1 files changed, 97 insertions, 0 deletions

diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0022-Documentation-virtual-kvm-Add-AMD-Secure-Encrypted-V.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0022-Documentation-virtual-kvm-Add-AMD-Secure-Encrypted-V.patch
new file mode 100644
index 00000000..06faa5fd
--- /dev/null
+++ b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0022-Documentation-virtual-kvm-Add-AMD-Secure-Encrypted-V.patch
@@ -0,0 +1,97 @@
+From 76cdc1abc5facd5188ae8e0bab511bd5612b98b2 Mon Sep 17 00:00:00 2001
+From: Brijesh Singh <brijesh.singh@amd.com>
+Date: Mon, 4 Dec 2017 10:57:23 -0600
+Subject: [PATCH 22/95] Documentation/virtual/kvm: Add AMD Secure Encrypted
+ Virtualization (SEV)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Create a Documentation entry to describe the AMD Secure Encrypted
+Virtualization (SEV) feature.
+
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: "Radim Krčmář" <rkrcmar@redhat.com>
+Cc: Jonathan Corbet <corbet@lwn.net>
+Cc: Borislav Petkov <bp@suse.de>
+Cc: Tom Lendacky <thomas.lendacky@amd.com>
+Cc: kvm@vger.kernel.org
+Cc: x86@kernel.org
+Cc: linux-kernel@vger.kernel.org
+Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
+Reviewed-by: Borislav Petkov <bp@suse.de>
+Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com>
+---
+ Documentation/virtual/kvm/00-INDEX                 |  3 ++
+ .../virtual/kvm/amd-memory-encryption.rst          | 45 ++++++++++++++++++++++
+ 2 files changed, 48 insertions(+)
+ create mode 100644 Documentation/virtual/kvm/amd-memory-encryption.rst
+
+diff --git a/Documentation/virtual/kvm/00-INDEX b/Documentation/virtual/kvm/00-INDEX
+index 69fe1a8..3da73aa 100644
+--- a/Documentation/virtual/kvm/00-INDEX
++++ b/Documentation/virtual/kvm/00-INDEX
+@@ -26,3 +26,6 @@ s390-diag.txt
+ 	- Diagnose hypercall description (for IBM S/390)
+ timekeeping.txt
+ 	- timekeeping virtualization for x86-based architectures.
++amd-memory-encryption.txt
++	- notes on AMD Secure Encrypted Virtualization feature and SEV firmware
++	  command description
+diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst
+new file mode 100644
+index 0000000..a8ef21e
+--- /dev/null
++++ b/Documentation/virtual/kvm/amd-memory-encryption.rst
+@@ -0,0 +1,45 @@
++======================================
++Secure Encrypted Virtualization (SEV)
++======================================
++
++Overview
++========
++
++Secure Encrypted Virtualization (SEV) is a feature found on AMD processors.
++
++SEV is an extension to the AMD-V architecture which supports running
++virtual machines (VMs) under the control of a hypervisor. When enabled,
++the memory contents of a VM will be transparently encrypted with a key
++unique to that VM.
++
++The hypervisor can determine the SEV support through the CPUID
++instruction. The CPUID function 0x8000001f reports information related
++to SEV::
++
++	0x8000001f[eax]:
++			Bit[1] 	indicates support for SEV
++	    ...
++		  [ecx]:
++			Bits[31:0]  Number of encrypted guests supported simultaneously
++
++If support for SEV is present, MSR 0xc001_0010 (MSR_K8_SYSCFG) and MSR 0xc001_0015
++(MSR_K7_HWCR) can be used to determine if it can be enabled::
++
++	0xc001_0010:
++		Bit[23]	   1 = memory encryption can be enabled
++			   0 = memory encryption can not be enabled
++
++	0xc001_0015:
++		Bit[0]	   1 = memory encryption can be enabled
++			   0 = memory encryption can not be enabled
++
++When SEV support is available, it can be enabled in a specific VM by
++setting the SEV bit before executing VMRUN.::
++
++	VMCB[0x90]:
++		Bit[1]	    1 = SEV is enabled
++			    0 = SEV is disabled
++
++SEV hardware uses ASIDs to associate a memory encryption key with a VM.
++Hence, the ASID for the SEV-enabled guests must be from 1 to a maximum value
++defined in the CPUID 0x8000001f[ecx] field.
+-- 
+2.7.4
+