17 static void encrypt_region(struct kvm_vm *vm, struct userspace_mem_region *region)  in encrypt_region()  argument
21 	const sparsebit_idx_t lowest_page_in_region = gpa_base >> vm->page_shift;  in encrypt_region()
27 	sev_register_encrypted_memory(vm, region);  in encrypt_region()
30 		const uint64_t size = (j - i + 1) * vm->page_size;  in encrypt_region()
31 		const uint64_t offset = (i - lowest_page_in_region) * vm->page_size;  in encrypt_region()
33 		sev_launch_update_data(vm, gpa_base + offset, size);  in encrypt_region()
37 void sev_vm_init(struct kvm_vm *vm)  in sev_vm_init()  argument
39 	if (vm->type == KVM_X86_DEFAULT_VM) {  in sev_vm_init()
40 		assert(vm->arch.sev_fd == -1);  in sev_vm_init()
41 		vm->arch.sev_fd = open_sev_dev_path_or_exit();  in sev_vm_init()
42 		vm_sev_ioctl(vm, KVM_SEV_INIT, NULL);  in sev_vm_init()
45 		assert(vm->type == KVM_X86_SEV_VM);  in sev_vm_init()
46 		vm_sev_ioctl(vm, KVM_SEV_INIT2, &init);  in sev_vm_init()
50 void sev_es_vm_init(struct kvm_vm *vm)  in sev_es_vm_init()  argument
52 	if (vm->type == KVM_X86_DEFAULT_VM) {  in sev_es_vm_init()
53 		assert(vm->arch.sev_fd == -1);  in sev_es_vm_init()
54 		vm->arch.sev_fd = open_sev_dev_path_or_exit();  in sev_es_vm_init()
55 		vm_sev_ioctl(vm, KVM_SEV_ES_INIT, NULL);  in sev_es_vm_init()
58 		assert(vm->type == KVM_X86_SEV_ES_VM);  in sev_es_vm_init()
59 		vm_sev_ioctl(vm, KVM_SEV_INIT2, &init);  in sev_es_vm_init()
63 void sev_vm_launch(struct kvm_vm *vm, uint32_t policy)  in sev_vm_launch()  argument
72 	vm_sev_ioctl(vm, KVM_SEV_LAUNCH_START, &launch_start);  in sev_vm_launch()
73 	vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status);  in sev_vm_launch()
78 	hash_for_each(vm->regions.slot_hash, ctr, region, slot_node)  in sev_vm_launch()
79 		encrypt_region(vm, region);  in sev_vm_launch()
82 		vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL);  in sev_vm_launch()
84 	vm->arch.is_pt_protected = true;  in sev_vm_launch()
87 void sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement)  in sev_vm_launch_measure()  argument
94 	vm_sev_ioctl(vm, KVM_SEV_LAUNCH_MEASURE, &launch_measure);  in sev_vm_launch_measure()
96 	vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &guest_status);  in sev_vm_launch_measure()
100 void sev_vm_launch_finish(struct kvm_vm *vm)  in sev_vm_launch_finish()  argument
104 	vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status);  in sev_vm_launch_finish()
109 	vm_sev_ioctl(vm, KVM_SEV_LAUNCH_FINISH, NULL);  in sev_vm_launch_finish()
111 	vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status);  in sev_vm_launch_finish()
122 	struct kvm_vm *vm;  in vm_sev_create_with_one_vcpu()  local
125 	vm = __vm_create_with_vcpus(shape, 1, 0, guest_code, cpus);  in vm_sev_create_with_one_vcpu()
128 	return vm;  in vm_sev_create_with_one_vcpu()
131 void vm_sev_launch(struct kvm_vm *vm, uint32_t policy, uint8_t *measurement)  in vm_sev_launch()  argument
133 	sev_vm_launch(vm, policy);  in vm_sev_launch()
138 	sev_vm_launch_measure(vm, measurement);  in vm_sev_launch()
140 	sev_vm_launch_finish(vm);  in vm_sev_launch()