summaryrefslogtreecommitdiffstats
path: root/docs/amd-memory-encryption.txt
Commit message (Collapse)AuthorAgeFilesLines
* i386/sev: introduce 'sev-snp-guest' objectBrijesh Singh2021-10-231-2/+75
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SEV-SNP support relies on a different set of properties/state than the existing 'sev-guest' object. This patch introduces the 'sev-snp-guest' object, which can be used to configure an SEV-SNP guest. For example, a default-configured SEV-SNP guest with no additional information passed in for use with attestation: -object sev-snp-guest,id=sev0 or a fully-specified SEV-SNP guest where all spec-defined binary blobs are passed in as base64-encoded strings: -object sev-snp-guest,id=sev0, \ policy=0x30000, \ init-flags=0, \ id-block=YWFhYWFhYWFhYWFhYWFhCg==, \ id-auth=CxHK/OKLkXGn/KpAC7Wl1FSiisWDbGTEKz..., \ auth-key-enabled=on, \ host-data=LNkCWBRC5CcdGXirbNUV1OrsR28s..., \ guest-visible-workarounds=AA==, \ See the QAPI schema updates included in this patch for more usage details. In some cases these blobs may be up to 4096 characters, but this is generally well below the default limit for linux hosts where command-line sizes are defined by the sysconf-configurable ARG_MAX value, which defaults to 2097152 characters for Ubuntu hosts, for example. Co-developed-by: Michael Roth <michael.roth@amd.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Michael Roth <michael.roth@amd.com>
* docs: Add SEV-ES documentation to amd-memory-encryption.txtTom Lendacky2021-06-171-7/+47
| | | | | | | | | | | | | Update the amd-memory-encryption.txt file with information about SEV-ES, including how to launch an SEV-ES guest and some of the differences between SEV and SEV-ES guests in regards to launching and measuring the guest. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Connor Kuehl <ckuehl@redhat.com> Message-Id: <fa1825a5eb0290eac4712cde75ba4c6829946eac.1619208498.git.thomas.lendacky@amd.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
* doc: Fix some mistakes in the SEV documentationTom Lendacky2021-06-171-30/+29
| | | | | | | | | | | Fix some spelling and grammar mistakes in the amd-memory-encryption.txt file. No new information added. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Connor Kuehl <ckuehl@redhat.com> Message-Id: <a7c5ee6c056d840f46028f4a817c16a9862bdd9e.1619208498.git.thomas.lendacky@amd.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
* confidential guest support: Update documentationDavid Gibson2021-02-081-1/+1
| | | | | | | | | | | | Now that we've implemented a generic machine option for configuring various confidential guest support mechanisms: 1. Update docs/amd-memory-encryption.txt to reference this rather than the earlier SEV specific option 2. Add a docs/confidential-guest-support.txt to cover the generalities of the confidential guest support scheme Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org>
* docs: Fix broken linksHan Han2020-09-011-2/+2
| | | | | | | Signed-off-by: Han Han <hhan@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200807101736.3544506-1-hhan@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
* doc: fix typos for documents in treeLike Xu2019-03-061-1/+1
| | | | | | | Signed-off-by: Like Xu <like.xu@linux.intel.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <1550640446-18788-1-git-send-email-like.xu@linux.intel.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
* target/i386: add Secure Encrypted Virtualization (SEV) objectBrijesh Singh2018-03-131-0/+17
| | | | | | | | | | | | | | | | | | | Add a new memory encryption object 'sev-guest'. The object will be used to create encrypted VMs on AMD EPYC CPU. The object provides the properties to pass guest owner's public Diffie-hellman key, guest policy and session information required to create the memory encryption context within the SEV firmware. e.g to launch SEV guest # $QEMU \ -object sev-guest,id=sev0 \ -machine ....,memory-encryption=sev0 Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* docs: add AMD Secure Encrypted Virtualization (SEV)Brijesh Singh2018-03-131-0/+92
Create a documentation entry to describe the AMD Secure Encrypted Virtualization (SEV) feature. Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
generated by cgit v1.2.3-71-gd317 (git 2.46.0) at 2026-02-09 20:17:56 +0000