From patchwork Mon Aug 22 23:28:17 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9294627 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E92F9607F0 for ; Mon, 22 Aug 2016 23:28:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D8F9A28AFC for ; Mon, 22 Aug 2016 23:28:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CC76928B07; Mon, 22 Aug 2016 23:28:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8652428B01 for ; Mon, 22 Aug 2016 23:28:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932589AbcHVX2b (ORCPT ); Mon, 22 Aug 2016 19:28:31 -0400 Received: from mail-cys01nam02on0047.outbound.protection.outlook.com ([104.47.37.47]:59383 "EHLO NAM02-CY1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932193AbcHVX20 (ORCPT ); Mon, 22 Aug 2016 19:28:26 -0400 X-Greylist: delayed 368 seconds by postgrey-1.27 at vger.kernel.org; Mon, 22 Aug 2016 19:28:26 EDT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=V2aTM1G3E7vSpiT6CL7GN0xl9rMOrS8LwWn8hO3l5Cg=; b=dsrfmxBUHjXv0CYjQyX6PlQ+kgvpjfoZ1ojLn/jSwTO6fwGt3hT1z/6DHmvYmJYwdvwmrhxR6HcUq4caHJ2CsFnIlWMaPSkDQARs0rmIgP0qcHfSl1o4mDiQNU69YdKgIrsRCKthAEr9H5UQaBaKJ6WXRJ2z2/eTP8bjW0uu7GM= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from [127.0.1.1] (165.204.77.1) by BLUPR12MB0658.namprd12.prod.outlook.com (10.163.217.28) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.557.21; Mon, 22 Aug 2016 23:28:19 +0000 Subject: [RFC PATCH v1 21/28] KVM: introduce KVM_SEV_ISSUE_CMD ioctl From: Brijesh Singh To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Date: Mon, 22 Aug 2016 19:28:17 -0400 Message-ID: <147190849706.9523.17127624683768628621.stgit@brijesh-build-machine> In-Reply-To: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BN6PR17CA0032.namprd17.prod.outlook.com (10.175.189.18) To BLUPR12MB0658.namprd12.prod.outlook.com (10.163.217.28) X-MS-Office365-Filtering-Correlation-Id: f84c4147-2e38-4bdb-0129-08d3cae401e0 X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0658; 2:jG61Vc+c19qx6z/+bhUAhsSYN2hoarwqX8/fjpioKpaWPRX6SeNQ5L0mApnGfl44xpf0+sgf/7DiD/6eaq3Sy5f885GYPjZG3LWOb8oQRQ4IBCCtiFgprHLmuzVtsC2uoL+UTetiY5NPWeF8FZ7v3bTSBCCWxcW4pefKMs/cve1D4sk/bqFUVcz9PiBFH8PP; 3:JFVUoqY53s5X3G7+nijo0H/ms/70A4sIfpYL3rMDF0eRcxx7a7RkvVTaXB3Ao2VR6nTsk0l08va3GFAyaw4IS2N4vJZ/DWtueswjNEyn3b7FrNiqpwdDMTI3r/Mk/qO5 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR12MB0658; X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0658; 25:R/WqcvApoMfzY40/FoQyUPR3kbl0ImOya5GMq/BRUckQ6Xz7rn+BLnGBJ3LqhoiIW9GY3HJ69OTfiC2C4UwK75uwq0rW7B+oPuSNzJOxw4hDlEwPyXVmwTyid0Jmphjaw8PTEOwHj4cyNbSSx0r283DFtQz01LsN8s7o3TTqoYJ7GVARAq0/Hepx/d3A+a+7WyOd97+lb4ah+qm4Vofu00CVcV4z8XyaTsrrFbTgUlVp9pSnKLDZUQr/MRYMsp9wxAh/btMnpBZHKg5dz4Nr4kJs9PGcJHMRw/HviWcXamhPZrR70VRvz4vUUElS/yDCJBicJxu4+iXL/HOZN7CNmfWshNTT1paBBVd52/Vc3cOBKxYCMOtVn0IL1cgxus7+14jWLU76AchFAQOdGvgDU4dimcvPo/FRAM8dcxdjI0sAiC7aWIaKmYYHE+YALegalVjqUKswE+pDdV0L1d9jg4xAVX78lDa4lovxZI3gmkpaPjfaijrw9ZdD2tWoq0LvPUNewSARs8SbraoiHJFNdkDaDgqiyEhtifPyCnd8GqnP1X2cV9GRvDCP/DY23Lma0zmspt6OXPQFl2buRL/rJXkX7Rg1IhgM0w/ZetkRwGJ1U5UwT0EdSIUVTbvi2P7bSCMg03F0O77sa5cgKC4DdKQJ79XHv93uQd28UuLAicE/WbrJIu/GDMLDS/ABFePpVCMb+zu8Xj0ZeE8WMUr1X4wVKcGVDzimzl3c4YESs8s= X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0658; 31:jSuNOVg3bH19yDooVVmF7GSKLlJr7gNncbSVjSb+phRP6eqS9Q0vfRqQ2ptOIL9S/NGog0k2X5ZorEiCpVPkaljPnbHeUqzAo3kOFkxURVcH/MnrBrKSQ+IGFXPI92fayqUOcvFVnvGoNuie9iZyR/wl5lgW17GEIFaY+WHEXXxXcnx2bqVPAfAqd50AlgQ1/r8jG3bRB1ueiD33sUzWHj10q/XzcC6txos9q+Wo9S8=; 20:HqmffF7jlfRpkzlPy8DGvy1I8vhbsIS+bz+goXGkrQ3g1UlsYNdneH1M1XVXGA6HGYPU9PEbmzAPzB2bZsHc2h1IXY5NQvp3gvJQZQ0Z1jA2cVoIlFpDSomSjahJ86zRN0S2y80sUmi0WWs9h/bZy0yEcGf0k4LAe5V0eVve9HpSmcUBGdbCXprVinl5Nv59L71iUPXDmR/Df9oCtQg0N8dIjQussltcHpMQpVKry8wlcmng4B1/6LQTLS5Jdd9eH2x5vlxTZv8YookLptNLL9oZt4hy3VwKNSAF3n3Ydcnu/76Hulf5EvWWzXG10JF2GjI3vZ8VcB2jSw8RM0XTnqHPgAfvGRKJbSqTmUvnKOZ4Y/wxk9QLHVKY+RNc59nk7JUb9uuDOrPFkh+MKxy9OR0TYGX372dt3ZZYg92sjXYZ8fCJctBS8ocKtuO22YxMNDqkHtq9Y+eTiTRZsQd1cU+hgdV0Js9G6RMAkZrytAtRCscUCXvk2nyw9rig06Aa X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026); SRVR:BLUPR12MB0658; BCL:0; PCL:0; RULEID:; SRVR:BLUPR12MB0658; X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0658; 4:VbAN6LhNbGrcHMGWoWjusNAZzf7r7wgOarWXdb3y//aubgBaFVg+Rsmbl8cSe4teAJHgH6/OrTLhSS2UJjBUp34Wq9uj1J03iNZeD6IqVsF25lj6nffLZy5eB/3nqu4df4QuF5B8l7cAW7XTrq1YMI98X/brwqzeb+swiYefQRsjAxJGAqRb7Wdva3lRadMpOCLHpe9rzF/nAjshT2SRyPnS7iG+0Iw+0SFUCMfU66FR73fdde002i5QX72MdTk8Q2JjTgZ7SJtGb0Gqs58dr6ou8UWc4ZhiOaqCjxbg6EdH5GvfAu3uGzngYWcEl/a1Sc40sVyWOLdMteumz33+odlw4/hU45tdcsQ3kuehuaPVftXksI3bIfYD5oAiCJMePcrG1v6Pna9fC1T9x8z+98wwGmkS18fDaabL9u0mwcwxdfX1lhguVSPcq9rJiQ1i X-Forefront-PRVS: 00429279BA X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(6049001)(7916002)(199003)(189002)(83506001)(2906002)(230700001)(4001350100001)(42186005)(103116003)(7416002)(7406005)(101416001)(92566002)(7846002)(19580395003)(7736002)(5660300001)(19580405001)(6116002)(50986999)(3846002)(305945005)(586003)(9686002)(54356999)(76176999)(8676002)(81156014)(81166006)(68736007)(23676002)(50466002)(97736004)(33646002)(33716001)(5001770100001)(106356001)(107886002)(77096005)(229853001)(66066001)(47776003)(2950100001)(86362001)(105586002)(2201001)(575784001)(189998001)(921003)(1121003)(83996005)(217873001)(2101003); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR12MB0658; H:[127.0.1.1]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTFVQUjEyTUIwNjU4OzIzOjZrcXFaYWtPMGZ6OEtKMHFzUjVtVjE2dlln?= =?utf-8?B?THh0RFlrcndHZXE3RTQ0UEY0eU9jSFVXaER3TWdacW1YdDBqcHRmQXVRL2lD?= =?utf-8?B?cmg1Q09TR0xRQS9Ud3owamtoVnR5M3pJWXVzbk1Dd3B4SXZiME5QSFdzSHM3?= =?utf-8?B?WDBVcjZDTTBJTkVhZ090aDIwTmIvcjl3M0VUZnNrVE9UM1hWajFudXlENWt4?= =?utf-8?B?ZGRPMGcxMVBrTFBLMjVBT3NzRmd6Y3N0eEpUQ0k2by9KVFpQcXprMFA4dEpU?= =?utf-8?B?Z3pPWTl3a2NLUTFoYTRTU0dTYXNBTFJKdmRsNVlmeTVyeEJOeTdQMjBaaUxJ?= =?utf-8?B?eG40L2dKVTZwVzk4aS9XRlgwaS9zYndlc1Y0TWUxVjNTN3JUbzI1WnpiYWtK?= =?utf-8?B?MndBelpheEpWWXpPRW4rc2t3Z2gvdm9vd0lrNnY2NExDVHl6RkRSK1lnVEFw?= =?utf-8?B?TjZzU3JYeWxNbDV6SXM3WXZGeGJtZ3RxK3p6ME1lOEt5NnpjUGxWN0o5U2to?= =?utf-8?B?Q1paNml1YThpRjZzWkIvYU0rWXJueVVvWkdoTkcwQnNqSVdYcmRxMXVFbnhx?= =?utf-8?B?ckNyQVhyL1pSRFprZ09uN2wvdVhKNmpCOXgveTFjeXBVUHNZNHJYQUdZMmhh?= =?utf-8?B?M0IxTkk2ODdBblVYOHd6N3I3MEhSNHdhV0hRVDUwQW8rWVZyM1BUQU0rYjll?= =?utf-8?B?NXBpN3pjYUR6dHM4RkNmZHNzSlJtMi9WTEU3ZG1hUHBpdkNaenNJNWsrNFVw?= =?utf-8?B?K2hYNGVUNGJqWGhueStIUjBTNGVqcktONGNVQTRGL1I1cHIwTWdCZHpIWVVT?= =?utf-8?B?MUQ2MFNSTHZmaVBFRVcrSGNtUUtpV00xNWNlZmFQN0diektLNFRhcThTRVFw?= =?utf-8?B?R29LRzlCS2IwQmJZZ3VwSTlHbmRRL1g3cm8wenVsMkFXdThLTG15N1J3RXRF?= =?utf-8?B?Z2FNVDFZc09NY1hObW1PTUdQZWdDbUhYS01GamEwVDN6dllpMUxrY0Qwa0Uy?= =?utf-8?B?Rm1FQnJ5eFdKSUpiREpIeVdIc0NKb2NqS0owOU4zZlF1c01USHp6S1cwSHdx?= =?utf-8?B?QXpRUllINmZNR1hqM0VOVkNhM21RaHFkTHBQRkVXaWpYMlI1RkF6eDlrWGkz?= =?utf-8?B?UDVXdVNvelBIcnhlWlNBaE5JcDM4M2JZU0RXR3k0b1BwSmZMWCtrTXpsbWxz?= =?utf-8?B?akJtRzVRdksvMThuVis2amIvUnQ2M29jSnloWFdjUmNkdC92eUhzL0NwNXAx?= =?utf-8?B?cHZZc0dCREpqQWhFUHluWlprVngwU3FkaG1lYnl6Y0lWM0ZHRGxROEd6aWtQ?= =?utf-8?B?WWIwM25xb0xrOWUxN3ZOZmo0T1l1MWZQam1GcmtHMjBIU1daN3E1SHY4dFBX?= =?utf-8?B?YzlkN1ZaNUdJa2pNbm1UZFI4Vk5oUk40alBuWi80Q2ZjWC9RTFl2NXpLdnRT?= =?utf-8?B?dFpDbC96SnJtK3VUL2dVOWU5aThoQ3pwOGlDVEwySytpQ2FsRUVCU3ZTUnFt?= =?utf-8?B?cmhVZGttakp3RlUwV2F3MXJqMVIvT0FZTVN1WEhiSHJLYndSaHNVMEF5TnpZ?= =?utf-8?B?S21KTnlqelU2akcyRXYwZlQzdkVDVWd1TDZWK0NPRS94NUxndGN3eW1nQWFr?= =?utf-8?B?aEE2cXZacUx5YnI5YjMrYWVsQXpseVlhNVdueWJoUU9JWERhWnZzREVZM3oz?= =?utf-8?B?em1hMnJrNVNBcHdIUjNWZ1JUaW1PbjRKcEtVNlYvT3BDV3BhTkE5NHh1MGQv?= =?utf-8?B?S0tOcjdvTUwrdlFjYWdtMXMrYTVIL2VBRXl3dUppbWZEVlJPSEVPR09YUzdL?= =?utf-8?B?aTlnNUptOWMxVVZTL0VQcGZpMG9ZclVwQ1Q5dFhDYjFaNldwRXFEd0RTYzlm?= =?utf-8?Q?Hx9/hUl85rY=3D?= X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0658; 6:SCfUjcBpvOQUcvhpQf0pUu5HD9vyG6P5+DCDIxqfDucVOQAhZ3w3xXJUbwVmDHU2uerjp/x4Xt5A2IWngrVbIjmux28oJRTizVOGXc1AUv+vSlZo2d9IJvgmxXF89xBwVLFnjMcOkx7/s8SOrMReq64cWtkFSE8VDCRGjkPNY7R6zFdqajFkPTGxNAgN+VUOpkFGki/zdvOA8konDZSTHhw904StArrfTSeCd3o3zhDq+lARrNpVjUZJ82IKFDeI3o00HDnWQ5DI9kdFd6+CSNCiXpfAHkzx4qh9rPLyDqIdNoesw9vH6tfy8nj6v5KlgLPXN1+RsZ/cDDVGE0K7kA==; 5:jX1J6tadgmUEXceV07tJ3+jf+Q2H+X5sCwFxkaG2ENIpvpkwc1E8P8+8Rl1MfK4sj9I4rd+ktuN3kaIP/dN8kjIKYm1ta0t6jBVoy0pMjRRGHs+zb16dfJ5/oRGHKSS76MDkonxXM+6FddSk9ZYjDw==; 24:JHNDv9yoYRM2tWHgGRiHrwdSnWK+Y9jvwXLtyOL53/iUeq3IojtOJeXAffLqyJSJpLEv44g4/IvDao4vN5759WqtzbNZ2BBxSUtzgkIXoXY=; 7:Gt6fFpKT6118fw17hQqAjf+AiPwZiDW/SV+9IsMEDxD0egLay338UjxwdQQzZdK5AT1WQdnowKJqhMCcov/t1o/Sl/OtDrF1cjvKH2BcFTrMXuSlkaYnWz21awETkfQ8vlBouFkpTk84CUs/nJanriWtVP9ZzKCv6kNLy5zkfJJzcZNMzMLrdL11yRZHx1ho2Ih16oAxz8JMJBukNwKjGq/q9hByMh0qWndoWJvoyRv3uaVigoBYKIpVZqKJP0o/ SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0658; 20:cz/zdjeberAfGojJ1dCzbQBiEIfj5I7hduB0Ec3Ym/nfMs/cKiVIeaCKOU2OFxItuJXcpB5zEEk42JvN0jaD9H3gibHwq3Tn+JTZ2uL8b1RFEuDWldkOiN/MU+fY094sArPqLen/Rmea6YoMvdhncxQNnGtQpWiyUw+avvFrMMyKsSv69r5mBg+C2D6Lxf9AyOgN1ObXdaNJiVQmDqIFPOxxaP5B0UhtA7g7vQIjPsw8ZMEJJQkiPxbu6Oqrzeas X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Aug 2016 23:28:19.9973 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR12MB0658 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The ioctl will be used by qemu to issue the Secure Encrypted Virtualization (SEV) guest commands to transition a guest into into SEV-enabled mode. a typical usage: struct kvm_sev_launch_start start; struct kvm_sev_issue_cmd data; data.cmd = KVM_SEV_LAUNCH_START; data.opaque = &start; ret = ioctl(fd, KVM_SEV_ISSUE_CMD, &data); On SEV command failure, data.ret_code will contain the firmware error code. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 3 + arch/x86/kvm/x86.c | 13 ++++ include/uapi/linux/kvm.h | 125 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 141 insertions(+) -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 9b885fc..a94e37d 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1040,6 +1040,9 @@ struct kvm_x86_ops { void (*cancel_hv_timer)(struct kvm_vcpu *vcpu); void (*setup_mce)(struct kvm_vcpu *vcpu); + + int (*sev_issue_cmd)(struct kvm *kvm, + struct kvm_sev_issue_cmd __user *argp); }; struct kvm_arch_async_pf { diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index d6f2f4b..0c0adad 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3820,6 +3820,15 @@ split_irqchip_unlock: return r; } +static int kvm_vm_ioctl_sev_issue_cmd(struct kvm *kvm, + struct kvm_sev_issue_cmd __user *argp) +{ + if (kvm_x86_ops->sev_issue_cmd) + return kvm_x86_ops->sev_issue_cmd(kvm, argp); + + return -ENOTTY; +} + long kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg) { @@ -4085,6 +4094,10 @@ long kvm_arch_vm_ioctl(struct file *filp, r = kvm_vm_ioctl_enable_cap(kvm, &cap); break; } + case KVM_SEV_ISSUE_CMD: { + r = kvm_vm_ioctl_sev_issue_cmd(kvm, argp); + break; + } default: r = kvm_vm_ioctl_assigned_device(kvm, ioctl, arg); } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 300ef25..72c18c3 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1274,6 +1274,131 @@ struct kvm_s390_ucas_mapping { /* Available with KVM_CAP_X86_SMM */ #define KVM_SMI _IO(KVMIO, 0xb7) +/* Secure Encrypted Virtualization mode */ +enum sev_cmd { + KVM_SEV_LAUNCH_START = 0, + KVM_SEV_LAUNCH_UPDATE, + KVM_SEV_LAUNCH_FINISH, + KVM_SEV_GUEST_STATUS, + KVM_SEV_DBG_DECRYPT, + KVM_SEV_DBG_ENCRYPT, + KVM_SEV_RECEIVE_START, + KVM_SEV_RECEIVE_UPDATE, + KVM_SEV_RECEIVE_FINISH, + KVM_SEV_SEND_START, + KVM_SEV_SEND_UPDATE, + KVM_SEV_SEND_FINISH, + KVM_SEV_API_VERSION, + KVM_SEV_NR_MAX, +}; + +struct kvm_sev_issue_cmd { + __u32 cmd; + __u64 opaque; + __u32 ret_code; +}; + +struct kvm_sev_launch_start { + __u32 handle; + __u32 flags; + __u32 policy; + __u8 nonce[16]; + __u8 dh_pub_qx[32]; + __u8 dh_pub_qy[32]; +}; + +struct kvm_sev_launch_update { + __u64 address; + __u32 length; +}; + +struct kvm_sev_launch_finish { + __u32 vcpu_count; + __u32 vcpu_length; + __u64 vcpu_mask_addr; + __u32 vcpu_mask_length; + __u8 measurement[32]; +}; + +struct kvm_sev_guest_status { + __u32 policy; + __u32 state; +}; + +struct kvm_sev_dbg_decrypt { + __u64 src_addr; + __u64 dst_addr; + __u32 length; +}; + +struct kvm_sev_dbg_encrypt { + __u64 src_addr; + __u64 dst_addr; + __u32 length; +}; + +struct kvm_sev_receive_start { + __u32 handle; + __u32 flags; + __u32 policy; + __u8 policy_meas[32]; + __u8 wrapped_tek[24]; + __u8 wrapped_tik[24]; + __u8 ten[16]; + __u8 dh_pub_qx[32]; + __u8 dh_pub_qy[32]; + __u8 nonce[16]; +}; + +struct kvm_sev_receive_update { + __u8 iv[16]; + __u64 address; + __u32 length; +}; + +struct kvm_sev_receive_finish { + __u8 measurement[32]; +}; + +struct kvm_sev_send_start { + __u8 nonce[16]; + __u32 policy; + __u8 policy_meas[32]; + __u8 wrapped_tek[24]; + __u8 wrapped_tik[24]; + __u8 ten[16]; + __u8 iv[16]; + __u32 flags; + __u8 api_major; + __u8 api_minor; + __u32 serial; + __u8 dh_pub_qx[32]; + __u8 dh_pub_qy[32]; + __u8 pek_sig_r[32]; + __u8 pek_sig_s[32]; + __u8 cek_sig_r[32]; + __u8 cek_sig_s[32]; + __u8 cek_pub_qx[32]; + __u8 cek_pub_qy[32]; + __u8 ask_sig_r[32]; + __u8 ask_sig_s[32]; + __u32 ncerts; + __u32 cert_length; + __u64 certs_addr; +}; + +struct kvm_sev_send_update { + __u32 length; + __u64 src_addr; + __u64 dst_addr; +}; + +struct kvm_sev_send_finish { + __u8 measurement[32]; +}; + +#define KVM_SEV_ISSUE_CMD _IOWR(KVMIO, 0xb8, struct kvm_sev_issue_cmd) + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)