| /linux/Documentation/virt/coco/ |
| H A D | sev-guest.rst | 4 The Definitive SEV Guest API Documentation
10 The SEV API is a set of ioctls that are used by the guest or hypervisor
11 to get or set a certain aspect of the SEV virtual machine. The ioctls belong
15 whole SEV firmware. These ioctl are used by platform provisioning tools.
17 - Guest ioctls: These query and set attributes of the SEV virtual machine.
22 This section describes ioctls that is used for querying the SEV guest report
23 from the SEV firmware. For each ioctl, the following information is provided
27 which SEV technology provides this ioctl. SEV, SEV-ES, SEV-SNP or all.
96 SEV-SNP firmware. The ioctl uses the SNP_GUEST_REQUEST (MSG_REPORT_REQ) command
97 provided by the SEV-SNP firmware to query the attestation report.
[all …]
|
| /linux/Documentation/virt/kvm/x86/ |
| H A D | amd-memory-encryption.rst | 4 Secure Encrypted Virtualization (SEV)
10 Secure Encrypted Virtualization (SEV) is a feature found on AMD processors.
12 SEV is an extension to the AMD-V architecture which supports running
17 The hypervisor can determine the SEV support through the CPUID
19 to SEV::
22 Bit[1] indicates support for SEV
27 If support for SEV is present, MSR 0xc001_0010 (MSR_AMD64_SYSCFG) and MSR 0xc001_0015
38 When SEV support is available, it can be enabled in a specific VM by
39 setting the SEV bit before executing VMRUN.::
42 Bit[1] 1 = SEV is enabled
[all …]
|
| /linux/Documentation/translations/zh_CN/security/secrets/ |
| H A D | coco.rst | 20 机密计算硬件(如AMD SEV,Secure Encrypted Virtualization)允许虚拟机
22 钥。在SEV中,密钥注入需在虚拟机启动流程的早期阶段(客户机开始运行前)
36 虚拟机启动过程中,虚拟机管理器可向该区域注入密钥。在AMD SEV和SEV-ES中,此
91 请参见 [sev-api-spec_CN]_ 以获取有关SEV ``LAUNCH_SECRET`` 操作的更多信息。
|
| /linux/Documentation/ABI/testing/ |
| H A D | configfs-tsm-report | 30 "cert_table" from SEV-ES Guest-Hypervisor Communication Block
55 [1]: SEV Secure Nested Paging Firmware ABI Specification
83 different privilege levels, like SEV-SNP "VMPL", specify the
103 provider for TVMs, like SEV-SNP running under an SVSM.
109 for SEV-SNP Guests v1.00 Section 7. For the doc, search for
110 "site:amd.com "Secure VM Service Module for SEV-SNP
120 provider for TVMs, like SEV-SNP running under an SVSM.
138 provider for TVMs, like SEV-SNP running under an SVSM.
|
| H A D | securityfs-secrets-coco | 9 platforms (such as AMD SEV and SEV-ES) for secret injection by
|
| H A D | sysfs-devices-system-cpu | 677 Description: Secure Encrypted Virtualization (SEV) information
679 This directory is only present when running as an SEV-SNP guest.
682 the SEV-SNP guest is running.
|
| /linux/Documentation/security/secrets/ |
| H A D | coco.rst | 15 Confidential Computing (coco) hardware such as AMD SEV (Secure Encrypted
17 memory without the host/hypervisor being able to read them. In SEV,
36 area. In AMD SEV and SEV-ES this is performed using the
99 See [sev-api-spec]_ for more info regarding SEV ``LAUNCH_SECRET`` operation.
|
| /linux/arch/arm/include/asm/ |
| H A D | spinlock.h | 39 #define SEV __ALT_SMP_ASM(WASM(sev), WASM(nop)) macro
45 __asm__(SEV); in dsb_sev()
|
| /linux/Documentation/virt/hyperv/ |
| H A D | coco.rst | 25 * AMD processor with SEV-SNP. Hyper-V does not run guest VMs with AMD SME,
26 SEV, or SEV-ES encryption, and such encryption is not sufficient for a CoCo
79 * With AMD SEV-SNP processors, in fully-enlightened mode the guest OS runs in
85 as defined by the SEV-SNP architecture. This mode simplifies guest management
93 MSR indicates if the underlying processor uses AMD SEV-SNP or Intel TDX, and
108 AMD SEV-SNP in fully-enlightened mode.
116 * CPUID flags. Both AMD SEV-SNP and Intel TDX provide a CPUID flag in the
122 abstracting the differences between SEV-SNP and TDX. But the
125 flags are not set. The exception is early boot memory setup on SEV-SNP, which
126 tests the CPUID SEV-SNP flag. But not having the flag in Hyper-V paravisor
[all …]
|
| /linux/arch/x86/kvm/ |
| H A D | Kconfig | 157 bool "AMD Secure Encrypted Virtualization (SEV) support"
168 Encrypted Virtualization (SEV), Secure Encrypted Virtualization with
169 Encrypted State (SEV-ES), and Secure Encrypted Virtualization with
170 Secure Nested Paging (SEV-SNP) technologies on AMD processors.
|
| H A D | cpuid.c | 1195 VENDOR_F(SEV), in kvm_set_cpu_caps()
|
| /linux/drivers/virt/coco/efi_secret/ |
| H A D | Kconfig | 10 confidential computing secret injection (for example for AMD SEV
|
| /linux/arch/riscv/boot/dts/microchip/ |
| H A D | mpfs-sev-kit.dts | 12 model = "Microchip PolarFire-SoC SEV Kit";
|
| /linux/drivers/crypto/ccp/ |
| H A D | Kconfig | 46 management commands in Secure Encrypted Virtualization (SEV) mode,
|
| /linux/tools/arch/x86/kcpuid/ |
| H A D | cpuid.csv | 955 # AMD encrypted memory capabilities enumeration (SME/SEV)
960 0x8000001f, 0, eax, 3, sev_es , SEV Encrypted State supported
961 0x8000001f, 0, eax, 4, sev_nested_paging , SEV secure nested paging supported
968 0x8000001f, 0, eax, 11, req_64bit_hypervisor , SEV guest mandates 64-bit hypervisor
971 0x8000001f, 0, eax, 14, debug_swap , SEV-ES: full debug state swap is supported
972 0x8000001f, 0, eax, 15, disallow_host_ibs , SEV-ES: Disallowing IBS use by the host is supported
976 0x8000001f, 0, eax, 19, virt_ibs , IBS state virtualization is supported for SEV-ES guests
985 0x8000001f, 0, edx, 31:0, min_sev_asid_no_sev_es , Minimum ASID for SEV-enabled SEV-ES-disabled guest
|
| /linux/drivers/char/tpm/ |
| H A D | Kconfig | 251 This is a driver for the AMD SVSM vTPM protocol that a SEV-SNP guest
|
| /linux/drivers/firmware/efi/ |
| H A D | Kconfig | 254 Confidential Computing platforms (such as AMD SEV) allow the
|
| /linux/Documentation/admin-guide/ |
| H A D | kernel-parameters.txt | 1074 like Hyper-V, PowerPC (fadump) and AMD SEV-SNP.
3141 If ciphertext hiding is enabled, the joint SEV-ES and
3142 SEV-SNP ASID space is partitioned into separate SEV-ES
3143 and SEV-SNP ASID ranges, with the SEV-SNP range being
3144 [1..max_snp_asid] and the SEV-ES range being
3148 A non-zero value enables SEV-SNP ciphertext hiding and
3149 adjusts the ASID ranges for SEV-ES and SEV-SNP guests.
3150 KVM caps the number of SEV-SNP ASIDs at the maximum
3152 joint SEV-ES and SEV-SNP ASIDs to SEV-SNP. Note,
3153 assigning all joint ASIDs to SEV-SNP, i.e. configuring
[all …]
|
| /linux/arch/x86/include/asm/ |
| H A D | kvm_host.h | 1351 __APICV_INHIBIT_REASON(SEV), \
|
| /linux/Documentation/virt/kvm/ |
| H A D | api.rst | 4825 (SEV) commands on AMD Processors and Trusted Domain Extensions (TDX) commands
4842 It is used in the SEV-enabled guest. When encryption is enabled, a guest
4843 memory region may contain encrypted data. The SEV memory encryption
4847 swapped. So relocating (or migrating) physical backing pages for the SEV
4850 Note: The current SEV key management spec does not provide commands to
6921 - KVM_SYSTEM_EVENT_SEV_TERM -- an AMD SEV guest requested termination.
8197 :Architectures: x86 SEV enabled
8279 :Architectures: x86 SEV enabled
|
| /linux/arch/x86/ |
| H A D | Kconfig | 495 APIC accesses and support for managing guest owned APIC state for SEV-SNP
|
| /linux/ |
| H A D | MAINTAINERS | 1057 AMD CRYPTOGRAPHIC COPROCESSOR (CCP) DRIVER - SEV SUPPORT
|