-09 21:55 Brijesh Singh
  2021-07-09 21:55 ` [RFC PATCH 1/6] linux-header: add the SNP specific command Brijesh Singh
                   ` (7 more replies)
  0 siblings, 8 replies; 45+ messages in thread
From: Brijesh Singh @ 2021-07-09 21:55 UTC (permalink / raw)
  To: qemu-devel
  Cc: Connor Kuehl, Philippe Mathieu-Daudé,
	Michael S . Tsirkin, James Bottomley, Dr . David Alan Gilbert,
	Tom Lendacky, Paolo Bonzini, Dov Murik, David Gibson,
	Daniel P. Berrangé,
	kvm, Michael Roth, Eduardo Habkost, Brijesh Singh

SEV-SNP builds upon existing SEV and SEV-ES functionality while adding
new hardware-based memory protections. SEV-SNP adds strong memory integrity
protection to help prevent malicious hypervisor-based attacks like data
replay, memory re-mapping and more in order to create an isolated memory
encryption environment.

The patches to support the SEV-SNP in Linux kernel and OVMF are available:
https://lore.kernel.org/kvm/20210707181506.30489-1-brijesh.singh@amd.com/
https://lore.kernel.org/kvm/20210707183616.5620-1-brijesh.singh@amd.com/
https://edk2.groups.io/g/devel/message/77335?p=,,,20,0,0,0::Created,,posterid%3A5969970,20,2,20,83891508

The Qemu patches uses the command id added by the SEV-SNP hypervisor
patches to bootstrap the SEV-SNP VMs.

TODO:
 * Add support to filter CPUID values through the PSP.

Additional resources
---------------------
SEV-SNP whitepaper
https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf

APM 2: https://www.amd.com/system/files/TechDocs/24593.pdf (section 15.36)

GHCB spec:
https://developer.amd.com/wp-content/resources/56421.pdf

SEV-SNP firmware specification:
https://www.amd.com/system/files/TechDocs/56860.pdf

Brijesh Singh (6):
  linux-header: add the SNP specific command
  i386/sev: extend sev-guest property to include SEV-SNP
  i386/sev: initialize SNP context
  i386/sev: add the SNP launch start context
  i386/sev: add support to encrypt BIOS when SEV-SNP is enabled
  i386/sev: populate secrets and cpuid page and finalize the SNP launch

 docs/amd-memory-encryption.txt |  81 +++++-
 linux-headers/linux/kvm.h      |  47 ++++
 qapi/qom.json                  |   6 +
 target/i386/sev.c              | 498 ++++++++++++++++++++++++++++++++-
 target/i386/sev_i386.h         |   1 +
 target/i386/trace-events       |   4 +
 6 files changed, 628 insertions(+), 9 deletions(-)

-- 
2.17.1



^ permalink raw reply	[flat|nested] 45+ messages in thread

end of thread, other threads:[~2021-07-22  0:13 UTC | newest]

Thread overview: 45+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-09 21:55 [RFC PATCH 0/6] Add AMD Secure Nested Paging (SEV-SNP) support Brijesh Singh
2021-07-09 21:55 ` [RFC PATCH 1/6] linux-header: add the SNP specific command Brijesh Singh
2021-07-10 20:32   ` Michael S. Tsirkin
2021-07-12 15:48     ` Brijesh Singh
2021-07-19 11:35   ` Dov Murik
2021-07-19 14:40     ` Brijesh Singh
2021-07-09 21:55 ` [RFC PATCH 2/6] i386/sev: extend sev-guest property to include SEV-SNP Brijesh Singh
2021-07-12  6:09   ` Dov Murik
2021-07-12 14:34   ` Dr. David Alan Gilbert
2021-07-12 15:59     ` Brijesh Singh
2021-07-12 16:16       ` Dr. David Alan Gilbert
2021-07-12 14:43   ` Daniel P. Berrangé
2021-07-12 15:56     ` Brijesh Singh
2021-07-12 16:24       ` Daniel P. Berrangé
2021-07-13 13:54         ` Brijesh Singh
2021-07-13 13:46   ` Markus Armbruster
2021-07-14 14:18     ` Brijesh Singh
2021-07-20 19:42     ` Michael Roth
2021-07-20 21:54       ` Daniel P. Berrangé
2021-07-21 13:08         ` Markus Armbruster
2021-07-22  0:02           ` Michael Roth via
2021-07-13 18:21   ` Eric Blake
2021-07-09 21:55 ` [RFC PATCH 3/6] i386/sev: initialize SNP context Brijesh Singh
2021-07-15  9:32   ` Dov Murik
2021-07-15 13:24     ` Brijesh Singh
2021-07-09 21:55 ` [RFC PATCH 4/6] i386/sev: add the SNP launch start context Brijesh Singh
2021-07-19 12:34   ` Dov Murik
2021-07-19 15:27     ` Brijesh Singh
2021-07-09 21:55 ` [RFC PATCH 5/6] i386/sev: add support to encrypt BIOS when SEV-SNP is enabled Brijesh Singh
2021-07-14 17:08   ` Connor Kuehl
2021-07-14 18:52     ` Brijesh Singh
2021-07-15  5:54       ` Dov Murik
2021-07-19 13:00   ` Dov Murik
2021-07-09 21:55 ` [RFC PATCH 6/6] i386/sev: populate secrets and cpuid page and finalize the SNP launch Brijesh Singh
2021-07-14 17:29   ` Dr. David Alan Gilbert
2021-07-14 18:53     ` Brijesh Singh
2021-07-19 11:24   ` Dov Murik
2021-07-19 14:45     ` Brijesh Singh
2021-07-12 17:00 ` [RFC PATCH 0/6] Add AMD Secure Nested Paging (SEV-SNP) support Tom Lendacky
2021-07-13  8:05 ` Dov Murik
2021-07-13  8:31   ` Dr. David Alan Gilbert
2021-07-13 13:57     ` Brijesh Singh
2021-07-13 14:01   ` Brijesh Singh
2021-07-14  9:52     ` Dr. David Alan Gilbert
2021-07-14 14:23       ` Brijesh Singh

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).