From patchwork Wed Dec  6 20:03:33 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Brijesh Singh <brijesh.singh@amd.com>
X-Patchwork-Id: 10097035
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	4A83160210 for <patchwork-kvm@patchwork.kernel.org>;
	Wed,  6 Dec 2017 20:04:49 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3B65A28A07
	for <patchwork-kvm@patchwork.kernel.org>;
	Wed,  6 Dec 2017 20:04:49 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 2FE0229E42; Wed,  6 Dec 2017 20:04:49 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8144728A07
	for <patchwork-kvm@patchwork.kernel.org>;
	Wed,  6 Dec 2017 20:04:48 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752500AbdLFUEq (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Wed, 6 Dec 2017 15:04:46 -0500
Received: from mail-sn1nam01on0070.outbound.protection.outlook.com
	([104.47.32.70]:10704
	"EHLO NAM01-SN1-obe.outbound.protection.outlook.com"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S1752488AbdLFUEj (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 6 Dec 2017 15:04:39 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
	bh=QsllVgsRPkAWB6bdluXFEbVZKmFDAL5ufYErKBa/QdU=;
	b=PGcWlj0jOyjs2HKugpGGLPr2dxXp7Ecod+CppDzd8XNxvxQteDhWS3mjwWCosa8WoYsXFO1jtbLRakk2KwAUnYFlqf17vn80S7x0goAZI4C/Q6owTHS/HdbHNvOhSKe9YfFu03ht7gjXygejgxrDFviIH5MyfpA2mC9zERxoDVI=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
Received: from wsp141597wss.amd.com (165.204.78.1) by
	SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) with Microsoft
	SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
	15.20.282.5; Wed, 6 Dec 2017 20:04:30 +0000
From: Brijesh Singh <brijesh.singh@amd.com>
To: qemu-devel@nongnu.org
Cc: Alistair Francis <alistair.francis@xilinx.com>,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Cornelia Huck <cornelia.huck@de.ibm.com>,
	"Daniel P . Berrange" <berrange@redhat.com>,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
	"Edgar E . Iglesias " <edgar.iglesias@xilinx.com>,
	Eduardo Habkost <ehabkost@redhat.com>,
	Eric Blake <eblake@redhat.com>, kvm@vger.kernel.org,
	Marcel Apfelbaum <marcel@redhat.com>,
	Markus Armbruster <armbru@redhat.com>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Peter Crosthwaite <crosthwaite.peter@gmail.com>,
	Peter Maydell <peter.maydell@linaro.org>,
	Richard Henderson <richard.henderson@linaro.org>,
	Richard Henderson <rth@twiddle.net>,
	Stefan Hajnoczi <stefanha@gmail.com>,
	Thomas Lendacky <Thomas.Lendacky@amd.com>, Borislav Petkov <bp@suse.de>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [PATCH v5 10/23] sev: add command to initialize the memory
	encryption context
Date: Wed,  6 Dec 2017 14:03:33 -0600
Message-Id: <20171206200346.116537-11-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.9.5
In-Reply-To: <20171206200346.116537-1-brijesh.singh@amd.com>
References: <20171206200346.116537-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: BN6PR14CA0035.namprd14.prod.outlook.com (10.171.172.149)
	To SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 07921f15-fcb3-4187-f0e5-08d53ce490e2
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603286);
	SRVR:SN1PR12MB0158;
X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158;
	3:ZGCMPLHXqSdF5KQYOYeEYtT5SzSCA8ult66Wcb926/b2ymVB2yQopD8WGQjeFq8eSltxKTgttdSw2G04n8VktmJioZKSM9CGtIqQpNHYZ37N97NDwIQBMT2y3ZoWe34QEVV84Ml/YRMhqthTbF4guwpamxyhSFMRR5RG8o14nxqbFFuNe4d9hPHbje0bh562TBC2/mCr7yDEEdWjP5QGUBaeTglxWC4OftBocu8F41LjmdVZSipweg+mCYN+NsBh;
	25:n2vujfMn7DgIUF6cXkbfEMadFO8Qy20QtM9TGMJ9cYpU37GoWmZw5ATlTGX7XkCjAE5cuikjgNqnzJLq5PWWN9kFa0noCTHOEw+H0ZyYS9VOVaRdRPsu+Lpi3dUb8XgMhAB2kRQws6rRK+qLrXZOi+Uluc9s6aElOUzKLqpzerzDIwkUNenjHjGkEg70kY2vj6lZuW/NtHzO9weQKUOXVK413usl8uRzVDxHu+T8mUrAiQDVywL+dnfSJ43ZBp3LzUhdbUwIwb17Tp4o6iGp43zZo4JEt6lo2W07NWuM5723RR5k7e0W37V32pb4KdUAFkp0/e/btxrvk5UZrzf+dw==;
	31:K7XjF+WwvE0JnhI008EkrqNpM4+TsHrPjPP9YkUj7PailbKDVHH+wk6Ot5+yLI+tJE31Q1yWLk1Ez1j7+HMyLSbtpLfN+ygHSPzrDKQb5nGmbfhywmVATOXZiBVCicAx6ARhhaveKdb/wX2y3lLeHF/fVfnIy5CSFfABxfqd4n3PMPSPUrDprUU5LZIhRSeGbynXP9QQ8C7bCrXU6t7S2MQ3aqCfaqyCtK2AyFNwqUM=
X-MS-TrafficTypeDiagnostic: SN1PR12MB0158:
X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158;
	20:/d9oKicWjdOfbWjWAwzf5V2DB7WUnsDgAceY4nCKhWKOYt2CPSmAymEYHFEoRKWKtptVa21huc4tS9yustGdAJsA/tZXiQrY+Bpz7Cjqzhwh1ig6wFMh2xkBLp3jR/jNwBGpftFpejoraWEEJBg1KKJitfG1VqMbclU/PZr8sTLlJw6//I48vSbrh1KtPG3q6R/ihQgYX+/zdG6/EcKjJyenFruCqBVqJJfNO5igmmS0BSrZm1SuJD0VcYs3Tz+LjRf6ZDHpTRzzLwgJlNArB0Kd5C0l2N2UA5xv/bohBOariWigcuTAi7PncRqoSIXwdn3Z84IEQmRoyL/WZnwJS+FwUjt1fNmzOtFsi3IY0nx8cRU7t99MdN4RBZU80jc2xmatei9l2/n6JZP8veNSerMYsuwDgQSL7CZ7X2EqK1MCPrVsNT0h2Lhqjn97eFGBECF1ut7ehknbuEmqQNM6xO5Rj69yQplKoFzWy+y4THE10y9oGJf06cOzryRIzi7H;
	4:PptaGr+7+/xkW8ZDweiT/fpOhBBuJtt7hzih5q0riYVUUdJw+sz8MDurgjeQDhItQoyIIAlaTvSuseG/Imo6MV9WoZkhJLc2UDEUCvSgR6pDgAUJByPKh8xbPSCKI2Y5YeLteCXw9qoUXy3y+DTgWB7dildRjUGjWS4UR20YM3NhAunsJOxBiA0ovdbxigIs8sSPY7onY1FMHAgqyDoVpJeT3/6jsNWDMnPaeEcaqGII/HdpirfW3Yb+98W3PRnvtJPLMc7lc1q917gxRR6qPieQcpmD18j0oxSZiYteeQ84D6D1P2M/R3uJIGpsiEEh
X-Microsoft-Antispam-PRVS: 
 <SN1PR12MB0158E4D76E682F560CFE3384E5320@SN1PR12MB0158.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(767451399110);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123555025)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(6072148)(201708071742011);
	SRVR:SN1PR12MB0158; BCL:0; PCL:0;
	RULEID:(100000803101)(100110400095); SRVR:SN1PR12MB0158;
X-Forefront-PRVS: 05134F8B4F
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(376002)(39860400002)(346002)(366004)(199004)(189003)(16526018)(16586007)(33646002)(53416004)(105586002)(39060400002)(4326008)(305945005)(2351001)(106356001)(2361001)(7736002)(7696005)(86362001)(52116002)(8936002)(316002)(575784001)(53936002)(97736004)(76176011)(51416003)(36756003)(66066001)(1076002)(3846002)(25786009)(6116002)(47776003)(50226002)(68736007)(54906003)(6916009)(2950100002)(478600001)(8666007)(5660300001)(8656006)(8676002)(101416001)(81156014)(81166006)(2906002)(7416002)(48376002)(6486002)(50466002);
	DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158;
	H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1;
	MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB0158;
	23:2RZHDY1IRmI9qlhoh/0PgzpjzhMHflgTeXWGsOdE9?=
	=?us-ascii?Q?OU7JdC1KMk0NNUOIiTcdS6BXopn4FvbeuRhzJ1dYxPGewoZ2o1MobXSBifYx?=
	=?us-ascii?Q?RfEE9BB5c7HRndXBpMtGsMRUaNzZzSLFsS9DrYoi7CnVYFG8yWK84VvDpRDD?=
	=?us-ascii?Q?1LnPf4opRE4/YDJ/bvPxwXSlwC+zCYlvHrUxbOFcDj1MWFCTx5mZ32kpXos/?=
	=?us-ascii?Q?o3/508viMlvI+eQDKi96fBvm/UVLuW9vp53ovu1Y70lz+0fdS1ekSJybQIOS?=
	=?us-ascii?Q?1/ns4v4VlQ6GLW60qG8dtwBGGjX9wcsmhnhHHTxuH0x4wkGrpZcrlsfsDDyy?=
	=?us-ascii?Q?Myn5o/OUPsLOrX10pcZ5HWPg4dDqyO+P1PM8xNPgPB0FX+UaZBADdxBUwmX3?=
	=?us-ascii?Q?a4twy+fkxuclO5/aboQihPfWjkWrFvyqAxFovmysPC9VyDs2fZsbSwIwPUO6?=
	=?us-ascii?Q?ApLjx/Fm+j29PDlOOAU9GmdIQJzE5G8K9P7FEXVCyPZVMJ/Z++DifmnjbTe/?=
	=?us-ascii?Q?CfsNbsAZTmGe0nznHpE7gd85a7R4O639AFXr2C8Ct+1gtvgeftTPT5sYnXtG?=
	=?us-ascii?Q?r8GfntgE+7R14paFnbcOTealmS7mpmi+TcN2k6/mjjySwNvZbdAx+f6x7vEF?=
	=?us-ascii?Q?5EMo7q8h0KOrsz7CQy3X9x3CWtvJkqE/wKlGb9FcoDZHrYAGHC7dAXLfoyka?=
	=?us-ascii?Q?KgSrVcaMglGFuu31Xk1wd/fxbY/P63ZY20w6O//1Q2oYhIOhxK0bjbaPpB2N?=
	=?us-ascii?Q?uVH3RTyNRXDtZ1R3Mr4NWTofd/iPCnUrNaZbKY2+bLPReVltGFEAp1wuj8wA?=
	=?us-ascii?Q?bAzMwHjIm5tEfXx++BPA53i3xXYxt4+ueLzUrLCFzaL3Eab6T2kmhw2lx6RH?=
	=?us-ascii?Q?8EtTuvL26v1d26R1DCdHbNq2J73sVG2+wkeERpKzinnbCJueB19wsTbhdZKt?=
	=?us-ascii?Q?eccj/1brtdNBVs7j8ZwYjtyYeL6JY38heDbOOs4nGMxbJXr7coQaOQImX3R1?=
	=?us-ascii?Q?RuyDE8c6fBzt8dabfgQ+zaqcYTCHXvyp40qU10JV36undH1aGxm7C59msUC9?=
	=?us-ascii?Q?SmaOUisXr5RuukiQPZOM1I9pm5xIOnfqDJxYQnpywFVbniuzDWYtMK0MxVKp?=
	=?us-ascii?Q?L/8+ukd+chnzNObm8wLLdL4xhBccWG5QuSAT5ruaPKEOKTXX4ilLnbGz+0cL?=
	=?us-ascii?Q?jK7RhNcH8J2UpTxAi0TGEwKMVleD3dj7/HEbMZHZ82sKQivAC7Nlfei9w=3D?=
	=?us-ascii?Q?=3D?=
X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158;
	6:wJvW6H/DVseGxkPuIlWT5inERWlaYQSpE+BPATQQfGXoRmtdsdkvB3rkk9GtvvZn+5wg8vzwa1yK5TxKtK2dKElIDP1fGK7vgEfEyQQi/KO+Wlj2AzFo5MpACf8YriLbT/OM6fGlIcB1HmtgPeq/pIxf+J2sQVBL+y3fDXY/47TPX0moUeoRHKL1nOsbXBgPxzXl75vrgkg7I0Ocn9Ajk4DFP6vrR7eHLLxFDt5zldCtyQsRKtZ+6p6cV4/08geDGSVla7X0FS0FmnKrTZp98UY8uDo1/MXA4ZH0XSLwh5JR8926bcE9bk9cNIwwPg29rqKnDoegFUYRO0WTode4DbWRzwJf5WnE6o7RVCSNENo=;
	5:q0vQfq9b8eKulgBV2JZa7U4Rx2K1ANMUHMQq/DjIjFkQ7Z2RylvrLF+SR3XFW6NLr7eXTsRRwtBFNenJbv+WrVDEoeP+sqBBVnrjZCbLoc8q3/uughwdDkTbVLOKX8RMY+t3auu1w8Gvo4JNU4hotXSg2rS2sx1Mnbs14jLFEWA=;
	24:tf+H0EVTtZ3niZjoOKuKOSnitg4HfwGbBcybb0xlS/YmZQbBUtJLw24eLhA65uD7RaDaQIcLIO05GJX8JAbXZElDRQiGAtarxVyC/DK0Rcc=;
	7:XuxsmvEOWUXs4SdwNyLugybhgzkgKqYxFNgaokNOS6+pCujD+gWEbhvvB+TZCtJ0ACQcsRXfoho9eMY2IVwW4/tlohP+RSZOYdK+XSU/CKsjV8Pyeydb3gkuaOhFf+8OFhhWJs65b90RTL5G8vsegd1btC2Z91kvKl01d/JIIXy77Sg3Bav4QYcsYmw7jLqcNmx1hILYiLvXZpq8IkYi4314BEBAA9cz/Lgyf2Qz9WeEwJ37MPDbQyalp44UNwE8
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158;
	20:/3UMIXX/N/JJj9NMTZUWmIB7E9i7MASwriTLw6BYNK7OIoJFyYEG6R9xMnKj+UF/5d0S5T1OgCPj/vfHCv4aiZONbKIdQMZaESkz8JIXPr1EUz8Loc6RAjn8akvKtzT5cZ0zk4k1Wmyj4v3bqcLivFU6ZYjyWxTXsK6a8OaQQWzNO+WFTSDpTCLGZjfmOKhDYS4538qKN+QO7TAz8SyC6AhPpdJvLVnJU+hlytKSaJ4g0i8zXfwq/uf0EzIMD1MS
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Dec 2017 20:04:30.3639
	(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 07921f15-fcb3-4187-f0e5-08d53ce490e2
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

When memory encryption is enabled, KVM_SEV_INIT command is used to
initialize the platform. The command loads the SEV related persistent
data from non-volatile storage and initializes the platform context.
This command should be first issued before invoking any other guest
commands provided by the SEV firmware.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 accel/kvm/kvm-all.c  |  15 +++++++
 accel/kvm/sev.c      | 122 +++++++++++++++++++++++++++++++++++++++++++++++++++
 include/sysemu/sev.h |  10 +++++
 3 files changed, 147 insertions(+)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index f290f487a573..a9b16846675e 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -38,6 +38,7 @@
 #include "qemu/event_notifier.h"
 #include "trace.h"
 #include "hw/irq.h"
+#include "sysemu/sev.h"
 
 #include "hw/boards.h"
 
@@ -103,6 +104,9 @@ struct KVMState
 #endif
     KVMMemoryListener memory_listener;
     QLIST_HEAD(, KVMParkedVcpu) kvm_parked_vcpus;
+
+    /* memory encryption */
+    void *memcrypt_handle;
 };
 
 KVMState *kvm_state;
@@ -1632,6 +1636,17 @@ static int kvm_init(MachineState *ms)
 
     kvm_state = s;
 
+    /*
+     * if memory encryption object is specified then initialize the memory
+     * encryption context.
+     * */
+    if (ms->memory_encryption) {
+        kvm_state->memcrypt_handle = sev_guest_init(ms->memory_encryption);
+        if (!kvm_state->memcrypt_handle) {
+            goto err;
+        }
+    }
+
     ret = kvm_arch_init(ms, s);
     if (ret < 0) {
         goto err;
diff --git a/accel/kvm/sev.c b/accel/kvm/sev.c
index a9b9a63c2da0..37020751bd14 100644
--- a/accel/kvm/sev.c
+++ b/accel/kvm/sev.c
@@ -22,6 +22,67 @@
 #define DEFAULT_GUEST_POLICY    0x1 /* disable debug */
 #define DEFAULT_SEV_DEVICE      "/dev/sev"
 
+static int sev_fd;
+
+#define SEV_FW_MAX_ERROR      0x17
+
+static char sev_fw_errlist[SEV_FW_MAX_ERROR][100] = {
+    "",
+    "Platform state is invalid",
+    "Guest state is invalid",
+    "Platform configuration is invalid",
+    "Buffer too small",
+    "Platform is already owned",
+    "Certificate is invalid",
+    "Policy is not allowed",
+    "Guest is not active",
+    "Invalid address",
+    "Bad signature",
+    "Bad measurement",
+    "Asid is already owned",
+    "Invalid ASID",
+    "WBINVD is required",
+    "DF_FLUSH is required",
+    "Guest handle is invalid",
+    "Invalid command",
+    "Guest is active",
+    "Hardware error",
+    "Hardware unsafe",
+    "Feature not supported",
+    "Invalid parameter"
+};
+
+static int
+sev_ioctl(int cmd, void *data, int *error)
+{
+    int r;
+    struct kvm_sev_cmd input;
+
+    memset(&input, 0x0, sizeof(input));
+
+    input.id = cmd;
+    input.sev_fd = sev_fd;
+    input.data = (__u64)data;
+
+    r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &input);
+
+    if (error) {
+        *error = input.error;
+    }
+
+    return r;
+}
+
+static char *
+fw_error_to_str(int code)
+{
+    if (code > SEV_FW_MAX_ERROR) {
+        return NULL;
+    }
+
+    return sev_fw_errlist[code];
+}
+
 static void
 qsev_guest_finalize(Object *obj)
 {
@@ -170,6 +231,67 @@ static const TypeInfo qsev_guest_info = {
     }
 };
 
+static QSevGuestInfo *
+lookup_sev_guest_info(const char *id)
+{
+    Object *obj;
+    QSevGuestInfo *info;
+
+    obj = object_resolve_path_component(object_get_objects_root(), id);
+    if (!obj) {
+        return NULL;
+    }
+
+    info = (QSevGuestInfo *)
+            object_dynamic_cast(obj, TYPE_QSEV_GUEST_INFO);
+    if (!info) {
+        return NULL;
+    }
+
+    return info;
+}
+
+void *
+sev_guest_init(const char *id)
+{
+    SEVState *s;
+    char *devname;
+    int ret, fw_error;
+
+    s = g_malloc0(sizeof(SEVState));
+    if (!s) {
+        return NULL;
+    }
+
+    s->sev_info = lookup_sev_guest_info(id);
+    if (!s->sev_info) {
+        error_report("%s: '%s' is not a valid '%s' object",
+                     __func__, id, TYPE_QSEV_GUEST_INFO);
+        goto err;
+    }
+
+    devname = object_property_get_str(OBJECT(s->sev_info), "sev-device", NULL);
+    sev_fd = open(devname, O_RDWR);
+    if (sev_fd < 0) {
+        error_report("%s: Failed to open %s '%s'", __func__,
+                     devname, strerror(errno));
+        goto err;
+    }
+    g_free(devname);
+
+    ret = sev_ioctl(KVM_SEV_INIT, NULL, &fw_error);
+    if (ret) {
+        error_report("%s: failed to initialize ret=%d fw_error=%d '%s'",
+                     __func__, ret, fw_error, fw_error_to_str(fw_error));
+        goto err;
+    }
+
+    return s;
+err:
+    g_free(s);
+    return NULL;
+}
+
 static void
 sev_register_types(void)
 {
diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h
index e00794ec1805..f85517c0b5b5 100644
--- a/include/sysemu/sev.h
+++ b/include/sysemu/sev.h
@@ -14,6 +14,8 @@
 #ifndef QEMU_SEV_H
 #define QEMU_SEV_H
 
+#include <linux/kvm.h>
+
 #include "qom/object.h"
 #include "qapi/error.h"
 #include "sysemu/kvm.h"
@@ -49,5 +51,13 @@ struct QSevGuestInfoClass {
     ObjectClass parent_class;
 };
 
+struct SEVState {
+    QSevGuestInfo *sev_info;
+};
+
+typedef struct SEVState SEVState;
+
+void *sev_guest_init(const char *id);
+
 #endif