1 /* 2 * QEMU Secure Encrypted Virutualization (SEV) support 3 * 4 * Copyright: Advanced Micro Devices, 2016-2018 5 * 6 * Authors: 7 * Brijesh Singh <brijesh.singh@amd.com> 8 * 9 * This work is licensed under the terms of the GNU GPL, version 2 or later. 10 * See the COPYING file in the top-level directory. 11 * 12 */ 13 14 #ifndef I386_SEV_H 15 #define I386_SEV_H 16 17 #ifndef CONFIG_USER_ONLY 18 #include CONFIG_DEVICES /* CONFIG_SEV */ 19 #endif 20 21 #include "exec/confidential-guest-support.h" 22 23 #define TYPE_SEV_COMMON "sev-common" 24 #define TYPE_SEV_GUEST "sev-guest" 25 #define TYPE_SEV_SNP_GUEST "sev-snp-guest" 26 27 #define SEV_POLICY_NODBG 0x1 28 #define SEV_POLICY_NOKS 0x2 29 #define SEV_POLICY_ES 0x4 30 #define SEV_POLICY_NOSEND 0x8 31 #define SEV_POLICY_DOMAIN 0x10 32 #define SEV_POLICY_SEV 0x20 33 34 #define SEV_SNP_POLICY_SMT 0x10000 35 #define SEV_SNP_POLICY_DBG 0x80000 36 37 typedef struct SevKernelLoaderContext { 38 char *setup_data; 39 size_t setup_size; 40 char *kernel_data; 41 size_t kernel_size; 42 char *initrd_data; 43 size_t initrd_size; 44 char *cmdline_data; 45 size_t cmdline_size; 46 } SevKernelLoaderContext; 47 48 #ifdef CONFIG_SEV 49 bool sev_enabled(void); 50 bool sev_es_enabled(void); 51 bool sev_snp_enabled(void); 52 #else 53 #define sev_enabled() 0 54 #define sev_es_enabled() 0 55 #define sev_snp_enabled() 0 56 #endif 57 58 uint32_t sev_get_cbit_position(void); 59 uint32_t sev_get_reduced_phys_bits(void); 60 bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp); 61 62 int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp); 63 int sev_inject_launch_secret(const char *hdr, const char *secret, 64 uint64_t gpa, Error **errp); 65 66 int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size); 67 void sev_es_set_reset_vector(CPUState *cpu); 68 69 void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size); 70 71 #endif 72