diff options
Diffstat (limited to 'meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0022-Documentation-virtual-kvm-Add-AMD-Secure-Encrypted-V.patch')
-rw-r--r-- | meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0022-Documentation-virtual-kvm-Add-AMD-Secure-Encrypted-V.patch | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0022-Documentation-virtual-kvm-Add-AMD-Secure-Encrypted-V.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0022-Documentation-virtual-kvm-Add-AMD-Secure-Encrypted-V.patch new file mode 100644 index 00000000..06faa5fd --- /dev/null +++ b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0022-Documentation-virtual-kvm-Add-AMD-Secure-Encrypted-V.patch @@ -0,0 +1,97 @@ +From 76cdc1abc5facd5188ae8e0bab511bd5612b98b2 Mon Sep 17 00:00:00 2001 +From: Brijesh Singh <brijesh.singh@amd.com> +Date: Mon, 4 Dec 2017 10:57:23 -0600 +Subject: [PATCH 22/95] Documentation/virtual/kvm: Add AMD Secure Encrypted + Virtualization (SEV) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Create a Documentation entry to describe the AMD Secure Encrypted +Virtualization (SEV) feature. + +Cc: Thomas Gleixner <tglx@linutronix.de> +Cc: Ingo Molnar <mingo@redhat.com> +Cc: "H. Peter Anvin" <hpa@zytor.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: "Radim Krčmář" <rkrcmar@redhat.com> +Cc: Jonathan Corbet <corbet@lwn.net> +Cc: Borislav Petkov <bp@suse.de> +Cc: Tom Lendacky <thomas.lendacky@amd.com> +Cc: kvm@vger.kernel.org +Cc: x86@kernel.org +Cc: linux-kernel@vger.kernel.org +Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> +Reviewed-by: Borislav Petkov <bp@suse.de> +Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com> +--- + Documentation/virtual/kvm/00-INDEX | 3 ++ + .../virtual/kvm/amd-memory-encryption.rst | 45 ++++++++++++++++++++++ + 2 files changed, 48 insertions(+) + create mode 100644 Documentation/virtual/kvm/amd-memory-encryption.rst + +diff --git a/Documentation/virtual/kvm/00-INDEX b/Documentation/virtual/kvm/00-INDEX +index 69fe1a8..3da73aa 100644 +--- a/Documentation/virtual/kvm/00-INDEX ++++ b/Documentation/virtual/kvm/00-INDEX +@@ -26,3 +26,6 @@ s390-diag.txt + - Diagnose hypercall description (for IBM S/390) + timekeeping.txt + - timekeeping virtualization for x86-based architectures. ++amd-memory-encryption.txt ++ - notes on AMD Secure Encrypted Virtualization feature and SEV firmware ++ command description +diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst +new file mode 100644 +index 0000000..a8ef21e +--- /dev/null ++++ b/Documentation/virtual/kvm/amd-memory-encryption.rst +@@ -0,0 +1,45 @@ ++====================================== ++Secure Encrypted Virtualization (SEV) ++====================================== ++ ++Overview ++======== ++ ++Secure Encrypted Virtualization (SEV) is a feature found on AMD processors. ++ ++SEV is an extension to the AMD-V architecture which supports running ++virtual machines (VMs) under the control of a hypervisor. When enabled, ++the memory contents of a VM will be transparently encrypted with a key ++unique to that VM. ++ ++The hypervisor can determine the SEV support through the CPUID ++instruction. The CPUID function 0x8000001f reports information related ++to SEV:: ++ ++ 0x8000001f[eax]: ++ Bit[1] indicates support for SEV ++ ... ++ [ecx]: ++ Bits[31:0] Number of encrypted guests supported simultaneously ++ ++If support for SEV is present, MSR 0xc001_0010 (MSR_K8_SYSCFG) and MSR 0xc001_0015 ++(MSR_K7_HWCR) can be used to determine if it can be enabled:: ++ ++ 0xc001_0010: ++ Bit[23] 1 = memory encryption can be enabled ++ 0 = memory encryption can not be enabled ++ ++ 0xc001_0015: ++ Bit[0] 1 = memory encryption can be enabled ++ 0 = memory encryption can not be enabled ++ ++When SEV support is available, it can be enabled in a specific VM by ++setting the SEV bit before executing VMRUN.:: ++ ++ VMCB[0x90]: ++ Bit[1] 1 = SEV is enabled ++ 0 = SEV is disabled ++ ++SEV hardware uses ASIDs to associate a memory encryption key with a VM. ++Hence, the ASID for the SEV-enabled guests must be from 1 to a maximum value ++defined in the CPUID 0x8000001f[ecx] field. +-- +2.7.4 + |