diff mbox

[v8,05/28] target/i386: add memory encryption feature cpuid support

Message ID 20180212153715.87555-6-brijesh.singh@amd.com (mailing list archive)
State New, archived
Headers show

Commit Message

Brijesh Singh Feb. 12, 2018, 3:36 p.m. UTC 
AMD EPYC processors support memory encryption feature. The feature
is reported through CPUID 8000_001F[EAX].

Fn8000_001F [EAX]:
 Bit 0   Secure Memory Encryption (SME) supported
 Bit 1   Secure Encrypted Virtualization (SEV) supported
 Bit 2   Page flush MSR supported
 Bit 3   Ecrypted State (SEV-ES) support

when memory encryption feature is reported, CPUID 8000_001F[EBX] should
provide additional information regarding the feature (such as which page
table bit is used to mark pages as encrypted etc). The information in EBX
and ECX may vary from one family to another hence we use the host cpuid
to populate the EBX information.

The details for memory encryption CPUID is available in AMD APM
(https://support.amd.com/TechDocs/24594.pdf) Section E.4.17

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 target/i386/cpu.c | 36 ++++++++++++++++++++++++++++++++++++
 target/i386/cpu.h |  3 +++
 2 files changed, 39 insertions(+)

Comments

Eduardo Habkost Feb. 12, 2018, 6:38 p.m. UTC | #1 
On Mon, Feb 12, 2018 at 09:36:52AM -0600, Brijesh Singh wrote:
> AMD EPYC processors support memory encryption feature. The feature
> is reported through CPUID 8000_001F[EAX].
> 
> Fn8000_001F [EAX]:
>  Bit 0   Secure Memory Encryption (SME) supported
>  Bit 1   Secure Encrypted Virtualization (SEV) supported
>  Bit 2   Page flush MSR supported
>  Bit 3   Ecrypted State (SEV-ES) support
> 
> when memory encryption feature is reported, CPUID 8000_001F[EBX] should
> provide additional information regarding the feature (such as which page
> table bit is used to mark pages as encrypted etc). The information in EBX
> and ECX may vary from one family to another hence we use the host cpuid
> to populate the EBX information.
> 
> The details for memory encryption CPUID is available in AMD APM
> (https://support.amd.com/TechDocs/24594.pdf) Section E.4.17
> 
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Richard Henderson <rth@twiddle.net>
> Cc: Eduardo Habkost <ehabkost@redhat.com>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
>  target/i386/cpu.c | 36 ++++++++++++++++++++++++++++++++++++
>  target/i386/cpu.h |  3 +++
>  2 files changed, 39 insertions(+)
> 
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index b5e431e769da..475d98a44880 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -235,6 +235,7 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
>  #define TCG_EXT4_FEATURES 0
>  #define TCG_SVM_FEATURES 0
>  #define TCG_KVM_FEATURES 0
> +#define TCG_MEM_ENCRYPT_FEATURES 0
>  #define TCG_7_0_EBX_FEATURES (CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_SMAP | \
>            CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ADX | \
>            CPUID_7_0_EBX_PCOMMIT | CPUID_7_0_EBX_CLFLUSHOPT |            \
> @@ -546,6 +547,20 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
>          .cpuid_reg = R_EDX,
>          .tcg_features = ~0U,
>      },
> +    [FEAT_MEM_ENCRYPT] = {
> +        .feat_names = {
> +            NULL, "sev", NULL, NULL,
> +            NULL, NULL, NULL, NULL,
> +            NULL, NULL, NULL, NULL,
> +            NULL, NULL, NULL, NULL,
> +            NULL, NULL, NULL, NULL,
> +            NULL, NULL, NULL, NULL,
> +            NULL, NULL, NULL, NULL,
> +            NULL, NULL, NULL, NULL,
> +        },
> +        .cpuid_eax = 0x8000001F, .cpuid_reg = R_EAX,
> +        .tcg_features = TCG_MEM_ENCRYPT_FEATURES,
> +    }

What should happen if "-cpu ...,+sev" is used without the
appropriate SEV configuration on the command-line?



>  };
>  
>  typedef struct X86RegisterInfo32 {
> @@ -1966,6 +1981,9 @@ static X86CPUDefinition builtin_x86_defs[] = {
>              CPUID_XSAVE_XGETBV1,
>          .features[FEAT_6_EAX] =
>              CPUID_6_EAX_ARAT,
> +        /* Missing: SEV_ES */
> +        .features[FEAT_MEM_ENCRYPT] =
> +            CPUID_8000_001F_EAX_SEV,

Changing existing CPU models is possible only on very specific
circumstances (where VMs that are currently runnable would always
stay runnable), and would require compat_props entries to keep
compatibility on existing machine-types.

I don't think this is one case where adding the feature will be
safe (even if adding compat code).  What about existing VMs that
are running on hosts that don't return SEV on KVM_GET_SUPPORTED_CPUID?
"-cpu EPYC" would become not runnable on those hosts.

(BTW, do you have a pointer to the KVM patches that enable SEV on
KVM_GET_SUPPORTED_CPUID?  I couldn't find them.)


>          .xlevel = 0x8000000A,
>          .model_id = "AMD EPYC Processor",
>      },
> @@ -3590,6 +3608,19 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>              *edx = 0;
>          }
>          break;
> +    case 0x8000001F:
> +        if (env->features[FEAT_MEM_ENCRYPT] & CPUID_8000_001F_EAX_SEV) {
> +            *eax = env->features[FEAT_MEM_ENCRYPT];
> +            host_cpuid(0x8000001F, 0, NULL, ebx, NULL, NULL);

This still have the same problem as v6.  The CPUID data shouldn't
come from the host CPU, but from the QEMU configuration.

The same QEMU command-line must expose the same machine to the
guest on any host (except on the "host" and "max" CPU models,
that are the only non-migration-safe CPU models).


> +            *ecx = 0;
> +            *edx = 0;
> +        } else {
> +            *eax = 0;
> +            *ebx = 0;
> +            *ecx = 0;
> +            *edx = 0;
> +        }
> +        break;
>      case 0xC0000000:
>          *eax = env->cpuid_xlevel2;
>          *ebx = 0;
> @@ -4037,10 +4068,15 @@ static void x86_cpu_expand_features(X86CPU *cpu, Error **errp)
>          x86_cpu_adjust_feat_level(cpu, FEAT_C000_0001_EDX);
>          x86_cpu_adjust_feat_level(cpu, FEAT_SVM);
>          x86_cpu_adjust_feat_level(cpu, FEAT_XSAVE);
> +        x86_cpu_adjust_feat_level(cpu, FEAT_MEM_ENCRYPT);

This call here will automatically increase xlevel to 0x8000001F
if any FEAT_MEM_ENCRYPT feature is set, so...


>          /* SVM requires CPUID[0x8000000A] */
>          if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) {
>              x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000000A);
>          }
> +        /* SEV requires CPUID[0x8000001F] */
> +        if ((env->features[FEAT_MEM_ENCRYPT] & CPUID_8000_001F_EAX_SEV)) {
> +            x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000001F);

...this code here seems unnecessary.


> +        }
>      }
>  
>      /* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set */
> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
> index f91e37d25dea..448b30f893fa 100644
> --- a/target/i386/cpu.h
> +++ b/target/i386/cpu.h
> @@ -483,6 +483,7 @@ typedef enum FeatureWord {
>      FEAT_6_EAX,         /* CPUID[6].EAX */
>      FEAT_XSAVE_COMP_LO, /* CPUID[EAX=0xd,ECX=0].EAX */
>      FEAT_XSAVE_COMP_HI, /* CPUID[EAX=0xd,ECX=0].EDX */
> +    FEAT_MEM_ENCRYPT,   /* CPUID[8000_001F].EAX */
>      FEATURE_WORDS,
>  } FeatureWord;
>  
> @@ -679,6 +680,8 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
>  
>  #define CPUID_6_EAX_ARAT       (1U << 2)
>  
> +#define CPUID_8000_001F_EAX_SEV             (1U << 1) /* SEV */
> +
>  /* CPUID[0x80000007].EDX flags: */
>  #define CPUID_APM_INVTSC       (1U << 8)
>  
> -- 
> 2.14.3
>
Brijesh Singh Feb. 12, 2018, 9:07 p.m. UTC | #2 
On 2/12/18 12:38 PM, Eduardo Habkost wrote:
> On Mon, Feb 12, 2018 at 09:36:52AM -0600, Brijesh Singh wrote:
>> AMD EPYC processors support memory encryption feature. The feature
>> is reported through CPUID 8000_001F[EAX].
>>
>> Fn8000_001F [EAX]:
>>  Bit 0   Secure Memory Encryption (SME) supported
>>  Bit 1   Secure Encrypted Virtualization (SEV) supported
>>  Bit 2   Page flush MSR supported
>>  Bit 3   Ecrypted State (SEV-ES) support
>>
>> when memory encryption feature is reported, CPUID 8000_001F[EBX] should
>> provide additional information regarding the feature (such as which page
>> table bit is used to mark pages as encrypted etc). The information in EBX
>> and ECX may vary from one family to another hence we use the host cpuid
>> to populate the EBX information.
>>
>> The details for memory encryption CPUID is available in AMD APM
>> (https://support.amd.com/TechDocs/24594.pdf) Section E.4.17
>>
>> Cc: Paolo Bonzini <pbonzini@redhat.com>
>> Cc: Richard Henderson <rth@twiddle.net>
>> Cc: Eduardo Habkost <ehabkost@redhat.com>
>> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
>> ---
>>  target/i386/cpu.c | 36 ++++++++++++++++++++++++++++++++++++
>>  target/i386/cpu.h |  3 +++
>>  2 files changed, 39 insertions(+)
>>
>> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
>> index b5e431e769da..475d98a44880 100644
>> --- a/target/i386/cpu.c
>> +++ b/target/i386/cpu.c
>> @@ -235,6 +235,7 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
>>  #define TCG_EXT4_FEATURES 0
>>  #define TCG_SVM_FEATURES 0
>>  #define TCG_KVM_FEATURES 0
>> +#define TCG_MEM_ENCRYPT_FEATURES 0
>>  #define TCG_7_0_EBX_FEATURES (CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_SMAP | \
>>            CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ADX | \
>>            CPUID_7_0_EBX_PCOMMIT | CPUID_7_0_EBX_CLFLUSHOPT |            \
>> @@ -546,6 +547,20 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
>>          .cpuid_reg = R_EDX,
>>          .tcg_features = ~0U,
>>      },
>> +    [FEAT_MEM_ENCRYPT] = {
>> +        .feat_names = {
>> +            NULL, "sev", NULL, NULL,
>> +            NULL, NULL, NULL, NULL,
>> +            NULL, NULL, NULL, NULL,
>> +            NULL, NULL, NULL, NULL,
>> +            NULL, NULL, NULL, NULL,
>> +            NULL, NULL, NULL, NULL,
>> +            NULL, NULL, NULL, NULL,
>> +            NULL, NULL, NULL, NULL,
>> +        },
>> +        .cpuid_eax = 0x8000001F, .cpuid_reg = R_EAX,
>> +        .tcg_features = TCG_MEM_ENCRYPT_FEATURES,
>> +    }
> What should happen if "-cpu ...,+sev" is used without the
> appropriate SEV configuration on the command-line?
>

 If host supports SEV feature then we should communicate guest that SEV
feature is available but not enabled. At least that's what I am doing
today. Having said that, I am flexible to change if you all things
otherwise. We could abort the launch if SEV configuration is missing and
feature is enabled.

In current implementation, when -cpu ...,+sev is passed without
appropriate SEV configuration then we populate the Fn8000_001F CPUID but
VMCB will not have SEV bit set hence a guest will be launched as
non-SEV. The presence of Fn8000_001F provides the hint that HW supports
the SEV feature but does not mean that it is enabled. A guest OS need to
call MSR_AMD64_SEV (0xc001_0131) to determine if SEV is enabled. The
MSR_AMD64_SEV is non interceptable read-only MSR. This MSR is set by the
HW when SEV bit is enabled in VMCB. SEV bit in VMCB is enabled only when
qemu adds those extra SEV configuration (i.e KVM_SEV_INIT is success)

The steps used by guest OS to determine SEV active is documented here [1]

[1]
https://git.kernel.org/pub/scm/virt/kvm/kvm.git/tree/Documentation/x86/amd-memory-encryption.txt?h=linux-next#n57


>
>>  };
>>  
>>  typedef struct X86RegisterInfo32 {
>> @@ -1966,6 +1981,9 @@ static X86CPUDefinition builtin_x86_defs[] = {
>>              CPUID_XSAVE_XGETBV1,
>>          .features[FEAT_6_EAX] =
>>              CPUID_6_EAX_ARAT,
>> +        /* Missing: SEV_ES */
>> +        .features[FEAT_MEM_ENCRYPT] =
>> +            CPUID_8000_001F_EAX_SEV,
> Changing existing CPU models is possible only on very specific
> circumstances (where VMs that are currently runnable would always
> stay runnable), and would require compat_props entries to keep
> compatibility on existing machine-types.

Ah I didn't consider that case. What is recommendation, should we create
a new CPU Model (EPYC-SEV) ?

> I don't think this is one case where adding the feature will be
> safe (even if adding compat code).  What about existing VMs that
> are running on hosts that don't return SEV on KVM_GET_SUPPORTED_CPUID?
> "-cpu EPYC" would become not runnable on those hosts.
>
> (BTW, do you have a pointer to the KVM patches that enable SEV on
> KVM_GET_SUPPORTED_CPUID?  I couldn't find them.)
>

https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?h=linux-next&id=8765d75329a386dd7742f94a1ea5fdcdea8d93d0


>>          .xlevel = 0x8000000A,
>>          .model_id = "AMD EPYC Processor",
>>      },
>> @@ -3590,6 +3608,19 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>>              *edx = 0;
>>          }
>>          break;
>> +    case 0x8000001F:
>> +        if (env->features[FEAT_MEM_ENCRYPT] & CPUID_8000_001F_EAX_SEV) {
>> +            *eax = env->features[FEAT_MEM_ENCRYPT];
>> +            host_cpuid(0x8000001F, 0, NULL, ebx, NULL, NULL);
> This still have the same problem as v6.  The CPUID data shouldn't
> come from the host CPU, but from the QEMU configuration.

During SEV guest configuration parsing we validate cbit position passed
through QEMU configure against the host and assert if verification fails
hence I thought it was OK to call host_cpuid() later in the code path.

Please note that EBX contains two information 1# C-bit position and 2#
physical address bit reduction. Both of these information need to filled
for the SEV guest. The physical address bit reduction depends on C-bit
position and I have  expose only C-bit position configuration to qemu
command line. I was not sure if we should  expose physical address bit
reduction in qemu cmdline and then construct EBX using those two
information.


> The same QEMU command-line must expose the same machine to the
> guest on any host (except on the "host" and "max" CPU models,
> that are the only non-migration-safe CPU models).
>
>
>> +            *ecx = 0;
>> +            *edx = 0;
>> +        } else {
>> +            *eax = 0;
>> +            *ebx = 0;
>> +            *ecx = 0;
>> +            *edx = 0;
>> +        }
>> +        break;
>>      case 0xC0000000:
>>          *eax = env->cpuid_xlevel2;
>>          *ebx = 0;
>> @@ -4037,10 +4068,15 @@ static void x86_cpu_expand_features(X86CPU *cpu, Error **errp)
>>          x86_cpu_adjust_feat_level(cpu, FEAT_C000_0001_EDX);
>>          x86_cpu_adjust_feat_level(cpu, FEAT_SVM);
>>          x86_cpu_adjust_feat_level(cpu, FEAT_XSAVE);
>> +        x86_cpu_adjust_feat_level(cpu, FEAT_MEM_ENCRYPT);
> This call here will automatically increase xlevel to 0x8000001F
> if any FEAT_MEM_ENCRYPT feature is set, so...
>
>
>>          /* SVM requires CPUID[0x8000000A] */
>>          if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) {
>>              x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000000A);
>>          }
>> +        /* SEV requires CPUID[0x8000001F] */
>> +        if ((env->features[FEAT_MEM_ENCRYPT] & CPUID_8000_001F_EAX_SEV)) {
>> +            x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000001F);
> ...this code here seems unnecessary.
>
>
>> +        }
>>      }
>>  
>>      /* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set */
>> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
>> index f91e37d25dea..448b30f893fa 100644
>> --- a/target/i386/cpu.h
>> +++ b/target/i386/cpu.h
>> @@ -483,6 +483,7 @@ typedef enum FeatureWord {
>>      FEAT_6_EAX,         /* CPUID[6].EAX */
>>      FEAT_XSAVE_COMP_LO, /* CPUID[EAX=0xd,ECX=0].EAX */
>>      FEAT_XSAVE_COMP_HI, /* CPUID[EAX=0xd,ECX=0].EDX */
>> +    FEAT_MEM_ENCRYPT,   /* CPUID[8000_001F].EAX */
>>      FEATURE_WORDS,
>>  } FeatureWord;
>>  
>> @@ -679,6 +680,8 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
>>  
>>  #define CPUID_6_EAX_ARAT       (1U << 2)
>>  
>> +#define CPUID_8000_001F_EAX_SEV             (1U << 1) /* SEV */
>> +
>>  /* CPUID[0x80000007].EDX flags: */
>>  #define CPUID_APM_INVTSC       (1U << 8)
>>  
>> -- 
>> 2.14.3
>>
Borislav Petkov Feb. 12, 2018, 9:19 p.m. UTC | #3 
On Mon, Feb 12, 2018 at 03:07:26PM -0600, Brijesh Singh wrote:
> In current implementation, when -cpu ...,+sev is passed without
> appropriate SEV configuration then we populate the Fn8000_001F CPUID but
> VMCB will not have SEV bit set hence a guest will be launched as
> non-SEV.

I think we should fail the guest init if sev is not really supported by
the host. Otherwise people might get mislead.

> > Changing existing CPU models is possible only on very specific
> > circumstances (where VMs that are currently runnable would always
> > stay runnable), and would require compat_props entries to keep
> > compatibility on existing machine-types.
> 
> Ah I didn't consider that case. What is recommendation, should we create
> a new CPU Model (EPYC-SEV) ?

Can we please stop creating a new CPU model with every new CPUID feature
support added? This is just ridiculous.

If this is about live migration, then by all means, fail the migration
if the feature bits are not compatible. But replicating CPU models and
then adding one new differing feature doesn't make any sense.
Borislav Petkov Feb. 13, 2018, 3:41 p.m. UTC | #4 
On Tue, Feb 13, 2018 at 09:39:01AM -0600, Brijesh Singh wrote:
> Yes, I think we should be able to avoid creating new CPU model to
> handle this case. I am leaning towards dropping this patch and
> implement logic to populate the CPUID 0x8000_001F only when SEV is
> enabled. This should not require any changes in existing CPU model
> feature flag and live migration of existing guest should work fine.

That sounds even nicer.

Thx.
Dr. David Alan Gilbert Feb. 13, 2018, 3:45 p.m. UTC | #5 
* Brijesh Singh (brijesh.ksingh@gmail.com) wrote:
> On Mon, Feb 12, 2018 at 3:19 PM, Borislav Petkov <bp@suse.de> wrote:
> 
> > On Mon, Feb 12, 2018 at 03:07:26PM -0600, Brijesh Singh wrote:
> > > In current implementation, when -cpu ...,+sev is passed without
> > > appropriate SEV configuration then we populate the Fn8000_001F CPUID but
> > > VMCB will not have SEV bit set hence a guest will be launched as
> > > non-SEV.
> >
> > I think we should fail the guest init if sev is not really supported by
> > the host. Otherwise people might get mislead.
> >
> >
> 
> Sure I will do that. We can simplify this patch if we don't fill the CPUID
> for non SEV guest. I am thinking of doing something like this:
> 
> "If SEV configration is provided in QEMU command line then
> automatically increase xlevel to 0x8000_001F and populate the EAX and EBX
> registers"
> 
> 
> 
> > > > Changing existing CPU models is possible only on very specific
> > > > circumstances (where VMs that are currently runnable would always
> > > > stay runnable), and would require compat_props entries to keep
> > > > compatibility on existing machine-types.
> > >
> > > Ah I didn't consider that case. What is recommendation, should we create
> > > a new CPU Model (EPYC-SEV) ?
> >
> > Can we please stop creating a new CPU model with every new CPUID feature
> > support added? This is just ridiculous.
> >
> > If this is about live migration, then by all means, fail the migration
> > if the feature bits are not compatible. But replicating CPU models and
> > then adding one new differing feature doesn't make any sense.
> >
> >
> Yes, I think we should be able to avoid creating new CPU model to handle
> this case.
> I am leaning towards dropping this patch and implement logic to populate the
> CPUID 0x8000_001F only when SEV is enabled. This should not require any
> changes
> in existing CPU model feature flag and live migration of existing guest
> should work fine.

Take care that a non-SEV guest works migrating from a SEV-enabled host
back to a non-SEV-enabled host.  Similarly a guest that understands SEV
but you aren't going to enable it for this VM.

Dave

> 
> 
> > --
> > Regards/Gruss,
> >     Boris.
> >
> > SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB
> > 21284 (AG Nürnberg)
> > --
> >
> >
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
diff mbox

Patch

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index b5e431e769da..475d98a44880 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -235,6 +235,7 @@  static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
 #define TCG_EXT4_FEATURES 0
 #define TCG_SVM_FEATURES 0
 #define TCG_KVM_FEATURES 0
+#define TCG_MEM_ENCRYPT_FEATURES 0
 #define TCG_7_0_EBX_FEATURES (CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_SMAP | \
           CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ADX | \
           CPUID_7_0_EBX_PCOMMIT | CPUID_7_0_EBX_CLFLUSHOPT |            \
@@ -546,6 +547,20 @@  static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
         .cpuid_reg = R_EDX,
         .tcg_features = ~0U,
     },
+    [FEAT_MEM_ENCRYPT] = {
+        .feat_names = {
+            NULL, "sev", NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+        },
+        .cpuid_eax = 0x8000001F, .cpuid_reg = R_EAX,
+        .tcg_features = TCG_MEM_ENCRYPT_FEATURES,
+    }
 };
 
 typedef struct X86RegisterInfo32 {
@@ -1966,6 +1981,9 @@  static X86CPUDefinition builtin_x86_defs[] = {
             CPUID_XSAVE_XGETBV1,
         .features[FEAT_6_EAX] =
             CPUID_6_EAX_ARAT,
+        /* Missing: SEV_ES */
+        .features[FEAT_MEM_ENCRYPT] =
+            CPUID_8000_001F_EAX_SEV,
         .xlevel = 0x8000000A,
         .model_id = "AMD EPYC Processor",
     },
@@ -3590,6 +3608,19 @@  void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
             *edx = 0;
         }
         break;
+    case 0x8000001F:
+        if (env->features[FEAT_MEM_ENCRYPT] & CPUID_8000_001F_EAX_SEV) {
+            *eax = env->features[FEAT_MEM_ENCRYPT];
+            host_cpuid(0x8000001F, 0, NULL, ebx, NULL, NULL);
+            *ecx = 0;
+            *edx = 0;
+        } else {
+            *eax = 0;
+            *ebx = 0;
+            *ecx = 0;
+            *edx = 0;
+        }
+        break;
     case 0xC0000000:
         *eax = env->cpuid_xlevel2;
         *ebx = 0;
@@ -4037,10 +4068,15 @@  static void x86_cpu_expand_features(X86CPU *cpu, Error **errp)
         x86_cpu_adjust_feat_level(cpu, FEAT_C000_0001_EDX);
         x86_cpu_adjust_feat_level(cpu, FEAT_SVM);
         x86_cpu_adjust_feat_level(cpu, FEAT_XSAVE);
+        x86_cpu_adjust_feat_level(cpu, FEAT_MEM_ENCRYPT);
         /* SVM requires CPUID[0x8000000A] */
         if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) {
             x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000000A);
         }
+        /* SEV requires CPUID[0x8000001F] */
+        if ((env->features[FEAT_MEM_ENCRYPT] & CPUID_8000_001F_EAX_SEV)) {
+            x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000001F);
+        }
     }
 
     /* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set */
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index f91e37d25dea..448b30f893fa 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -483,6 +483,7 @@  typedef enum FeatureWord {
     FEAT_6_EAX,         /* CPUID[6].EAX */
     FEAT_XSAVE_COMP_LO, /* CPUID[EAX=0xd,ECX=0].EAX */
     FEAT_XSAVE_COMP_HI, /* CPUID[EAX=0xd,ECX=0].EDX */
+    FEAT_MEM_ENCRYPT,   /* CPUID[8000_001F].EAX */
     FEATURE_WORDS,
 } FeatureWord;
 
@@ -679,6 +680,8 @@  typedef uint32_t FeatureWordArray[FEATURE_WORDS];
 
 #define CPUID_6_EAX_ARAT       (1U << 2)
 
+#define CPUID_8000_001F_EAX_SEV             (1U << 1) /* SEV */
+
 /* CPUID[0x80000007].EDX flags: */
 #define CPUID_APM_INVTSC       (1U << 8)