From patchwork Tue Dec 5 01:04:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10091967 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 35D2D60327 for ; Tue, 5 Dec 2017 01:16:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2A957294DE for ; Tue, 5 Dec 2017 01:16:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1E712294FB; Tue, 5 Dec 2017 01:16:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 89A59294F8 for ; Tue, 5 Dec 2017 01:16:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752073AbdLEBFA (ORCPT ); Mon, 4 Dec 2017 20:05:00 -0500 Received: from mail-bn3nam01on0088.outbound.protection.outlook.com ([104.47.33.88]:33708 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752035AbdLEBE6 (ORCPT ); Mon, 4 Dec 2017 20:04:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=QLmR4PWzIt/RyyFFOmE2D68pwCmYvi70oK++w393yYE=; b=abCigD7eF/aVQy9l0R+qfRHQYSCRPEINUwX2uCJuNVUkibTeBXypikxeatZlD4j36ypo7fwYUyDiMlvYiU1erSB16WoLh02zxzHjQCeCF82MM+ylR7CvbNbJgAuwjP87n/ctToiq4frgEvUOxUzqyFvFOjxvayceAOxrfSrdesw= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by CY1PR12MB0149.namprd12.prod.outlook.com (10.161.173.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Tue, 5 Dec 2017 01:04:54 +0000 From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Jonathan Corbet , Borislav Petkov , Tom Lendacky Subject: [Part2 PATCH v9 01/38] Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV) Date: Mon, 4 Dec 2017 19:04:01 -0600 Message-Id: <20171205010438.5773-2-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171205010438.5773-1-brijesh.singh@amd.com> References: <20171205010438.5773-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR0601CA0087.namprd06.prod.outlook.com (52.132.96.156) To CY1PR12MB0149.namprd12.prod.outlook.com (10.161.173.19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 691908ae-7388-43e1-9ff9-08d53b7c3271 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603286); SRVR:CY1PR12MB0149; X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 3:RGDFMmvH/QY0CKt3ovgvapefbQil9/RSRk3dFANBuzve48ZsZNN/3GixFi+OhLvyEsC0povTNdO4Z2fMQxMfHeweNBAdhddQkZ3ZJzfCm44c6tnNzDwe8D5k4BgoMLSrOLiS4kMsun/gTfcsf7tMNilOUqhDDM0Yb3q6JeF1+Z8+3quWl7oEDb39lTqbPfNgZqe7FVVa6MerdPiQ56ps/ZQfs/hiPQ/jOXBiw76pX57W6PsBKxsXkU04TemGOay+; 25:6NmQzSrucyl/svI9FZYRumFKeSRIckCKtd8JGYIn1gbpHdMw9IYJ5LQox2+5LsbLa5WBljgaBqg8++BJrV2gsX57SohkNposWLK9Dzky2k3lECAK4IqdGGMW17EbTqxfm1chaVOuu+i+jd4FsniDkBuK0qSwmN89b9f2yQlJGvOB1FwflDW3es03VZVx5jZmIAQ8x/veiu6v6Bs8tNlZnFtTWuS6wJElWLpgKpHcoMymLakPrM5gswehS/X6zRyC4ND49XaX9AhdanZZux6gjml/xBpOfJQvGcdCD4NRj+kmdiCYmQGHFtMECiTzU0jN0uZw5bIzKqx76oHpOjDQtQ==; 31:4tPSmqU7SlKL8KVtYOjtnDoGjNNKycPewhBcL7KCsWOmr/AUkz6yUZdLgBErpKRPBLsozn4vZT52o7RDOOl7jonC5fm4T6GL8ZPNgkr3pR7QniwGxzE5VXspSESyrBkSjJu3n0XO0zLJlCM3n2smZCeRFydqSEunyeg/OPNaIvRCg5wXGq2rffGWcU6FsEfITLFot4caYFb4REZgUmPPZOSRjXumbkkM8+wS+G+Hngk= X-MS-TrafficTypeDiagnostic: CY1PR12MB0149: X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 20:5aIfU+uC1D4Tn+TcZsgbIqhySk4boJ/EADxAsHhCgzosMKZX3HLQ3wRtcoTW5C8tKmVZdUCQaV5IwY7FkTTSQJXw6WU3j3wrEXE4XWn95gtR4akQGCQBiiT8s0qUMlvbhJs462ZoaXYTsxZtfP2dadXzPDJxaN1TKYyrJAmcUAN051tKMmwaA3qyYXl+S9tyNb25hK8Ee+dqUyocpu1D4IVf8NUh2jzuqiHJycz54Hmbkjhdf2/vxxo8e7o9lz96IJ/+GDD6huKX3VzbAeGi/23K9t04qyZrRYuNafgCfTfenLyJ6uLg5IVgWxxhUJkbv70Ea0h29wHlVCei1UZBmtrcvwbXffULlnrHT1/lnzjyf0gfdXfGey1U/R6vDI34NvV4WUbbLw9msLz9+f3h6SJN9aIVSq9t7tW1oe5Snn6wnXr1ipoLJm3suk7EpNlx5F4Zt9IAw+Ujnj5K7NSDavy9erqm9wVAQU6ZOZmho7h4KjmCVHy01qG9asR1JmZt; 4:UKam6nxISAR7kJ7uQN9Xe9YyUugcV6dmX06afGBYIQKrYSDhf/RNN0oyvTawQF8WnI6fzzptDqesNxhCgxiyqszvUEYNgbMWB5qlH3Dt2MLdNBPSCJzypFaIgQ36EzwY4X4Uj0E2PPG6acPxAJmfwEn9TfER4ik/ipd2mQBcr6YAz0kZkVMISPDhPT7an6kSANjVGdkNA4cKT7YzMTHur3i+6nM2j7JMZz2SmB3LtgRc1TzYm2XShG1qCMDx7eQ30yJyZXD2x8pbpv3M36UyZYvXZypLY/PG/4vpj6oEpJxshrZ1pzVwE/mMoOk7eH4Dn7q8P7rPQw3sraLlGTvJ+PySfL4A/k4RY7kJvu39DAtBj450o+lq5rIMSkm9AoBK X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(20558992708506)(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123558100)(20161123555025)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6072148)(201708071742011); SRVR:CY1PR12MB0149; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY1PR12MB0149; X-Forefront-PRVS: 0512CC5201 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(979002)(6009001)(366004)(39860400002)(346002)(376002)(189002)(199003)(16526018)(189998001)(106356001)(478600001)(7416002)(2870700001)(101416001)(23676004)(52116002)(97736004)(86362001)(7696005)(33646002)(54906003)(25786009)(105586002)(76176011)(316002)(2950100002)(6666003)(7736002)(2906002)(6486002)(50226002)(81166006)(81156014)(8936002)(53936002)(8676002)(4326008)(1076002)(305945005)(66066001)(6116002)(53416004)(5660300001)(47776003)(68736007)(3846002)(50466002)(36756003)(19627235001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR12MB0149; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTFQUjEyTUIwMTQ5OzIzOjNDU2RVNDZHWDA0NTZzc3diU2lSdTV2amhy?= =?utf-8?B?M0FVZDVrVzRFZ2VzMHZ4bmZacFBzT25vRnBZTjVtVlY3eENtQzNkT3JjbUNz?= =?utf-8?B?OVJiSDNUVWdKWUJMb2V4TFpBMXFtTGd3L3VVZnJnUmFaZUJjS2JGZWVSQVZO?= =?utf-8?B?d3lsTURPWHdFRmcwV2I1dU1rRkcvdEh1NnBXT2FXdE9QKzFUNXdGMHFScHZx?= =?utf-8?B?a2plcHd6RVBweXBTYzYzQkdON2F5T0Uzb2xtUVVjZnVUc0h3a1ViQjROdFln?= =?utf-8?B?RFBORXZ1S2thblJ4WVU3eHkrRkRadmtpUEtkbXJUL0xSVWJGQjJ3d2RubnpF?= =?utf-8?B?NkQ0VFhhd282SSt0SGNVMHdlYUtINkpNbWdBN3hvc0UwZEZnTXM1a3VEWTlt?= =?utf-8?B?bEJyei8reUMwTUdSeTh2T2ZyZjdtc1JTK1dua09jMnk3VXA3alpDRmx5RkV3?= =?utf-8?B?VElqSDhqWWlRZUc1YzBGYWhSd3BabFhWQ053TGZ4aXJxNktaYjM5ZlBzUVRu?= =?utf-8?B?b0dzcU1WSmVWYm81eXFkaC8yVE8xWVVDaWhsYU5wN2hhbGlnOUlHUEt3L1dl?= =?utf-8?B?WkpUTDY2UjdVK2piTy9kUmpLQjlTdVgwbVh0azZUbkw2KytUcXVReVhYdGww?= =?utf-8?B?dUFTa3V4Y0l6ajZzbWE5UjA5M1QxWHltL2VqbXRraUdyeTdMTjA4RlZJM2h6?= =?utf-8?B?LzR4dXV2NU5lWENQOHh5T2VyRXkvcEtHbFpmMVA4akJnM0NxWUkxaTZ5ZjB3?= =?utf-8?B?KzdqVG9xbUQ3L2EvUTI0K2MxdUR0VWNtMnVabUhseUwyRG1XU1VJOU03T0Uw?= =?utf-8?B?aTF2VTFqcEVBUG5iS1ZRaGNhbDJGcEtROXliWXViazExaTVkWUlxYkVQWXFP?= =?utf-8?B?bGdjUGpQZm10N3ArbmVmV0tVcWRuTjFXeERITFIvdlkvOC9Fb0lZS1ZxQ01F?= =?utf-8?B?U2dFczR3K3RVRWdtMFord3VMcFU1SkN1cE85ekR0UkRLVTZjWUttYUVjQjRG?= =?utf-8?B?aFZUZWxhRVdzY3loZVgxQ09uU1RPZUptSjgvVkRrMDRCeXQ3VEtWMDhnUEQr?= =?utf-8?B?SUQxVGF6RmJxV3pOOUNSUk5MTld6QnFwTVEzMzJxQXUxQnVVY1lYbncyWHRh?= =?utf-8?B?L1VpZXl4SEVuWXVoSCtxTlZtcjFnNGYwMktYV0tLNXRjVEw4cHhnMGFLRFMy?= =?utf-8?B?bVpwSlJPMks0REZCS3RmVmZPZWtHRXdwN2FpQjRSajYwZUxoeTAyVW1sQ3J0?= =?utf-8?B?eFhpU3BPMSsrUXZDMC9jUzdla083UDEydkV1bFUxeGg1WnFjZzFVNE5Zc0k0?= =?utf-8?B?V0ZVVmZKdU5wSnBNazNDZUVuYk9lZlhWeHplS25vaHJEV3IwbHhBWnpYWEVR?= =?utf-8?B?MDF5WTExSUtDenpiQ0dNdHJyaHFVUVJYb3RPOXRKcFRBcjJJYzNHMTNFOGZV?= =?utf-8?B?YThaQmQ4VEhIelpDT0JLaURSeUFwOFlEbUh5QzlDWVIzZmdYNGFJbGYyS0M1?= =?utf-8?B?ZFhQTEl4MFdRT2ttUjhzaWMyeXgxZGZ6RnRZWjV5cUtBdjYzc2dpUVRuV3VO?= =?utf-8?B?Ykg4RXVFWWpXeWlOT3lMdEFmS2VkVUxtTGlnYXhEei96K283UmEwV0p0dzJi?= =?utf-8?B?Rm5FY00zWDJUT3VwRU1HSytpSThBSGZqbGlHU0IxYU53eGsybTlpc2RrVnND?= =?utf-8?Q?GUEEn2F3KDMP7/ZQJU=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 6:n7Py5eaXDXZLReB8xdeLRXmL8KjIuhkOpPRpC5w4Y5Tjp5gQclpqirxv0PdecFxBcV7TDcP7fUtdsUsybME06KnvIuq7CAbeV/zjCjaW5dsrNOSkHFJMBaWXcsqGPjK3WlzVv3yZ+KP2Zswj/W4kqxO/BHPAD11UkdJ4R/FTvSyRjmwPBiW+gorQHWxks01d07c0WtNyviKhRMsmf6AZ8G7grEOnI8V/ju8AvtwoPeMyrfbNxr2mhi1/xbgKeg25NiTO9akqI3GNt3lDdxpd7zBHNaiX0mRLLyhzSKhVAHWRIXTXHpCIcvGTNzAZtMXm6cB1TL29NaPqz9Giz3iylb90PI669BfzbpnooeAzJ3g=; 5:9eM0vyhxtkvPxLpJtD5J3JWgLhKhAo1IMmouYmolLxw/1ogRD+X4QNNRr3lWF/IGQIGLkc7EEiqHasnUqZ2hbWFdx5Mxu1s+/fvyRGphsCCZ45n+pnDFLfF9aP/MOkZbRQ/qQKeDtyAUhC3fmsSh6mGlKTA0/Cy/RVFNXjur+eQ=; 24:Td5P0MdOYuOLhYbaVk+WXOa5E7Tgdj6ob1VLlU5+fBcYHPHUnZPymIhMnp/7irsbb7w7eTKwEOWBiwZEopDmmIaz8Hi9Y7XbMrZFvizK36g=; 7:c+rrJt2ZoZ/3LJ+gfqRDCSwfi3mICAcLsUn5iywtoS6kQ+5mVH3Awu8/HTBoOGJR+GXmRRQ48IZw9+i7KB+4ViCx2tIk0XKiXcVIZkTrkDrw/HNG6efOpjIY2xcNgNGrO5/hFkU+Ed7pfz1Nee0j4KJepgcvAWqsnzxFQTAbvSipT0bIe5U10BGzPHGkNMbjzZYvmdiRAUD/LWSL7ssUbSE+vp3PiM8bNoXXVMoYq5sHGEDcB8OZLw73CooGmdUo SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149; 20:Dsq2Bdha6uArPaXmA5Soli22iIiYVJQIQEephbHCHsWLHJAdIhxD93kzPFUhWE3PCaJQwLyAGjWaNp3KFRRK66g0omtVKlXws5RsXocgr4Y7xQDLkcg2N5wXZQaFgo+X+OtrFPQjWJW1MYtcN73biwxX/Lna8nj1BWG3CeqpyAjmvejLoOKwMSVcz1ipwprI8EvgAKHBlSFc0tyuYiihQEV1oDsHvTZP9GOSd1XSKTGkvAuD/ib+SgSRYlzWswLd X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Dec 2017 01:04:54.5146 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 691908ae-7388-43e1-9ff9-08d53b7c3271 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0149 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Create a Documentation entry to describe the AMD Secure Encrypted Virtualization (SEV) feature. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Jonathan Corbet Cc: Borislav Petkov Cc: Tom Lendacky Cc: kvm@vger.kernel.org Cc: x86@kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- Documentation/virtual/kvm/00-INDEX | 3 ++ .../virtual/kvm/amd-memory-encryption.rst | 45 ++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 Documentation/virtual/kvm/amd-memory-encryption.rst diff --git a/Documentation/virtual/kvm/00-INDEX b/Documentation/virtual/kvm/00-INDEX index 69fe1a8b7ad1..3da73aabff5a 100644 --- a/Documentation/virtual/kvm/00-INDEX +++ b/Documentation/virtual/kvm/00-INDEX @@ -26,3 +26,6 @@ s390-diag.txt - Diagnose hypercall description (for IBM S/390) timekeeping.txt - timekeeping virtualization for x86-based architectures. +amd-memory-encryption.txt + - notes on AMD Secure Encrypted Virtualization feature and SEV firmware + command description diff --git a/Documentation/virtual/kvm/amd-memory-encryption.rst b/Documentation/virtual/kvm/amd-memory-encryption.rst new file mode 100644 index 000000000000..a8ef21e737db --- /dev/null +++ b/Documentation/virtual/kvm/amd-memory-encryption.rst @@ -0,0 +1,45 @@ +====================================== +Secure Encrypted Virtualization (SEV) +====================================== + +Overview +======== + +Secure Encrypted Virtualization (SEV) is a feature found on AMD processors. + +SEV is an extension to the AMD-V architecture which supports running +virtual machines (VMs) under the control of a hypervisor. When enabled, +the memory contents of a VM will be transparently encrypted with a key +unique to that VM. + +The hypervisor can determine the SEV support through the CPUID +instruction. The CPUID function 0x8000001f reports information related +to SEV:: + + 0x8000001f[eax]: + Bit[1] indicates support for SEV + ... + [ecx]: + Bits[31:0] Number of encrypted guests supported simultaneously + +If support for SEV is present, MSR 0xc001_0010 (MSR_K8_SYSCFG) and MSR 0xc001_0015 +(MSR_K7_HWCR) can be used to determine if it can be enabled:: + + 0xc001_0010: + Bit[23] 1 = memory encryption can be enabled + 0 = memory encryption can not be enabled + + 0xc001_0015: + Bit[0] 1 = memory encryption can be enabled + 0 = memory encryption can not be enabled + +When SEV support is available, it can be enabled in a specific VM by +setting the SEV bit before executing VMRUN.:: + + VMCB[0x90]: + Bit[1] 1 = SEV is enabled + 0 = SEV is disabled + +SEV hardware uses ASIDs to associate a memory encryption key with a VM. +Hence, the ASID for the SEV-enabled guests must be from 1 to a maximum value +defined in the CPUID 0x8000001f[ecx] field.