[RFC PATCH v1 00/28] x86: Secure Encrypted Virtualization (AMD)
Paolo Bonzini
pbonzini at redhat.com
Thu Oct 13 11:19:47 UTC 2016
On 23/08/2016 01:23, Brijesh Singh wrote:
> TODO:
> - send qemu/seabios RFC's on respective mailing list
> - integrate the psp driver with CCP driver (they share the PCI id's)
> - add SEV guest migration command support
> - add SEV snapshotting command support
> - determine how to do ioremap of physical memory with mem encryption enabled
> (e.g acpi tables)
The would be encrypted, right? Similar to the EFI data in patch 9.
> - determine how to share the guest memory with hypervisor for to support
> pvclock driver
Is it enough if the guest makes that page unencrypted?
I reviewed the KVM host-side patches and they are pretty
straightforward, so the comments on each patch suffice.
Thanks,
Paolo
> Brijesh Singh (11):
> crypto: add AMD Platform Security Processor driver
> KVM: SVM: prepare to reserve asid for SEV guest
> KVM: SVM: prepare for SEV guest management API support
> KVM: introduce KVM_SEV_ISSUE_CMD ioctl
> KVM: SVM: add SEV launch start command
> KVM: SVM: add SEV launch update command
> KVM: SVM: add SEV_LAUNCH_FINISH command
> KVM: SVM: add KVM_SEV_GUEST_STATUS command
> KVM: SVM: add KVM_SEV_DEBUG_DECRYPT command
> KVM: SVM: add KVM_SEV_DEBUG_ENCRYPT command
> KVM: SVM: add command to query SEV API version
>
> Tom Lendacky (17):
> kvm: svm: Add support for additional SVM NPF error codes
> kvm: svm: Add kvm_fast_pio_in support
> kvm: svm: Use the hardware provided GPA instead of page walk
> x86: Secure Encrypted Virtualization (SEV) support
> KVM: SVM: prepare for new bit definition in nested_ctl
> KVM: SVM: Add SEV feature definitions to KVM
> x86: Do not encrypt memory areas if SEV is enabled
> Access BOOT related data encrypted with SEV active
> x86/efi: Access EFI data as encrypted when SEV is active
> x86: Change early_ioremap to early_memremap for BOOT data
> x86: Don't decrypt trampoline area if SEV is active
> x86: DMA support for SEV memory encryption
> iommu/amd: AMD IOMMU support for SEV
> x86: Don't set the SME MSR bit when SEV is active
> x86: Unroll string I/O when SEV is active
> x86: Add support to determine if running with SEV enabled
> KVM: SVM: Enable SEV by setting the SEV_ENABLE cpu feature
>
>
> arch/x86/boot/compressed/Makefile | 2
> arch/x86/boot/compressed/head_64.S | 19 +
> arch/x86/boot/compressed/mem_encrypt.S | 123 ++++
> arch/x86/include/asm/io.h | 26 +
> arch/x86/include/asm/kvm_emulate.h | 3
> arch/x86/include/asm/kvm_host.h | 27 +
> arch/x86/include/asm/mem_encrypt.h | 3
> arch/x86/include/asm/svm.h | 3
> arch/x86/include/uapi/asm/hyperv.h | 4
> arch/x86/include/uapi/asm/kvm_para.h | 4
> arch/x86/kernel/acpi/boot.c | 4
> arch/x86/kernel/head64.c | 4
> arch/x86/kernel/mem_encrypt.S | 44 ++
> arch/x86/kernel/mpparse.c | 10
> arch/x86/kernel/setup.c | 7
> arch/x86/kernel/x8664_ksyms_64.c | 1
> arch/x86/kvm/cpuid.c | 4
> arch/x86/kvm/mmu.c | 20 +
> arch/x86/kvm/svm.c | 906 ++++++++++++++++++++++++++++++++
> arch/x86/kvm/x86.c | 73 +++
> arch/x86/mm/ioremap.c | 7
> arch/x86/mm/mem_encrypt.c | 50 ++
> arch/x86/platform/efi/efi_64.c | 14
> arch/x86/realmode/init.c | 11
> drivers/crypto/Kconfig | 11
> drivers/crypto/Makefile | 1
> drivers/crypto/psp/Kconfig | 8
> drivers/crypto/psp/Makefile | 3
> drivers/crypto/psp/psp-dev.c | 220 ++++++++
> drivers/crypto/psp/psp-dev.h | 95 +++
> drivers/crypto/psp/psp-ops.c | 454 ++++++++++++++++
> drivers/crypto/psp/psp-pci.c | 376 +++++++++++++
> drivers/sfi/sfi_core.c | 6
> include/linux/ccp-psp.h | 833 +++++++++++++++++++++++++++++
> include/uapi/linux/Kbuild | 1
> include/uapi/linux/ccp-psp.h | 182 ++++++
> include/uapi/linux/kvm.h | 125 ++++
> 37 files changed, 3643 insertions(+), 41 deletions(-)
> create mode 100644 arch/x86/boot/compressed/mem_encrypt.S
> create mode 100644 drivers/crypto/psp/Kconfig
> create mode 100644 drivers/crypto/psp/Makefile
> create mode 100644 drivers/crypto/psp/psp-dev.c
> create mode 100644 drivers/crypto/psp/psp-dev.h
> create mode 100644 drivers/crypto/psp/psp-ops.c
> create mode 100644 drivers/crypto/psp/psp-pci.c
> create mode 100644 include/linux/ccp-psp.h
> create mode 100644 include/uapi/linux/ccp-psp.h
>
More information about the devel
mailing list