From patchwork Wed Oct 4 13:13:42 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9984709 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0059B60365 for ; Wed, 4 Oct 2017 13:25:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E5D4528405 for ; Wed, 4 Oct 2017 13:25:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DA9E528484; Wed, 4 Oct 2017 13:25:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4767828405 for ; Wed, 4 Oct 2017 13:25:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752139AbdJDNOr (ORCPT ); Wed, 4 Oct 2017 09:14:47 -0400 Received: from mail-cys01nam02on0084.outbound.protection.outlook.com ([104.47.37.84]:31550 "EHLO NAM02-CY1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751694AbdJDNOm (ORCPT ); Wed, 4 Oct 2017 09:14:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=1d+0d3Ze81kUJ8aNMgpq/rM7P4ezKmaEY2wPnURvhms=; b=r9BA+Oa5VsaOJCI3eaTOuLgzqmvWD9u3pdOofSzFLD2us6HzmIqwKXDsnVX/vNN7VFgPVq8RSZ75wB3YbauGVX9unaI9zsjhuKKDyqNmAQ+3h4RMdF5atWctNpsfObnYcu86LHaK5a9kZCMIsWaJUwVPUceXItycgX+mfPHOwjs= Received: from ubuntu-010236106000.amd.com (165.204.78.1) by SN1PR12MB0160.namprd12.prod.outlook.com (10.162.3.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Wed, 4 Oct 2017 13:14:38 +0000 From: Brijesh Singh To: x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Jonathan Corbet , Borislav Petkov , Tom Lendacky Subject: [Part2 PATCH v5 01/31] Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV) Date: Wed, 4 Oct 2017 08:13:42 -0500 Message-Id: <20171004131412.13038-2-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171004131412.13038-1-brijesh.singh@amd.com> References: <20171004131412.13038-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR2201CA0056.namprd22.prod.outlook.com (10.172.59.30) To SN1PR12MB0160.namprd12.prod.outlook.com (10.162.3.147) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 20a3b852-9c33-42ba-1016-08d50b29deaf X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:SN1PR12MB0160; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0160; 3:S7MmbCq4NjIc3uPdbtkn5bgze1KgnxtlToZi/PVXn82ElD1DP6qU0BjSkGmYGXus+CnrEVW0Um+ESkERCryFeUwSDlTqoYDeVzY6e3bsKxdiaKmhgy7mvC/fZfY49gm8xDYhPrKyoiTD00Akg7hZaW38CvBu65ZEAPTrs0d/PpfbvJ/BaqFsL5+Ug3vrQtbyZCrA1hYkvIg37CynZIVtxxOpG9SdU5FRJJNUNH735m5n24WZJpl0mZJZr5vrhZcm; 25:uF4TojW9fF6xRDWidDgTS8CWEUPFUacwDhDgpH4o+tfOoDcEJ+LKPSQdskGBwCk3Q3vvLs5xZCEj+u5HUo6D7Az9qIaePb903YJ3Pc0Tcd1cLeapuv5LGAwdKHYyGTYmpuPkYFqgFjbitCk/jKPxyEVieop6DHRAhp8Kpl8Q/po1zbc5yyT/pYUWPpNwobpADNYqmmZX0hitIqc3JpcU004rf1oTtJPUTgGsPZzujTkCmjuu8b+GPXEhn8tcYxB2ESfnFShWrZPNE7PCt4LJwWApE1KAPeYYcuoL3qkCwujUxMo5e7IyhYSZIALcnlcBvLHGMFlljzWeKhxPTjBhfw==; 31:ClGq23TJHXiHfedDbmNOu1+tsUQksyNWQVS5yQ4AccmimMmWktVdngzRSn4TNHuPscsXjJJEBfC8Da1/q8hXehnv2bl63waCOx2FY6I5ZLP1fjDr+KBrHJ98rWJUDVDWDr7vZKtLn6Rk2lNIsjudY0hnfyFd36J+CP0az6uTILhpt05hJm9baQInLtTjmjMn7CG5HJFSD2XBrMlI3LgYSIqW7Ba31C9zpdokOTk+pzc= X-MS-TrafficTypeDiagnostic: SN1PR12MB0160: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0160; 20:pojaXyREfMuJGJ+BGOV7WkleuNDeqW3G060Nza+Pj9LEBcUA39VzbXJHUQ4dgIcKUPJtnut3poVLzzpGmDdXL8QWimEQH6RL2j5am63OCrN8XkEvRAvf0pqeOtdpzpkjv8hhtJeaYzfwl7aDLAls1f9HREqohke0nxLBcHoLr08TvyOsorfHX4xMFBGsdtmbCV+ILY1nZ9/KVDy+jTbKtpbwKendfm9giOtEA9/94QNCuT6ms+30Dn4KzCaWXP/WDt+4Jpf/aiDJhwLhnBXa7nyGRHs3GtIwjNSXAcv86oaUoDeBA61+8JNYfygj+5KWidR9K18vSdWj4rTcqGXpdL2bMH0WapCDSmn/gnsip113mGElI77SHC9dBqcskf42HBnFzx10+9P1gbg8vCjB3FK3Owkpy2Uyq20kHfYFjBVkfR5RrRu4W7y118sLU/RnyAZl3vI72+1ogxSzAj71jd2uTui7K0rMQTu3TGx4izJpFlHvMUCDwrXaTLDlVhw6; 4:7royVNruV6ZVQPCvcyoCXluZV9aEvuDRE448/F5XfafBtJsiFEM6+o/4wZWlj0BWmvk0J9laAYsNXRdcogBz2vejzXH4iW13190MxvCDhOpzi/4LFU7BaLCwXJrD7dfNZ1a35o5OHqM6xTyJmnkqIhhaB6GzeJybgGb4WqXY4yjTKyT51xcPtSRwdjyijYtp2gPosI9gj9iDZ+DYSkM8hy21B9G3JQYjn/zse1hwN4dPH8tHFLvIm4rMkVjyeKw9DTLWZDYFJZM8FR7uhnvPmUAcmKXifRuE7D3Es6XMxtrm+ITI6j9Xp9nzr49nZEgbuH9+pqZH0cOJHqEa6+UQW5kvQWOw2l2KRiyrwXij208= X-Exchange-Antispam-Report-Test: UriScan:(20558992708506)(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123562025)(20161123555025)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR12MB0160; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR12MB0160; X-Forefront-PRVS: 0450A714CB X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(346002)(376002)(199003)(189002)(97736004)(86362001)(23676002)(76176999)(53936002)(50986999)(1076002)(6116002)(3846002)(478600001)(36756003)(47776003)(101416001)(33646002)(6486002)(66066001)(189998001)(68736007)(105586002)(53416004)(50466002)(4326008)(54906003)(8936002)(305945005)(6666003)(2870700001)(81166006)(5660300001)(81156014)(25786009)(2906002)(8676002)(7736002)(2950100002)(7416002)(50226002)(106356001)(316002)(16526018)(19627235001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0160; H:ubuntu-010236106000.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTYwOzIzOjNjZmNUVEppOGxaMG5WM3RHWGQwUDJGSGZZ?= =?utf-8?B?dVhlWGJTcXpxZXhaWVVmbm5JRnE0V1huZWhqV00zVFpxS21oNk9zTzJmSzla?= =?utf-8?B?bm93TzBuWjFGYSt5SmJhempsdkQ2b0NDSVpxUVJJQjZCTVNVaTVWd2laK2pL?= =?utf-8?B?L2pNN0tNdUo4R2JsQzdmOFpuUFBCS1M1QlpiQ2xVNGNsWm1zVWVFMzZaSG50?= =?utf-8?B?SFBiMUpINExJUjA4bkNIQ1FyczhOTjZlaG43bjNLaHVxMXBiUGhvZEl6dEJr?= =?utf-8?B?OThhNzczeUhtOFlPMndBQit1YXVHdE5JQU1pakYxcVQ1ckZGRzVORDd5RElZ?= =?utf-8?B?aGJUckRkMjNPTkJjZnR3dndRcFAxZjlGZml0Q1VaMDJhcGlMMGhZTEtTY1RJ?= =?utf-8?B?T1dJT1ZMVEQxeE1lMW9NTnZucit6T1BtUXcxOGJGaFlEZ1dLL0FzVHZwZm83?= =?utf-8?B?a1Eweno0NmpkVzlad0F1cWJHOXJFTGJjV3NleG4xMzIramJzMlVDbVJBTXY2?= =?utf-8?B?VExHQ2N6a0M3cUloaStvTGFoTnVXSGtUTFRhTkhNeUlmZE9xaHkva1pqMlhK?= =?utf-8?B?VzZkaEg0aFZ3YnArUllWUnV1aFI4Mm1aNkVlR1d6eTVPb0RTRHJNZlBWcjFS?= =?utf-8?B?LzNZYmsyNzl3SE1MRldHRlFBelZ1OUJMbEEvVHVsRm1Qckl1WlBMZGQrOVl1?= =?utf-8?B?OTBWWHpFbDdsQ2QybVorNDdjbC9IQnBZaGdZeEgxczYreWpoMzRSbVd2am4r?= =?utf-8?B?OG0xUnpVdENhZVdwWE5SNjR3akdyYlJqaGxZSFNoZzJBdTNxdE8zMUNqSDdK?= =?utf-8?B?UFpGeldPMFdQKzdHa0tNRUhYSkUxMXRIelNBYjFKKzREanJyNC9IcjFjQm1Y?= =?utf-8?B?ZWZjUWZyd2tWM2g0cmxtaXB1NGJuRXJpTVpUTnJ2QzJ3YVB4ZUV4NW5pNVRh?= =?utf-8?B?N0Q3dVJLMDJEYjZMSnYvRE4vaTE0clpva29Nc3VjeXBxNFowT3VCY1B2eTZQ?= =?utf-8?B?eXRaWFFHd2RMZElubVF4OXVXcDJ1KzBCcTZmQm9BQk00dWpsUnlqMm5STFVW?= =?utf-8?B?NWpzc0hCSDJxd1RINmV4UVJQNldFNWRaNWJKTXlOcTRnMGo0MEJORVVDVW1h?= =?utf-8?B?ZlBlbTd1SUtFWWFJblByNGpQSktsNTNrMVovSTJMc2NhNGZXbXN4ZXBoR3E4?= =?utf-8?B?ZHJGY3NGaVUzSHhkb2RYSXdRaDJJODI3SlpHYXBwejhZOWhFemNEbUtnQk1K?= =?utf-8?B?bktXalBqMHZMSHd2dVQ3UWd1R1Z0QkVOalVhNzNiS3JWT0RPaHpCclFVSHBa?= =?utf-8?B?Rm9USUVLVlI0dEVvRDJ1UVJjK1N1OHZ4OHVpUW5aVkRVQUVISktDbm5FOExP?= =?utf-8?B?bTQyancvUHNyaEw0ZDJMeEJuZUtGRWwrNzFLV1puNm9MQWVSMjB5d1gxb0hh?= =?utf-8?B?MVJ1elRqeGtBaDd5Wkc0VXVFRUZjSURGdXpXTHRxZjYwOGhXZGlNREtocnI1?= =?utf-8?Q?yNy8nZrcWgYT8v4xRcpA2uiLE=3D?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0160; 6:QzuG4svsCZZe5fB1QOK3HY+KZ3LzaN7v6FUOGpru6Gm7Cnx+ek9TMeOPZ1iTt+hcytzfbrOy6DpdM1P91ViTzgaumaMK8/HE58Uvj3n2A9TUo4YvrsCwBj23FAZRnI0d77GqzZX1THEiSdcjjPSjSC3kPZ/u3Oi8/Mg7MjbweR2Ez2BDlyVxw0hTyP/FywEt9NoUnQr4YD+60HYtp7jc5dLw8nEMvPvZog1VuMgtX0a2+LnLFqflp7uNor+ME+Klvx5aivLlLleNTn4Q2n4/pmi5VSVnSySbc6lWDrgK6a+ajh+cX8g00oNbz9gptC9LeS4Kug+7MaxlFycTUOdQzA==; 5:j7ohIbppQbzzIo3GbxjhGG+pyxqf15NwrsymhE68Se2X0x+h9BNb9v24NQXnYWjda1hwjKG9XDIFFbPoDd4Sr2xQEJS7SgubeUzbQp0NdqxamiYnHLqWJtuN9k+ZpNuLh5lxdcV6e/8qKN144WuVzA==; 24:ZzUHB57lcxezPvttoMslIHwqw5KZrggfnpY0t92yOIfX5QV2bntmcshJ9/tqoXxl2gPFe24QWTRJHdLn+IpShvsLIZmo9qaYp2bHEM/AdoE=; 7:ex1nRy+RqxgRt2fqO5f18OrMWN1c42U4Q+Lh45sDm7X8btlBgPiRWRXRVFt9rabKSGZ39k+lhtir9Te1wwhrhyXEMvyd5Irj+1JE0Zcbd/ZC7aCA0PMufh8RwzbwEX1oTX+CrqJmTptZWoDD8JV3AR4PIQLcTCLhbA3jc5jVIA626sG4NgWOQo9012M3cdnd4tMYGY0ZtXsj5yTwOppkqD/HHhOeQ3+bdR+/a9DYOIA= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0160; 20:2JTe8EjoT+e9Ad/8lm6Ljvdqh1mUeWMDUZ4fXfZtl5Nc0oP5yP6F2K8Jk4YP3AMzXxJpeME9b0VlqIopAxnOMuIjNZhnP48SFUxwx8x/J7YEWYJ9NMkXeoITpF7yQ8wUICztLqNe9mbMT3ovJdeskwzGXHsraI0JsLj7l+EdZv7XOswbsn0/LUx8Qea6WacsWaT3GkEdXkwn/KNNYWIVRA1PCOX8y05i5XMuSO+bBsjOkx5YYZohHKn0nngNsDWE X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Oct 2017 13:14:38.4435 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0160 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Create a Documentation entry to describe the AMD Secure Encrypted Virtualization (SEV) feature. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Jonathan Corbet Cc: Borislav Petkov Cc: Tom Lendacky Cc: kvm@vger.kernel.org Cc: x86@kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- Documentation/virtual/kvm/00-INDEX | 3 ++ .../virtual/kvm/amd-memory-encryption.txt | 38 ++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 Documentation/virtual/kvm/amd-memory-encryption.txt diff --git a/Documentation/virtual/kvm/00-INDEX b/Documentation/virtual/kvm/00-INDEX index 69fe1a8b7ad1..3da73aabff5a 100644 --- a/Documentation/virtual/kvm/00-INDEX +++ b/Documentation/virtual/kvm/00-INDEX @@ -26,3 +26,6 @@ s390-diag.txt - Diagnose hypercall description (for IBM S/390) timekeeping.txt - timekeeping virtualization for x86-based architectures. +amd-memory-encryption.txt + - notes on AMD Secure Encrypted Virtualization feature and SEV firmware + command description diff --git a/Documentation/virtual/kvm/amd-memory-encryption.txt b/Documentation/virtual/kvm/amd-memory-encryption.txt new file mode 100644 index 000000000000..26472b4cdbaf --- /dev/null +++ b/Documentation/virtual/kvm/amd-memory-encryption.txt @@ -0,0 +1,38 @@ +Secure Encrypted Virtualization (SEV) is a feature found on AMD processors. + +SEV is an extension to the AMD-V architecture which supports running +virtual machines (VMs) under the control of a hypervisor. When enabled, +the memory contents of a VM will be transparently encrypted with a key +unique to that VM. + +The hypervisor can determine the SEV support through the CPUID +instruction. The CPUID function 0x8000001f reports information related +to SEV: + + 0x8000001f[eax]: + Bit[1] indicates support for SEV + ... + [ecx]: + Bits[31:0] Number of encrypted guests supported simultaneously + +If support for SEV is present, MSR 0xc001_0010 (MSR_K8_SYSCFG) and MSR 0xc001_0015 +(MSR_K7_HWCR) can be used to determine if it can be enabled: + + 0xc001_0010: + Bit[23] 1 = memory encryption can be enabled + 0 = memory encryption can not be enabled + + 0xc001_0015: + Bit[0] 1 = memory encryption can be enabled + 0 = memory encryption can not be enabled + +When SEV support is available, it can be enabled in a specific VM by +setting the SEV bit before executing VMRUN. + + VMCB[0x90]: + Bit[1] 1 = SEV is enabled + 0 = SEV is disabled + +SEV hardware uses ASIDs to associate a memory encryption key with a VM. +Hence, the ASID for the SEV-enabled guests must be from 1 to a maximum value +defined in the CPUID 0x8000001f[ecx] field.