[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC PATCH v4 00/20] x86: Secure Encrypted Virtualizati
From: |
Eduardo Habkost |
Subject: |
Re: [Qemu-devel] [RFC PATCH v4 00/20] x86: Secure Encrypted Virtualization (AMD) |
Date: |
Wed, 8 Mar 2017 18:27:15 -0300 |
User-agent: |
Mutt/1.7.1 (2016-10-04) |
On Wed, Mar 08, 2017 at 03:51:07PM -0500, Brijesh Singh wrote:
> This RFC series provides support for AMD's new Secure Encrypted
> Virtualization (SEV) feature. This RFC is based KVM RFC [1].
>
> SEV is an extension to the AMD-V architecture which supports running
> multiple VMs under the control of a hypervisor. The SEV feature allows
> the memory contents of a virtual machine (VM) to be transparently encrypted
> with a key unique to the guest VM. The memory controller contains a
> high performance encryption engine which can be programmed with multiple
> keys for use by a different VMs in the system. The programming and
> management of these keys is handled by the AMD Secure Processor firmware
> which exposes a commands for these tasks.
>
> The KVM RFC introduced a new ioctl (KVM_MEMORY_ENCRYPTION_OP) which can be
> used by qemu to issue the SEV commands to assist performing common hypervisor
> activities such as a launching, running, snapshooting, migration and debugging
> guests.
>
> The following links provide additional details:
>
> AMD Memory Encryption whitepaper:
>
> http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
>
> AMD64 Architecture Programmer's Manual:
> http://support.amd.com/TechDocs/24593.pdf
> SME is section 7.10
> SEV is section 15.34
I am looking for detailed CPUID documentation, and latest version
of Volume 3 I can find
(http://support.amd.com/TechDocs/24594.pdf) is from June 2015 and
doesn't include CPUID Fn8000_001F.
Is there a public updated version of AMD64 Architecture
Programmer's Manual Volume 3 including SEV CPUID info?
>
> Secure Encrypted Virutualization Key Management:
> http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf
>
> KVM Forum slides:
> http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf
>
> KVM RFC link:
>
> [1] http://marc.info/?l=linux-mm&m=148846752931115&w=2
>
> Video of the KVM Forum Talk:
> https://www.youtube.com/watch?v=RcvQ1xN55Ew
>
[...]
--
Eduardo
- Re: [Qemu-devel] [RFC PATCH v4 11/20] sev: add LAUNCH_START command, (continued)
- [Qemu-devel] [RFC PATCH v4 03/20] exec: add guest RAM read and write ops, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 10/20] vl: add memory encryption support, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 09/20] hmp: display memory encryption support in 'info kvm', Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 12/20] SEV: add GUEST_STATUS command, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 14/20] sev: add LAUNCH_FINISH command, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 18/20] target/i386: add cpuid Fn8000_001f, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 16/20] sev: add DEBUG_ENCRYPT command, Brijesh Singh, 2017/03/08
- Re: [Qemu-devel] [RFC PATCH v4 00/20] x86: Secure Encrypted Virtualization (AMD),
Eduardo Habkost <=
- [Qemu-devel] [RFC PATCH v4 07/20] kvm: add memory encryption api support, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 15/20] sev: add DEBUG_DECRYPT command, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 17/20] target/i386: encrypt bios rom when memory encryption is enabled, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 20/20] migration: disable save/restore and migration when SEV is active, Brijesh Singh, 2017/03/08
- [Qemu-devel] [RFC PATCH v4 19/20] target/i386: clear memory encryption bit when walking SEV guest page table, Brijesh Singh, 2017/03/08
- Re: [Qemu-devel] [RFC PATCH v4 00/20] x86: Secure Encrypted Virtualization (AMD), no-reply, 2017/03/08