| /linux/Documentation/virt/coco/ |
| H A D | sev-guest.rst | 4 The Definitive SEV Guest API Documentation
10 The SEV API is a set of ioctls that are used by the guest or hypervisor
11 to get or set a certain aspect of the SEV virtual machine. The ioctls belong
15 whole SEV firmware. These ioctl are used by platform provisioning tools.
17 - Guest ioctls: These query and set attributes of the SEV virtual machine.
22 This section describes ioctls that is used for querying the SEV guest report
23 from the SEV firmware. For each ioctl, the following information is provided
27 which SEV technology provides this ioctl. SEV, SEV-ES, SEV-SNP or all.
96 SEV-SNP firmware. The ioctl uses the SNP_GUEST_REQUEST (MSG_REPORT_REQ) command
97 provided by the SEV-SNP firmware to query the attestation report.
[all …]
|
| /linux/Documentation/translations/zh_CN/security/secrets/ |
| H A D | coco.rst | 20 机密计算硬件(如AMD SEV,Secure Encrypted Virtualization)允许虚拟机
22 钥。在SEV中,密钥注入需在虚拟机启动流程的早期阶段(客户机开始运行前)
36 虚拟机启动过程中,虚拟机管理器可向该区域注入密钥。在AMD SEV和SEV-ES中,此
91 请参见 [sev-api-spec_CN]_ 以获取有关SEV ``LAUNCH_SECRET`` 操作的更多信息。
|
| /linux/Documentation/security/secrets/ |
| H A D | coco.rst | 15 Confidential Computing (coco) hardware such as AMD SEV (Secure Encrypted
17 memory without the host/hypervisor being able to read them. In SEV,
36 area. In AMD SEV and SEV-ES this is performed using the
99 See [sev-api-spec]_ for more info regarding SEV ``LAUNCH_SECRET`` operation.
|
| /linux/arch/arm/include/asm/ |
| H A D | spinlock.h | 39 #define SEV __ALT_SMP_ASM(WASM(sev), WASM(nop)) macro
45 __asm__(SEV); in dsb_sev()
|
| /linux/Documentation/virt/hyperv/ |
| H A D | coco.rst | 25 * AMD processor with SEV-SNP. Hyper-V does not run guest VMs with AMD SME,
26 SEV, or SEV-ES encryption, and such encryption is not sufficient for a CoCo
79 * With AMD SEV-SNP processors, in fully-enlightened mode the guest OS runs in
85 as defined by the SEV-SNP architecture. This mode simplifies guest management
93 MSR indicates if the underlying processor uses AMD SEV-SNP or Intel TDX, and
108 AMD SEV-SNP in fully-enlightened mode.
116 * CPUID flags. Both AMD SEV-SNP and Intel TDX provide a CPUID flag in the
122 abstracting the differences between SEV-SNP and TDX. But the
125 flags are not set. The exception is early boot memory setup on SEV-SNP, which
126 tests the CPUID SEV-SNP flag. But not having the flag in Hyper-V paravisor
[all …]
|
| /linux/Documentation/ABI/testing/ |
| H A D | securityfs-secrets-coco | 9 platforms (such as AMD SEV and SEV-ES) for secret injection by
|
| H A D | sysfs-devices-system-cpu | 677 Description: Secure Encrypted Virtualization (SEV) information
679 This directory is only present when running as an SEV-SNP guest.
682 the SEV-SNP guest is running.
|
| /linux/arch/x86/kvm/ |
| H A D | Kconfig | 157 bool "AMD Secure Encrypted Virtualization (SEV) support"
168 Encrypted Virtualization (SEV), Secure Encrypted Virtualization with
169 Encrypted State (SEV-ES), and Secure Encrypted Virtualization with
170 Secure Nested Paging (SEV-SNP) technologies on AMD processors.
|
| H A D | cpuid.c | 1223 VENDOR_F(SEV), in kvm_initialize_cpu_caps()
|
| /linux/drivers/virt/coco/efi_secret/ |
| H A D | Kconfig | 10 confidential computing secret injection (for example for AMD SEV
|
| /linux/arch/riscv/boot/dts/microchip/ |
| H A D | mpfs-sev-kit.dts | 12 model = "Microchip PolarFire-SoC SEV Kit";
|
| /linux/drivers/crypto/ccp/ |
| H A D | Kconfig | 46 management commands in Secure Encrypted Virtualization (SEV) mode,
|
| /linux/tools/arch/x86/kcpuid/ |
| H A D | cpuid.csv | 955 # AMD encrypted memory capabilities enumeration (SME/SEV)
960 0x8000001f, 0, eax, 3, sev_es , SEV Encrypted State supported
961 0x8000001f, 0, eax, 4, sev_nested_paging , SEV secure nested paging supported
968 0x8000001f, 0, eax, 11, req_64bit_hypervisor , SEV guest mandates 64-bit hypervisor
971 0x8000001f, 0, eax, 14, debug_swap , SEV-ES: full debug state swap is supported
972 0x8000001f, 0, eax, 15, disallow_host_ibs , SEV-ES: Disallowing IBS use by the host is supported
976 0x8000001f, 0, eax, 19, virt_ibs , IBS state virtualization is supported for SEV-ES guests
985 0x8000001f, 0, edx, 31:0, min_sev_asid_no_sev_es , Minimum ASID for SEV-enabled SEV-ES-disabled guest
|
| /linux/drivers/char/tpm/ |
| H A D | Kconfig | 251 This is a driver for the AMD SVSM vTPM protocol that a SEV-SNP guest
|
| /linux/drivers/firmware/efi/ |
| H A D | Kconfig | 254 Confidential Computing platforms (such as AMD SEV) allow the
|
| /linux/Documentation/admin-guide/ |
| H A D | kernel-parameters.txt | 1077 like Hyper-V, PowerPC (fadump) and AMD SEV-SNP.
3212 If ciphertext hiding is enabled, the joint SEV-ES and
3213 SEV-SNP ASID space is partitioned into separate SEV-ES
3214 and SEV-SNP ASID ranges, with the SEV-SNP range being
3215 [1..max_snp_asid] and the SEV-ES range being
3219 A non-zero value enables SEV-SNP ciphertext hiding and
3220 adjusts the ASID ranges for SEV-ES and SEV-SNP guests.
3221 KVM caps the number of SEV-SNP ASIDs at the maximum
3223 joint SEV-ES and SEV-SNP ASIDs to SEV-SNP. Note,
3224 assigning all joint ASIDs to SEV-SNP, i.e. configuring
[all …]
|
| /linux/arch/x86/include/asm/ |
| H A D | kvm_host.h | 1371 __APICV_INHIBIT_REASON(SEV), \
|
| /linux/Documentation/virt/kvm/ |
| H A D | api.rst | 4824 (SEV) commands on AMD Processors and Trusted Domain Extensions (TDX) commands
4841 It is used in the SEV-enabled guest. When encryption is enabled, a guest
4842 memory region may contain encrypted data. The SEV memory encryption
4846 swapped. So relocating (or migrating) physical backing pages for the SEV
4849 Note: The current SEV key management spec does not provide commands to
6954 - KVM_SYSTEM_EVENT_SEV_TERM -- an AMD SEV guest requested termination.
7426 KVM_EXIT_SNP_REQ_CERTS indicates an SEV-SNP guest with certificate-fetching
8326 :Architectures: x86 SEV enabled
8408 :Architectures: x86 SEV enabled
|
| /linux/ |
| H A D | MAINTAINERS | 1064 AMD CRYPTOGRAPHIC COPROCESSOR (CCP) DRIVER - SEV SUPPORT
|