xref: /qemu/target/i386/sev.h (revision 77d1abd91e5352ad30ae2f83790f95fa6a3c0b6b) 
1a9b4942fSBrijesh Singh /*
2a9b4942fSBrijesh Singh  * QEMU Secure Encrypted Virutualization (SEV) support
3a9b4942fSBrijesh Singh  *
4a9b4942fSBrijesh Singh  * Copyright: Advanced Micro Devices, 2016-2018
5a9b4942fSBrijesh Singh  *
6a9b4942fSBrijesh Singh  * Authors:
7a9b4942fSBrijesh Singh  *  Brijesh Singh <brijesh.singh@amd.com>
8a9b4942fSBrijesh Singh  *
9a9b4942fSBrijesh Singh  * This work is licensed under the terms of the GNU GPL, version 2 or later.
10a9b4942fSBrijesh Singh  * See the COPYING file in the top-level directory.
11a9b4942fSBrijesh Singh  *
12a9b4942fSBrijesh Singh  */
13a9b4942fSBrijesh Singh 
1452581c71SMarkus Armbruster #ifndef I386_SEV_H
1552581c71SMarkus Armbruster #define I386_SEV_H
16a9b4942fSBrijesh Singh 
1702eacf31SPhilippe Mathieu-Daudé #ifndef CONFIG_USER_ONLY
1802eacf31SPhilippe Mathieu-Daudé #include CONFIG_DEVICES /* CONFIG_SEV */
1902eacf31SPhilippe Mathieu-Daudé #endif
2002eacf31SPhilippe Mathieu-Daudé 
21deae846fSPhilippe Mathieu-Daudé #include "exec/confidential-guest-support.h"
22a9b4942fSBrijesh Singh 
2316dcf200SMichael Roth #define TYPE_SEV_COMMON "sev-common"
2416dcf200SMichael Roth #define TYPE_SEV_GUEST "sev-guest"
257b34df44SBrijesh Singh #define TYPE_SEV_SNP_GUEST "sev-snp-guest"
2616dcf200SMichael Roth 
27a9b4942fSBrijesh Singh #define SEV_POLICY_NODBG        0x1
28a9b4942fSBrijesh Singh #define SEV_POLICY_NOKS         0x2
29a9b4942fSBrijesh Singh #define SEV_POLICY_ES           0x4
30a9b4942fSBrijesh Singh #define SEV_POLICY_NOSEND       0x8
31a9b4942fSBrijesh Singh #define SEV_POLICY_DOMAIN       0x10
32a9b4942fSBrijesh Singh #define SEV_POLICY_SEV          0x20
33a9b4942fSBrijesh Singh 
3459d3740cSMichael Roth #define SEV_SNP_POLICY_SMT      0x10000
3559d3740cSMichael Roth #define SEV_SNP_POLICY_DBG      0x80000
3659d3740cSMichael Roth 
37cff03145SDov Murik typedef struct SevKernelLoaderContext {
38cff03145SDov Murik     char *setup_data;
39cff03145SDov Murik     size_t setup_size;
40cff03145SDov Murik     char *kernel_data;
41cff03145SDov Murik     size_t kernel_size;
42cff03145SDov Murik     char *initrd_data;
43cff03145SDov Murik     size_t initrd_size;
44cff03145SDov Murik     char *cmdline_data;
45cff03145SDov Murik     size_t cmdline_size;
46cff03145SDov Murik } SevKernelLoaderContext;
47cff03145SDov Murik 
4802eacf31SPhilippe Mathieu-Daudé #ifdef CONFIG_SEV
49deae846fSPhilippe Mathieu-Daudé bool sev_enabled(void);
5002eacf31SPhilippe Mathieu-Daudé bool sev_es_enabled(void);
5199190f80SMichael Roth bool sev_snp_enabled(void);
5202eacf31SPhilippe Mathieu-Daudé #else
5302eacf31SPhilippe Mathieu-Daudé #define sev_enabled() 0
5402eacf31SPhilippe Mathieu-Daudé #define sev_es_enabled() 0
5599190f80SMichael Roth #define sev_snp_enabled() 0
5602eacf31SPhilippe Mathieu-Daudé #endif
5702eacf31SPhilippe Mathieu-Daudé 
58f703f1efSPhilippe Mathieu-Daudé uint32_t sev_get_cbit_position(void);
59f703f1efSPhilippe Mathieu-Daudé uint32_t sev_get_reduced_phys_bits(void);
60f703f1efSPhilippe Mathieu-Daudé bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp);
61d8575c6cSBrijesh Singh 
62*77d1abd9SBrijesh Singh int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp);
63deae846fSPhilippe Mathieu-Daudé int sev_inject_launch_secret(const char *hdr, const char *secret,
64deae846fSPhilippe Mathieu-Daudé                              uint64_t gpa, Error **errp);
65deae846fSPhilippe Mathieu-Daudé 
66deae846fSPhilippe Mathieu-Daudé int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size);
67deae846fSPhilippe Mathieu-Daudé void sev_es_set_reset_vector(CPUState *cpu);
68deae846fSPhilippe Mathieu-Daudé 
69f3c30c57SBrijesh Singh void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size);
70f3c30c57SBrijesh Singh 
71a9b4942fSBrijesh Singh #endif
72