Lines Matching +full:activate +full:- +full:to +full:- +full:activate
1 .. SPDX-License-Identifier: GPL-2.0
10 SME provides the ability to mark individual pages of memory as encrypted using
12 automatically decrypted when read from DRAM and encrypted when written to
13 DRAM. SME can therefore be used to protect the contents of DRAM from physical
19 memory. Private memory is encrypted with the guest-specific key, while shared
24 below on how to determine its position). The encryption bit can also be
25 specified in the cr3 register, allowing the PGD table to be encrypted. Each
27 bit in the page table entry that points to the next table. This allows the full
28 page table hierarchy to be encrypted. Note, this means that just because the
30 Each page table entry in the hierarchy needs to have the encryption bit set to
33 for a PUD which results in the PUD pointed to by that entry to not be
39 is operating in 64-bit or 32-bit PAE mode, in all other modes the SEV hardware
40 forces the memory encryption bit to 1.
43 CPUID function 0x8000001f reports information related to SME::
49 Bits[5:0] pagetable bit number used to activate memory
56 If support for SME is present, MSR 0xc00100010 (MSR_AMD64_SYSCFG) can be used to
57 determine if SME is enabled and/or to enable memory encryption::
63 If SEV is supported, MSR 0xc0010131 (MSR_AMD64_SEV) can be used to determine if
70 Linux relies on BIOS to set this bit if BIOS has determined that the reduction
78 - Supported:
81 - Enabled:
84 - Active:
86 the encryption bit to page table entries (the SME mask in the
87 kernel is non-zero).
91 not be necessary to activate the Linux memory encryption support. If the BIOS
92 merely enables SME (sets bit 23 of the MSR_AMD64_SYSCFG), then Linux can activate
95 not enable SME, then Linux will not be able to activate memory encryption, even
96 if configured to do so by default or the mem_encrypt=on command line parameter
102 SEV-SNP introduces new features (SEV_FEATURES[1:63]) which can be enabled
104 guest side implementation to function correctly. The below table lists the
108 +-----------------+---------------+---------------+------------------+
114 +-----------------+---------------+---------------+------------------+
117 +-----------------+---------------+---------------+------------------+
120 +-----------------+---------------+---------------+------------------+
123 +-----------------+---------------+---------------+------------------+
126 +-----------------+---------------+---------------+------------------+
129 +-----------------+---------------+---------------+------------------+
133 [1] https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/programmer-references/2459…