diff options
Diffstat (limited to 'meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0022-Documentation-virtual-kvm-Add-AMD-Secure-Encrypted-V.patch')
-rw-r--r-- | meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0022-Documentation-virtual-kvm-Add-AMD-Secure-Encrypted-V.patch | 97 |
1 files changed, 0 insertions, 97 deletions
diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0022-Documentation-virtual-kvm-Add-AMD-Secure-Encrypted-V.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0022-Documentation-virtual-kvm-Add-AMD-Secure-Encrypted-V.patch deleted file mode 100644 index 06faa5fd..00000000 --- a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0022-Documentation-virtual-kvm-Add-AMD-Secure-Encrypted-V.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 76cdc1abc5facd5188ae8e0bab511bd5612b98b2 Mon Sep 17 00:00:00 2001 -From: Brijesh Singh <brijesh.singh@amd.com> -Date: Mon, 4 Dec 2017 10:57:23 -0600 -Subject: [PATCH 22/95] Documentation/virtual/kvm: Add AMD Secure Encrypted - Virtualization (SEV) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Create a Documentation entry to describe the AMD Secure Encrypted -Virtualization (SEV) feature. - -Cc: Thomas Gleixner <tglx@linutronix.de> -Cc: Ingo Molnar <mingo@redhat.com> -Cc: "H. Peter Anvin" <hpa@zytor.com> -Cc: Paolo Bonzini <pbonzini@redhat.com> -Cc: "Radim Krčmář" <rkrcmar@redhat.com> -Cc: Jonathan Corbet <corbet@lwn.net> -Cc: Borislav Petkov <bp@suse.de> -Cc: Tom Lendacky <thomas.lendacky@amd.com> -Cc: kvm@vger.kernel.org -Cc: x86@kernel.org -Cc: linux-kernel@vger.kernel.org -Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> -Reviewed-by: Borislav Petkov <bp@suse.de> -Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com> ---- - Documentation/virtual/kvm/00-INDEX | 3 ++ - .../virtual/kvm/amd-memory-encryption.rst | 45 ++++++++++++++++++++++ - 2 files changed, 48 insertions(+) - create mode 100644 Documentation/virtual/kvm/amd-memory-encryption.rst - -diff --git a/Documentation/virtual/kvm/00-INDEX b/Documentation/virtual/kvm/00-INDEX -index 69fe1a8..3da73aa 100644 ---- a/Documentation/virtual/kvm/00-INDEX -+++ b/Documentation/virtual/kvm/00-INDEX -@@ -26,3 +26,6 @@ s390-diag.txt - - Diagnose hypercall description (for IBM S/390) - timekeeping.txt - - timekeeping virtualization for x86-based architectures. -+amd-memory-encryption.txt -+ - notes on AMD Secure Encrypted Virtualization feature and SEV firmware -+ command description -diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst -new file mode 100644 -index 0000000..a8ef21e ---- /dev/null -+++ b/Documentation/virtual/kvm/amd-memory-encryption.rst -@@ -0,0 +1,45 @@ -+====================================== -+Secure Encrypted Virtualization (SEV) -+====================================== -+ -+Overview -+======== -+ -+Secure Encrypted Virtualization (SEV) is a feature found on AMD processors. -+ -+SEV is an extension to the AMD-V architecture which supports running -+virtual machines (VMs) under the control of a hypervisor. When enabled, -+the memory contents of a VM will be transparently encrypted with a key -+unique to that VM. -+ -+The hypervisor can determine the SEV support through the CPUID -+instruction. The CPUID function 0x8000001f reports information related -+to SEV:: -+ -+ 0x8000001f[eax]: -+ Bit[1] indicates support for SEV -+ ... -+ [ecx]: -+ Bits[31:0] Number of encrypted guests supported simultaneously -+ -+If support for SEV is present, MSR 0xc001_0010 (MSR_K8_SYSCFG) and MSR 0xc001_0015 -+(MSR_K7_HWCR) can be used to determine if it can be enabled:: -+ -+ 0xc001_0010: -+ Bit[23] 1 = memory encryption can be enabled -+ 0 = memory encryption can not be enabled -+ -+ 0xc001_0015: -+ Bit[0] 1 = memory encryption can be enabled -+ 0 = memory encryption can not be enabled -+ -+When SEV support is available, it can be enabled in a specific VM by -+setting the SEV bit before executing VMRUN.:: -+ -+ VMCB[0x90]: -+ Bit[1] 1 = SEV is enabled -+ 0 = SEV is disabled -+ -+SEV hardware uses ASIDs to associate a memory encryption key with a VM. -+Hence, the ASID for the SEV-enabled guests must be from 1 to a maximum value -+defined in the CPUID 0x8000001f[ecx] field. --- -2.7.4 - |