164d19f33SDavid GibsonConfidential Guest Support 264d19f33SDavid Gibson========================== 364d19f33SDavid Gibson 464d19f33SDavid GibsonTraditionally, hypervisors such as QEMU have complete access to a 564d19f33SDavid Gibsonguest's memory and other state, meaning that a compromised hypervisor 664d19f33SDavid Gibsoncan compromise any of its guests. A number of platforms have added 764d19f33SDavid Gibsonmechanisms in hardware and/or firmware which give guests at least some 864d19f33SDavid Gibsonprotection from a compromised hypervisor. This is obviously 964d19f33SDavid Gibsonespecially desirable for public cloud environments. 1064d19f33SDavid Gibson 1164d19f33SDavid GibsonThese mechanisms have different names and different modes of 1264d19f33SDavid Gibsonoperation, but are often referred to as Secure Guests or Confidential 1364d19f33SDavid GibsonGuests. We use the term "Confidential Guest Support" to distinguish 1464d19f33SDavid Gibsonthis from other aspects of guest security (such as security against 1564d19f33SDavid Gibsonattacks from other guests, or from network sources). 1664d19f33SDavid Gibson 1764d19f33SDavid GibsonRunning a Confidential Guest 1864d19f33SDavid Gibson---------------------------- 1964d19f33SDavid Gibson 2064d19f33SDavid GibsonTo run a confidential guest you need to add two command line parameters: 2164d19f33SDavid Gibson 22*96a46defSCornelia Huck1. Use ``-object`` to create a "confidential guest support" object. The 2364d19f33SDavid Gibson type and parameters will vary with the specific mechanism to be 2464d19f33SDavid Gibson used 25*96a46defSCornelia Huck2. Set the ``confidential-guest-support`` machine parameter to the ID of 2664d19f33SDavid Gibson the object from (1). 2764d19f33SDavid Gibson 2864d19f33SDavid GibsonExample (for AMD SEV):: 2964d19f33SDavid Gibson 3064d19f33SDavid Gibson qemu-system-x86_64 \ 3164d19f33SDavid Gibson <other parameters> \ 3264d19f33SDavid Gibson -machine ...,confidential-guest-support=sev0 \ 3364d19f33SDavid Gibson -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1 3464d19f33SDavid Gibson 3564d19f33SDavid GibsonSupported mechanisms 3664d19f33SDavid Gibson-------------------- 3764d19f33SDavid Gibson 3864d19f33SDavid GibsonCurrently supported confidential guest mechanisms are: 3964d19f33SDavid Gibson 40*96a46defSCornelia Huck* AMD Secure Encrypted Virtualization (SEV) (see :doc:`i386/amd-memory-encryption`) 41*96a46defSCornelia Huck* POWER Protected Execution Facility (PEF) (see :ref:`power-papr-protected-execution-facility-pef`) 42*96a46defSCornelia Huck* s390x Protected Virtualization (PV) (see :doc:`s390x/protvirt`) 43651615d9SDavid Gibson 4464d19f33SDavid GibsonOther mechanisms may be supported in future. 45