From patchwork Thu Mar 8 12:48:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10267987 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id DCBB360211 for ; Thu, 8 Mar 2018 12:54:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CBB7729904 for ; Thu, 8 Mar 2018 12:54:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BF89229907; Thu, 8 Mar 2018 12:54:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id C5D7F29904 for ; Thu, 8 Mar 2018 12:54:22 +0000 (UTC) Received: from localhost ([::1]:38482 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etv3t-0000xw-Sx for patchwork-qemu-devel@patchwork.kernel.org; Thu, 08 Mar 2018 07:54:21 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58827) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etuzW-00054U-BS for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:49:51 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1etuzS-0003qw-In for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:49:50 -0500 Received: from mail-cys01nam02on0075.outbound.protection.outlook.com ([104.47.37.75]:51631 helo=NAM02-CY1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1etuzS-0003qM-AM for qemu-devel@nongnu.org; Thu, 08 Mar 2018 07:49:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=K0rG+9OhEX2pAYXJhYpkvMIzreLnbL1Kngbvv5Wp/bM=; b=EuS3pEBQPwqL/V1Ty8Fi+HV+bjGL/662oYJqw6r/PwofdfiZkglbQzeq4+rUc2iMipVFwNCuIrRbLbsgBpZnozhBqHfA2k0JdrPgmFge7A+6eTkgu+dBiSNbVvtRJQggshAePkTFXEa1bcsh3vYKorPoq8mTcEu0Yt1gft5sp9E= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Thu, 8 Mar 2018 12:49:39 +0000 From: Brijesh Singh To: qemu-devel@nongnu.org Date: Thu, 8 Mar 2018 06:48:40 -0600 Message-Id: <20180308124901.83533-8-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180308124901.83533-1-brijesh.singh@amd.com> References: <20180308124901.83533-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0031.namprd14.prod.outlook.com (2603:10b6:404:13f::17) To DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 19d81111-4663-4ba2-5405-08d584f30fdc X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM2PR12MB0156; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 3:XOkhYIby5DQTi8aH0kK5cwevo5UzDtjjik2pq58avSA7IBhwVLPIVRpg88jTaM5HZliwmQ4MOH9Eewmp6xlJe4kRXd4y0TbPF5NIQ0pxIX+e6Sj6gWHyeyGEYdIkiKuy9ZPZOxA3QUGPWhqKdKmpO8dnaTvNm7HMoS1D0ZJ/fJDb+R+IS6Su50WAtHrpRJN50b2U1MMFGgK1vpjH9sxg3P+WH2qiA8t6zD1dxWtiOC9GfpQSyEJcvAsvJgYXC/Fx; 25:QiGJpIdGRrTZJbx9nzz5VZQvklajQRZ5tEyHz9xpsBi1ZnH+Wq09oAlrZqOHJIhr7bVa9R1lT7Q64yv3wG6bJ7kIejDbs3GOoBDJJDvtGJSXvslPx8cGf8O40G48wab2B6BVSSZild9NAKOtKGvUHIfuelfuRpMb0+nXJloWL0jAKfUGAaNM6XYkU/iOBZsyxblIkQr5OIxRWCoCWZwl3YtznPUDEuVI3BoeZeGoe/mdzK4TE2FbKOtMMZFQwfWDqQBwalGE3PGmw+x6oTnX6hf8LQChT5kK1PsC+tHc7+sOFN5pN5NMYQsxmrW15e3XsrQvXjkasHzLbyYBf+/Izw==; 31:bSXoeCsYjGryx59dAHmycDZr1XnE3SbpUzPns7rRN3quUTicLbo96tiLTGpM3OmK6BfPeNvLq0oJC3hNU7CBkeC3F9tQ9g5VdveF9fuq/yaBiGAYzBjO/F1UGoixtaONb+XD1CiKRWAnp2D2LGBfnQ6ZO7Yl0i1CT3nFdV5oju03WEnBlgaYMUW4do82+OtTM1LXkVqyFlpL9r9pTWNFG0QSget9vP6c08XnBx/5bSw= X-MS-TrafficTypeDiagnostic: DM2PR12MB0156: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:Q99KYdcQMPHDE28WczMLxu6v+Oi9TQmLoqLPyJppY0Telxw8J+4DAcaZWGMLJEpJXT0yQDePjaj1tBOwMA+BFCBEiKIeN0dpDMuozPoiBAhOAutTmZmMufFUWn7rIwqIHc6/p9ao2mE27QSHN2NyEZCySU8CdOtrh3hX9C99ZcLiRiEP0Y9ecV5IeW1YBJenCC2+QbWM+qVu4cfaEOtbkx2OmZvhtZIwXjfgNtBNjDTFjtZUniQfZSMtnQmq/OQPgKv+MHBNj50d8qP2C7lxDbwFtw/4Kx2ZYHLktxXNpw2901dxcJv1xXeq1B/gcJJa9JCwwweaXkDMLj2+n+idioFtu3pDxVZwDmS8vIcSyWasvGS7GwtK2eBqQ9aNalaxUT7sES6SJ7S4ItjFfgcpCz1VFjGo/c0RRr+D46dpvLUtqEgcDjHjW7w+kBRWlhCFSljEjT+rGcpIrxTKBel4vs+hOi9FbnuZnfrm7ziMOSpUtwB+aqlGRS1aM6qXs4Y9; 4:dBG623eSpHAhQm6n24JS24+qkH+RlQk4HXJMM4PBbrc2WbH9InXxCCN6MHEO20wrkPY+cgWEGFZKlwq17B0K9XRKo4oczPibntxgOrsKmUu/Mx1yz65mWoOu1dtYMRJb826Os+gWutMddgXMI9bqv9fYnRUXUBMpWqHAMsApKtPPBrZxpurcJmOBIJ6qLW1V0AKwLa3R+ifM5y1RtXDN4Fkl0h3paa7wKCmPvwoRJSw1d7HcGdJP+CgWq5e2FEzTcYvBqiHQr1lNa9OqR+rYOP5+wV7bbNVAYeFY/+ciTKtNaFr0Gzz80Veu30AiH2zF X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(3002001)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011); SRVR:DM2PR12MB0156; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0156; X-Forefront-PRVS: 060503E79B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39380400002)(39860400002)(376002)(396003)(346002)(366004)(199004)(189003)(50226002)(53936002)(6306002)(2950100002)(6916009)(2906002)(2361001)(6666003)(2351001)(106356001)(81156014)(53416004)(8676002)(81166006)(7736002)(36756003)(305945005)(8936002)(105586002)(966005)(48376002)(50466002)(68736007)(97736004)(1720100001)(47776003)(66066001)(25786009)(4326008)(39060400002)(6486002)(7416002)(5660300001)(3846002)(478600001)(76176011)(51416003)(7696005)(52116002)(6116002)(16586007)(16526019)(186003)(26005)(1076002)(8656006)(386003)(54906003)(86362001)(316002)(59450400001)(8666007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0156; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0156; 23:aHzrhOHlmYa97yLHNFj/g+wS5edsqnSyO3EkkpOui?= =?us-ascii?Q?RhHEvoslG90gOd4jzTt7G7tjXf+TkaizrIl8sjgjD2QfhScOD3jwjIUZQXAN?= =?us-ascii?Q?/MDS/2ikboo9wQTKj5L4c46mTdqHBX61KBA6Z6o8GqYDM0BI3chjMzwuYLH9?= =?us-ascii?Q?wxvfXW8q4qPaj3B7NZ2q0m39wKFPEz9vU/VJsZWij8FS+aYlbUUJEbQ7HZRW?= =?us-ascii?Q?vpRjiaRWjnTwGwD92mLcC2/HWbqQkqaby62NjjEh+1qP2wKUUxhTnaXEUaHK?= =?us-ascii?Q?b8Mb76OuOl3Y6yHgzbNHmQOPPjRL2q3i0E3e22yUg3N7Xe41sNJN2DD+HCgr?= =?us-ascii?Q?05l65CsrU57qU/LLe704hvNJnYu2EBCMWTAh0MJavxoBSql8wUbNiNlLm73T?= =?us-ascii?Q?R0FBwWHd+8zUD1r/nhtqCGD+u/d0wP/d8v83EWx/2yVRPCgJ8v/3y3EsONga?= =?us-ascii?Q?VflehhURHmNQHtW33McjGonv5Q9q/BCMW9xVHZB2HSZ92Ufy7REGu18qBipy?= =?us-ascii?Q?1+aalGizlX+Q2twxevgewc/5vHPQIqIGbBE4vSm2DLeoZQaDP8hNkm187VsM?= =?us-ascii?Q?kyP8C0WkXjZwx7LfU/BwjBmBkq720yMi9y/iDzZZ5gPdsHfJQxIyAwLZazIx?= =?us-ascii?Q?hcR19Vj1iKUX2KNVmGh+Kn646ZGQUE8EXLB52wSBmVT/bet0iVSwuYy7UgaQ?= =?us-ascii?Q?Q9PEZRumRr3IrsNkRkoc0piOD7Ma43sisCsQOp+ti53A6okPW0UA6PPCUSos?= =?us-ascii?Q?AwusqvSMoBMW0TrH6+imDzJGnyx3ZBWvNvEW41D7GZJJnxaYf18PVBViPZ5q?= =?us-ascii?Q?/sgMwCp6Yo+a+5pdnil6liJ9EoImN4AkYtJ3zbUW12HuLaqiV1xs8PbsAn2g?= =?us-ascii?Q?mWc/OaSXgxeGXvwLfDBtv0s3/m5vTmhQSRlENHR0d/GvAc2WsXTMLQvg5p1y?= =?us-ascii?Q?sdSxKEQSHafxE0dmSGDZR2y2jPL82/hcYxDS953JGXaESHUxZSgQEEzfJovT?= =?us-ascii?Q?urB+O75ucg98RL+5J96W0HYclqHxVOUPLKt4TPBUqEAn/0MQnIYvKS4SKZ7E?= =?us-ascii?Q?bxEJaH8bv1WH2zB3MsEtRHV+U6Ax8pzGbxoe5mN2tu7vfw36VdL7ngpD5cfI?= =?us-ascii?Q?Ktp3DPulJkfIJ8/5acbtzpChjIIpqeIu4BZLPrCDGmNQ307RrGV2cnFL9G19?= =?us-ascii?Q?6qAZW/Hf5YR1LRz2JWF39hIYiGj/l1gNSj9sGd697ygEe3f7Dd/Iyg/gjMHZ?= =?us-ascii?Q?Ac/Jl56ZDZkUiTzPsw49BwM6yDTx7pbYmIpL3IoD7LXYo7J/VsQFprND7MgT?= =?us-ascii?Q?R8stAYWZJ1vAYCICjiNgFScuWkhaRUbOclLmw4VPm7TL6sqXTYmJ63bDhP8w?= =?us-ascii?Q?AGv5w=3D=3D?= X-Microsoft-Antispam-Message-Info: zH5BpJJ46TlHbVtpHzPoJhjFhcxr+5vCv7xfafEHW1iSZ3Hak39C/qE/t0xwP6aYBsPBlhsDPZWZTsEz1bTufQzXvPzRf/zL7EcCFL+omJJIYm0O14tZVsztM9wDRKVwmNfxwYnB16QoWeodRFRB0r1vnUByMqQnMiLs1m+4P5WpDEn4Vo69O4DCBJn48G2F X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 6:gpOa51ksCri+0c8X9cQr4v6OJpadOy3pfMnq7t0ir7baAMXf2EwJGAANgP1+oDsL9tIeVgKXuDKcAmE6EAXprvJRv5UfNmFED2GvuQfjeDxcZv28sKFW2A3I3M9QdTcJdAmVFHD4X3eS7Tb7BPtXkzoiNYYlx/tohD+WiMfopP4r/JY8hThiU2mR1bYif5kTI4PhsUXJkW0n2uARGKx3a9KwNc+BkBvJUcg67qyse9B8pV/IhtBmnxI04THgEHrPjSp7W6KDrv7JsWdDgo8NuvnocdyFILoGYMCXv6LkzAtioU4rR8MCwN7IUWn5IKkEmXo1vQxS6l+Ysm/psMwyQKhED1IHrLqHJSMhX0vDqXs=; 5:p8ddZhXizNijSL9m2fp4j8E4IMiTkuqFpqHOoWJEH0u/XWsNkUTPSbaWy4HyXteXYw3gJdRTqE2efUQvry4dySjyJ7RBrZDfKIgHCEM7ZCNHppkDYFK0fkausBVkfEX+FxoxLJq67hbeXpyT1TXrQSZbSEcKp4LVstNmAN3OhsI=; 24:RCq0LRDqTVbYcnzK6xbVatQtE8gch49xA8pi/lHSXlYEINHFmoXVZ+cRsmuZ6E/c8AXtjogweW49mw7MO3pD3HqpQs4rr8uypnOviaO06Yc=; 7:AFMXQ0n/ZJ+EY8S0BX9qjnZ8nSLoj/A0MH6Q/599JfbQ62b1ESPboJOtvqOEp8JeoRRNIm6m4tadQSV5RE4Fsp6Henv2Uof0sJO9AEx3PxGivjkrLxAtkUmMFFkzG60/cWjpbNOqXfZ78rWoO0jERnW3j5dk3CQoCVqdvnQ8hOAqzC+5ujfvERNhQ4/Tj7kaS8/Vz+oVZOnrZqjyjH2XpbPSs+ATjH4WvV+6MxmwqDSFRq9qa9FHspU6woLrl9Rq SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:zdjf/cL6AWyLEJ9YBVMeFFy8Q7+czq8tQIt8VkVvBIfXaoqGExruqckuv8oErH3Lo35IUzYLYnz3Is/RRaEQoCiBwg99chYQIldX2aY6aTBWp6s1DkXl9tCldPUdB11+35wb1gSVe6DQ1mMx71ewuswSP30IROVEjAdOaALyhPQBYuoUJNc3i7bDZgiSQcPZX1/PnQgAn3Sz6QKyO7XkNgDUTPerwemdI+puDlRZBgATZhvckPf60Vz0F1PFNz9v X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2018 12:49:39.6903 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 19d81111-4663-4ba2-5405-08d584f30fdc X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0156 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 104.47.37.75 Subject: [Qemu-devel] [PATCH v12 07/28] docs: add AMD Secure Encrypted Virtualization (SEV) X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Brijesh Singh , kvm@vger.kernel.org, "Michael S. Tsirkin" , Stefan Hajnoczi , Alexander Graf , "Edgar E. Iglesias" , Markus Armbruster , Bruce Rogers , Christian Borntraeger , Marcel Apfelbaum , Borislav Petkov , Thomas Lendacky , Eduardo Habkost , Richard Henderson , "Dr. David Alan Gilbert" , Alistair Francis , Cornelia Huck , Peter Crosthwaite , Paolo Bonzini Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Create a documentation entry to describe the AMD Secure Encrypted Virtualization (SEV) feature. Cc: Paolo Bonzini Signed-off-by: Brijesh Singh --- docs/amd-memory-encryption.txt | 92 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 docs/amd-memory-encryption.txt diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt new file mode 100644 index 000000000000..72a92b6c6353 --- /dev/null +++ b/docs/amd-memory-encryption.txt @@ -0,0 +1,92 @@ +Secure Encrypted Virtualization (SEV) is a feature found on AMD processors. + +SEV is an extension to the AMD-V architecture which supports running encrypted +virtual machine (VMs) under the control of KVM. Encrypted VMs have their pages +(code and data) secured such that only the guest itself has access to the +unencrypted version. Each encrypted VM is associated with a unique encryption +key; if its data is accessed to a different entity using a different key the +encrypted guests data will be incorrectly decrypted, leading to unintelligible +data. + +The key management of this feature is handled by separate processor known as +AMD secure processor (AMD-SP) which is present in AMD SOCs. Firmware running +inside the AMD-SP provide commands to support common VM lifecycle. This +includes commands for launching, snapshotting, migrating and debugging the +encrypted guest. Those SEV command can be issued via KVM_MEMORY_ENCRYPT_OP +ioctls. + +Launching +--------- +Boot images (such as bios) must be encrypted before guest can be booted. +MEMORY_ENCRYPT_OP ioctl provides commands to encrypt the images :LAUNCH_START, +LAUNCH_UPDATE_DATA, LAUNCH_MEASURE and LAUNCH_FINISH. These four commands +together generate a fresh memory encryption key for the VM, encrypt the boot +images and provide a measurement than can be used as an attestation of the +successful launch. + +LAUNCH_START is called first to create a cryptographic launch context within +the firmware. To create this context, guest owner must provides guest policy, +its public Diffie-Hellman key (PDH) and session parameters. These inputs +should be treated as binary blob and must be passed as-is to the SEV firmware. + +The guest policy is passed as plaintext and hypervisor may able to read it +but should not modify it (any modification of the policy bits will result +in bad measurement). The guest policy is a 4-byte data structure containing +several flags that restricts what can be done on running SEV guest. +See KM Spec section 3 and 6.2 for more details. + +Guest owners provided DH certificate and session parameters will be used to +establish a cryptographic session with the guest owner to negotiate keys used +for the attestation. + +LAUNCH_UPDATE_DATA encrypts the memory region using the cryptographic context +created via LAUNCH_START command. If required, this command can be called +multiple times to encrypt different memory regions. The command also calculates +the measurement of the memory contents as it encrypts. + +LAUNCH_MEASURE command can be used to retrieve the measurement of encrypted +memory. This measurement is a signature of the memory contents that can be +sent to the guest owner as an attestation that the memory was encrypted +correctly by the firmware. The guest owner may wait to provide the guest +confidential information until it can verify the attestation measurement. +Since the guest owner knows the initial contents of the guest at boot, the +attestation measurement can be verified by comparing it to what the guest owner +expects. + +LAUNCH_FINISH command finalizes the guest launch and destroy's the cryptographic +context. + +See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the +complete flow chart. + +Debugging +----------- +Since memory contents of SEV guest is encrypted hence hypervisor access to the +guest memory will get a cipher text. If guest policy allows debugging, then +hypervisor can use DEBUG_DECRYPT and DEBUG_ENCRYPT commands access the guest +memory region for debug purposes. + +Snapshot/Restore +----------------- +TODO + +Live Migration +---------------- +TODO + +References +----------------- + +AMD Memory Encryption whitepaper: +http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf + +Secure Encrypted Virutualization Key Management: +[1] http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf + +KVM Forum slides: +http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf + +AMD64 Architecture Programmer's Manual: + http://support.amd.com/TechDocs/24593.pdf + SME is section 7.10 + SEV is section 15.34