Home
last modified time | relevance | path

Searched refs:SEV (Results 1 – 25 of 25) sorted by relevance

/linux/Documentation/virt/coco/
H A Dsev-guest.rst4 The Definitive SEV Guest API Documentation
10 The SEV API is a set of ioctls that are used by the guest or hypervisor
11 to get or set a certain aspect of the SEV virtual machine. The ioctls belong
15 whole SEV firmware. These ioctl are used by platform provisioning tools.
17 - Guest ioctls: These query and set attributes of the SEV virtual machine.
22 This section describes ioctls that is used for querying the SEV guest report
23 from the SEV firmware. For each ioctl, the following information is provided
27 which SEV technology provides this ioctl. SEV, SEV-ES, SEV-SNP or all.
96 SEV-SNP firmware. The ioctl uses the SNP_GUEST_REQUEST (MSG_REPORT_REQ) command
97 provided by the SEV-SNP firmware to query the attestation report.
[all …]
/linux/Documentation/virt/kvm/x86/
H A Damd-memory-encryption.rst4 Secure Encrypted Virtualization (SEV)
10 Secure Encrypted Virtualization (SEV) is a feature found on AMD processors.
12 SEV is an extension to the AMD-V architecture which supports running
17 The hypervisor can determine the SEV support through the CPUID
19 to SEV::
22 Bit[1] indicates support for SEV
27 If support for SEV is present, MSR 0xc001_0010 (MSR_AMD64_SYSCFG) and MSR 0xc001_0015
38 When SEV support is available, it can be enabled in a specific VM by
39 setting the SEV bit before executing VMRUN.::
42 Bit[1] 1 = SEV is enabled
[all …]
/linux/Documentation/translations/zh_CN/security/secrets/
H A Dcoco.rst20 机密计算硬件(如AMD SEV,Secure Encrypted Virtualization)允许虚拟机
22 钥。在SEV中,密钥注入需在虚拟机启动流程的早期阶段(客户机开始运行前)
36 虚拟机启动过程中,虚拟机管理器可向该区域注入密钥。在AMD SEVSEV-ES中,此
91 请参见 [sev-api-spec_CN]_ 以获取有关SEV ``LAUNCH_SECRET`` 操作的更多信息。
/linux/Documentation/arch/x86/
H A Damd-memory-encryption.rst7 Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) are
16 SEV enables running encrypted virtual machines (VMs) in which the code and data
18 within the VM itself. SEV guest VMs have the concept of private and shared
36 When SEV is enabled, instruction pages and guest page tables are always treated
39 is operating in 64-bit or 32-bit PAE mode, in all other modes the SEV hardware
42 Support for SME and SEV can be determined through the CPUID instruction. The
47 Bit[1] indicates support for SEV
63 If SEV is supported, MSR 0xc0010131 (MSR_AMD64_SEV) can be used to determine if
64 SEV is active::
102 SEV-SNP introduces new features (SEV_FEATURES[1:63]) which can be enabled
[all …]
/linux/Documentation/ABI/testing/
H A Dconfigfs-tsm-report36 "cert_table" from SEV-ES Guest-Hypervisor Communication Block
67 [1]: SEV Secure Nested Paging Firmware ABI Specification
99 different privilege levels, like SEV-SNP "VMPL", specify the
119 provider for TVMs, like SEV-SNP running under an SVSM.
125 for SEV-SNP Guests v1.00 Section 7. For the doc, search for
126 "site:amd.com "Secure VM Service Module for SEV-SNP
136 provider for TVMs, like SEV-SNP running under an SVSM.
154 provider for TVMs, like SEV-SNP running under an SVSM.
H A Dsecurityfs-secrets-coco9 platforms (such as AMD SEV and SEV-ES) for secret injection by
H A Dsysfs-devices-system-cpu677 Description: Secure Encrypted Virtualization (SEV) information
679 This directory is only present when running as an SEV-SNP guest.
682 the SEV-SNP guest is running.
/linux/Documentation/security/secrets/
H A Dcoco.rst15 Confidential Computing (coco) hardware such as AMD SEV (Secure Encrypted
17 memory without the host/hypervisor being able to read them. In SEV,
36 area. In AMD SEV and SEV-ES this is performed using the
99 See [sev-api-spec]_ for more info regarding SEV ``LAUNCH_SECRET`` operation.
/linux/drivers/virt/coco/sev-guest/
H A DKconfig2 tristate "AMD SEV Guest driver"
7 SEV-SNP firmware provides the guest a mechanism to communicate with
/linux/arch/arm/include/asm/
H A Dspinlock.h39 #define SEV __ALT_SMP_ASM(WASM(sev), WASM(nop)) macro
45 __asm__(SEV); in dsb_sev()
/linux/Documentation/virt/hyperv/
H A Dcoco.rst25 * AMD processor with SEV-SNP. Hyper-V does not run guest VMs with AMD SME,
26 SEV, or SEV-ES encryption, and such encryption is not sufficient for a CoCo
79 * With AMD SEV-SNP processors, in fully-enlightened mode the guest OS runs in
85 as defined by the SEV-SNP architecture. This mode simplifies guest management
93 MSR indicates if the underlying processor uses AMD SEV-SNP or Intel TDX, and
108 AMD SEV-SNP in fully-enlightened mode.
116 * CPUID flags. Both AMD SEV-SNP and Intel TDX provide a CPUID flag in the
122 abstracting the differences between SEV-SNP and TDX. But the
125 flags are not set. The exception is early boot memory setup on SEV-SNP, which
126 tests the CPUID SEV-SNP flag. But not having the flag in Hyper-V paravisor
[all …]
H A Dvmbus.rst157 guest to not trust the hypervisor (AMD SEV-SNP, Intel TDX), trusting
/linux/arch/x86/kvm/
H A DKconfig157 bool "AMD Secure Encrypted Virtualization (SEV) support"
168 Encrypted Virtualization (SEV), Secure Encrypted Virtualization with
169 Encrypted State (SEV-ES), and Secure Encrypted Virtualization with
170 Secure Nested Paging (SEV-SNP) technologies on AMD processors.
H A Dcpuid.c1223 VENDOR_F(SEV), in kvm_initialize_cpu_caps()
/linux/drivers/virt/coco/efi_secret/
H A DKconfig10 confidential computing secret injection (for example for AMD SEV
/linux/arch/riscv/boot/dts/microchip/
H A Dmpfs-sev-kit.dts12 model = "Microchip PolarFire-SoC SEV Kit";
/linux/drivers/crypto/ccp/
H A DKconfig46 management commands in Secure Encrypted Virtualization (SEV) mode,
/linux/tools/arch/x86/kcpuid/
H A Dcpuid.csv955 # AMD encrypted memory capabilities enumeration (SME/SEV)
960 0x8000001f, 0, eax, 3, sev_es , SEV Encrypted State supported
961 0x8000001f, 0, eax, 4, sev_nested_paging , SEV secure nested paging supported
968 0x8000001f, 0, eax, 11, req_64bit_hypervisor , SEV guest mandates 64-bit hypervi…
971 0x8000001f, 0, eax, 14, debug_swap , SEV-ES: full debug state swap is …
972 0x8000001f, 0, eax, 15, disallow_host_ibs , SEV-ES: Disallowing IBS use by th…
976 … eax, 19, virt_ibs , IBS state virtualization is supported for SEV-ES guests
985 0x8000001f, 0, edx, 31:0, min_sev_asid_no_sev_es , Minimum ASID for SEV-enabled SEV-…
/linux/drivers/char/tpm/
H A DKconfig251 This is a driver for the AMD SVSM vTPM protocol that a SEV-SNP guest
/linux/drivers/firmware/efi/
H A DKconfig254 Confidential Computing platforms (such as AMD SEV) allow the
/linux/Documentation/admin-guide/
H A Dkernel-parameters.txt1077 like Hyper-V, PowerPC (fadump) and AMD SEV-SNP.
3212 If ciphertext hiding is enabled, the joint SEV-ES and
3213 SEV-SNP ASID space is partitioned into separate SEV-ES
3214 and SEV-SNP ASID ranges, with the SEV-SNP range being
3215 [1..max_snp_asid] and the SEV-ES range being
3219 A non-zero value enables SEV-SNP ciphertext hiding and
3220 adjusts the ASID ranges for SEV-ES and SEV-SNP guests.
3221 KVM caps the number of SEV-SNP ASIDs at the maximum
3223 joint SEV-ES and SEV-SNP ASIDs to SEV-SNP. Note,
3224 assigning all joint ASIDs to SEV-SNP, i.e. configuring
[all …]
/linux/arch/x86/include/asm/
H A Dkvm_host.h1371 __APICV_INHIBIT_REASON(SEV), \
/linux/Documentation/virt/kvm/
H A Dapi.rst4824 (SEV) commands on AMD Processors and Trusted Domain Extensions (TDX) commands
4841 It is used in the SEV-enabled guest. When encryption is enabled, a guest
4842 memory region may contain encrypted data. The SEV memory encryption
4846 swapped. So relocating (or migrating) physical backing pages for the SEV
4849 Note: The current SEV key management spec does not provide commands to
6954 - KVM_SYSTEM_EVENT_SEV_TERM -- an AMD SEV guest requested termination.
7426 KVM_EXIT_SNP_REQ_CERTS indicates an SEV-SNP guest with certificate-fetching
8326 :Architectures: x86 SEV enabled
8408 :Architectures: x86 SEV enabled
/linux/arch/x86/
H A DKconfig495 APIC accesses and support for managing guest owned APIC state for SEV-SNP
/linux/
H A DMAINTAINERS1064 AMD CRYPTOGRAPHIC COPROCESSOR (CCP) DRIVER - SEV SUPPORT