1a9b4942fSBrijesh Singh /* 2a9b4942fSBrijesh Singh * QEMU Secure Encrypted Virutualization (SEV) support 3a9b4942fSBrijesh Singh * 4a9b4942fSBrijesh Singh * Copyright: Advanced Micro Devices, 2016-2018 5a9b4942fSBrijesh Singh * 6a9b4942fSBrijesh Singh * Authors: 7a9b4942fSBrijesh Singh * Brijesh Singh <brijesh.singh@amd.com> 8a9b4942fSBrijesh Singh * 9a9b4942fSBrijesh Singh * This work is licensed under the terms of the GNU GPL, version 2 or later. 10a9b4942fSBrijesh Singh * See the COPYING file in the top-level directory. 11a9b4942fSBrijesh Singh * 12a9b4942fSBrijesh Singh */ 13a9b4942fSBrijesh Singh 1452581c71SMarkus Armbruster #ifndef I386_SEV_H 1552581c71SMarkus Armbruster #define I386_SEV_H 16a9b4942fSBrijesh Singh 1702eacf31SPhilippe Mathieu-Daudé #ifndef CONFIG_USER_ONLY 1802eacf31SPhilippe Mathieu-Daudé #include CONFIG_DEVICES /* CONFIG_SEV */ 1902eacf31SPhilippe Mathieu-Daudé #endif 2002eacf31SPhilippe Mathieu-Daudé 21*63cda194SPhilippe Mathieu-Daudé #if !defined(CONFIG_SEV) || defined(CONFIG_USER_ONLY) 22*63cda194SPhilippe Mathieu-Daudé #define sev_enabled() 0 23*63cda194SPhilippe Mathieu-Daudé #define sev_es_enabled() 0 24*63cda194SPhilippe Mathieu-Daudé #define sev_snp_enabled() 0 25*63cda194SPhilippe Mathieu-Daudé #else 26*63cda194SPhilippe Mathieu-Daudé bool sev_enabled(void); 27*63cda194SPhilippe Mathieu-Daudé bool sev_es_enabled(void); 28*63cda194SPhilippe Mathieu-Daudé bool sev_snp_enabled(void); 29*63cda194SPhilippe Mathieu-Daudé #endif 30*63cda194SPhilippe Mathieu-Daudé 31*63cda194SPhilippe Mathieu-Daudé #if !defined(CONFIG_USER_ONLY) 32a9b4942fSBrijesh Singh 3316dcf200SMichael Roth #define TYPE_SEV_COMMON "sev-common" 3416dcf200SMichael Roth #define TYPE_SEV_GUEST "sev-guest" 357b34df44SBrijesh Singh #define TYPE_SEV_SNP_GUEST "sev-snp-guest" 3616dcf200SMichael Roth 37a9b4942fSBrijesh Singh #define SEV_POLICY_NODBG 0x1 38a9b4942fSBrijesh Singh #define SEV_POLICY_NOKS 0x2 39a9b4942fSBrijesh Singh #define SEV_POLICY_ES 0x4 40a9b4942fSBrijesh Singh #define SEV_POLICY_NOSEND 0x8 41a9b4942fSBrijesh Singh #define SEV_POLICY_DOMAIN 0x10 42a9b4942fSBrijesh Singh #define SEV_POLICY_SEV 0x20 43a9b4942fSBrijesh Singh 4459d3740cSMichael Roth #define SEV_SNP_POLICY_SMT 0x10000 4559d3740cSMichael Roth #define SEV_SNP_POLICY_DBG 0x80000 4659d3740cSMichael Roth 47cff03145SDov Murik typedef struct SevKernelLoaderContext { 48cff03145SDov Murik char *setup_data; 49cff03145SDov Murik size_t setup_size; 50cff03145SDov Murik char *kernel_data; 51cff03145SDov Murik size_t kernel_size; 52cff03145SDov Murik char *initrd_data; 53cff03145SDov Murik size_t initrd_size; 54cff03145SDov Murik char *cmdline_data; 55cff03145SDov Murik size_t cmdline_size; 56cff03145SDov Murik } SevKernelLoaderContext; 57cff03145SDov Murik 58f703f1efSPhilippe Mathieu-Daudé bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp); 59d8575c6cSBrijesh Singh 6077d1abd9SBrijesh Singh int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp); 61deae846fSPhilippe Mathieu-Daudé int sev_inject_launch_secret(const char *hdr, const char *secret, 62deae846fSPhilippe Mathieu-Daudé uint64_t gpa, Error **errp); 63deae846fSPhilippe Mathieu-Daudé 64deae846fSPhilippe Mathieu-Daudé int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size); 65deae846fSPhilippe Mathieu-Daudé void sev_es_set_reset_vector(CPUState *cpu); 66deae846fSPhilippe Mathieu-Daudé 67f3c30c57SBrijesh Singh void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size); 68f3c30c57SBrijesh Singh 69*63cda194SPhilippe Mathieu-Daudé #endif /* !CONFIG_USER_ONLY */ 70*63cda194SPhilippe Mathieu-Daudé 71*63cda194SPhilippe Mathieu-Daudé uint32_t sev_get_cbit_position(void); 72*63cda194SPhilippe Mathieu-Daudé uint32_t sev_get_reduced_phys_bits(void); 73*63cda194SPhilippe Mathieu-Daudé 74a9b4942fSBrijesh Singh #endif 75