| Message ID | 20221214194056.161492-64-michael.roth@amd.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
by smtp.lore.kernel.org (Postfix) with ESMTP id DBB18C4332F
for <linux-mm@archiver.kernel.org>; Wed, 14 Dec 2022 20:07:51 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
id 7BA2B8E001D; Wed, 14 Dec 2022 15:07:51 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
id 76AC68E0002; Wed, 14 Dec 2022 15:07:51 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
id 5E4E38E001D; Wed, 14 Dec 2022 15:07:51 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com
[216.40.44.16])
by kanga.kvack.org (Postfix) with ESMTP id 4B09F8E0002
for <linux-mm@kvack.org>; Wed, 14 Dec 2022 15:07:51 -0500 (EST)
Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1])
by unirelay02.hostedemail.com (Postfix) with ESMTP id 1C7C3120F90
for <linux-mm@kvack.org>; Wed, 14 Dec 2022 20:07:51 +0000 (UTC)
X-FDA: 80241997542.14.AFC4592
Received: from NAM12-BN8-obe.outbound.protection.outlook.com
(mail-bn8nam12on2060.outbound.protection.outlook.com [40.107.237.60])
by imf20.hostedemail.com (Postfix) with ESMTP id 55B151C001D
for <linux-mm@kvack.org>; Wed, 14 Dec 2022 20:07:48 +0000 (UTC)
Authentication-Results: imf20.hostedemail.com;
dkim=pass header.d=amd.com header.s=selector1 header.b=j5C3rc3k;
dmarc=pass (policy=quarantine) header.from=amd.com;
spf=pass (imf20.hostedemail.com: domain of Michael.Roth@amd.com designates
40.107.237.60 as permitted sender) smtp.mailfrom=Michael.Roth@amd.com;
arc=pass ("microsoft.com:s=arcselector9901:i=1")
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed;
d=hostedemail.com;
s=arc-20220608; t=1671048468;
h=from:from:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:cc:mime-version:mime-version:
content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references:dkim-signature;
bh=MQUMBExNxhs8U7TItiZxvWkZDCRmiRb0tzOnKzQnm4k=;
b=vhaKXp8sQfAnVAsPTgvLAHOcAFLAVfRFYBIoGQ2m+P7u6FBa69zYAtCloxdkuCgVhblvdi
jf7f7BhMhPHK95MO2PsXT01EVL+4d0u+HEcqhyAreIcQ4CHZGErOxgCsunk5s2p5QS3Nxp
xIH5xZaQO+DIiCTMnBbY9kc9Evj6o1U=
ARC-Authentication-Results: i=2;
imf20.hostedemail.com;
dkim=pass header.d=amd.com header.s=selector1 header.b=j5C3rc3k;
dmarc=pass (policy=quarantine) header.from=amd.com;
spf=pass (imf20.hostedemail.com: domain of Michael.Roth@amd.com designates
40.107.237.60 as permitted sender) smtp.mailfrom=Michael.Roth@amd.com;
arc=pass ("microsoft.com:s=arcselector9901:i=1")
ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1671048468; a=rsa-sha256;
cv=pass;
b=fGYBcs1wmAOGc0eHFOJV0askLH9ukgLQVhm4XwV5OQm/TSqoHd855o8n/lA264AuDBWDKJ
XzvJB1P2N6Z8oVDrKUbcaHe6EvNXxHHuqcZmDctDsHEBYQ4jKaVSUrf/0IM3FaG63k3ecM
dVD42bC1okefkmLOCmtIODePotohWds=
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=PffBtNm14sTdFQJm5LQhkHiV4jLou0ajrCU3GRbrlYityg1zooHioCPnxUcUQgbph71MgdRpyPmCLc1NFa8p/kYubAAPCXS1lcRFh+Jb0TIwWfi7ncwTtWc5Ff1JgeaSiV0ZI2//3ekktpN4i1OG8HdIYtd9kjfiiAVo91vV2pioWArF92LpBymYVE5KTiT8OqiNK+wGWBm+d5xHCXS0IXY/b71LGdVHmrZ2GwBimql6q4dOy+KQA5TCIuvrT7zeMOsWGQjQUsHXF6EO0nzFdoUGWo30Tzr7hN8QzR1ce3s4htd1sHRajk+e3i178n14SHBGn/Pp3/XG4VlpJycpBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=MQUMBExNxhs8U7TItiZxvWkZDCRmiRb0tzOnKzQnm4k=;
b=bRpQd2YOWjl137T+SBBTODR5Lq1kCp5BpSEyL4btoHBLGWKqT/mHk8q81Yy/YHg3Ds/gdNReaIPdg64sULd4ubEGhY7bt1JrQomf7eU6IHSjgvl25M7Bbm6vsU4VHfEgaGqcpUhQBxauTVt1TmNS3FyW/Unnd+nceOHOR/hV2pwq3GckX0cNb78TXmWTIdLXQvuHu+XZUM9/ID9X1D8q4tC8jjLhvv3Lf6Eawh+ihHb6Kta/Lv0n2hELkMUpAxO7Fg30Ppw80gWycEmQRn2fD0Y6E3b+1ObpuQhhZZ0YApdN2y6q9Ge4kjE0M9YJ+s+cU0poxoit6HAqh8UXfOEh7A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=MQUMBExNxhs8U7TItiZxvWkZDCRmiRb0tzOnKzQnm4k=;
b=j5C3rc3kx24ZrHkmWWJC+5eGKhHob3uCIQIbSBGLVa5OrFhV64+hfPhWcEwjFk/M396jEInScpIOeiFPeHiEujOp0/TpwYKPGWiJN2nXJpltZYag2L5gjfChOCsCmJA8AIaAZ+Ph7er/uMrp+nXt3JkeXM67G7W2gHy5nGMAMYw=
Received: from MW4PR04CA0386.namprd04.prod.outlook.com (2603:10b6:303:81::31)
by CH2PR12MB4311.namprd12.prod.outlook.com (2603:10b6:610:a8::21) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.19; Wed, 14 Dec
2022 20:07:45 +0000
Received: from CO1NAM11FT030.eop-nam11.prod.protection.outlook.com
(2603:10b6:303:81:cafe::af) by MW4PR04CA0386.outlook.office365.com
(2603:10b6:303:81::31) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.11 via Frontend
Transport; Wed, 14 Dec 2022 20:07:45 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
CO1NAM11FT030.mail.protection.outlook.com (10.13.174.125) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.5924.11 via Frontend Transport; Wed, 14 Dec 2022 20:07:45 +0000
Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 14 Dec
2022 14:07:44 -0600
From: Michael Roth <michael.roth@amd.com>
To: <kvm@vger.kernel.org>
CC: <linux-coco@lists.linux.dev>, <linux-mm@kvack.org>,
<linux-crypto@vger.kernel.org>, <x86@kernel.org>,
<linux-kernel@vger.kernel.org>, <tglx@linutronix.de>, <mingo@redhat.com>,
<jroedel@suse.de>, <thomas.lendacky@amd.com>, <hpa@zytor.com>,
<ardb@kernel.org>, <pbonzini@redhat.com>, <seanjc@google.com>,
<vkuznets@redhat.com>, <wanpengli@tencent.com>, <jmattson@google.com>,
<luto@kernel.org>, <dave.hansen@linux.intel.com>, <slp@redhat.com>,
<pgonda@google.com>, <peterz@infradead.org>,
<srinivas.pandruvada@linux.intel.com>, <rientjes@google.com>,
<dovmurik@linux.ibm.com>, <tobin@ibm.com>, <bp@alien8.de>, <vbabka@suse.cz>,
<kirill@shutemov.name>, <ak@linux.intel.com>, <tony.luck@intel.com>,
<marcorr@google.com>, <sathyanarayanan.kuppuswamy@linux.intel.com>,
<alpergun@google.com>, <dgilbert@redhat.com>, <jarkko@kernel.org>,
<ashish.kalra@amd.com>, <harald@profian.com>, Dionna Glaze
<dionnaglaze@google.com>, Thomas Lendacky <Thomas.Lendacky@amd.com>
Subject: [PATCH RFC v7 63/64] x86/sev: Document KVM_SEV_SNP_{G,S}ET_CERTS
Date: Wed, 14 Dec 2022 13:40:55 -0600
Message-ID: <20221214194056.161492-64-michael.roth@amd.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20221214194056.161492-1-michael.roth@amd.com>
References: <20221214194056.161492-1-michael.roth@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1NAM11FT030:EE_|CH2PR12MB4311:EE_
X-MS-Office365-Filtering-Correlation-Id: 057bc176-fb98-4e50-7694-08dade0edd8e
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
DSGd9aBr3Ge2D0VzQnxViKZf0aa9KRxd6mZo0UQbPf+XscEoTQ4t2UJLD92EWj62gVTphF616ESobRSl4U2//dmzZFhiDG5jlYjYN04NvboCJ99ryndKo6mT/lGA67Ow+criYRaCP060x5nFa7Z+ikBM5SnEFyZv4s+mdMPUMInQIesO6OQgaQc8jWDHiOG9on/2wka3B+rN1pfkqF2GHGj86hNu4XEBDj0tqsRRlV4x1sR6ZvuJ+n1l2J5nyJtAHLaZbBoOfnkq4BXFXWkNqP/g7PcfRCqlpT6HOUWZLWCMt2bJoWPt2IOJxFdLjMKYbcJYsbI3OORlI/ZCDLvWN9p9ZtyZaaTOrKZHyCvdkYlUm4jn5uyrrS6qjtD5SlnHP9SWcAXmw+UiYOEzq+Yyl4jU4O/6UUFb3fIvq5iMpmLrxTeX5On8mPa/xTvOZynsm/pD0cjH881x9fJTX3dWYiD1+IDdy7wesgFO4HwTFcUnqX3vMNR5toOEzIn3hiWUtT/Wh89GcT6f+Ha8BpiFPQl0Mgrau4MbVil/fqjp3atcO6puSHZs6G/pu/Am+H0SVNt71L/DFttncbDERM9T5kCVI0YvFCOX/JpXrp71XkazDAcZq28RHhldvW7rvXMaD8Kk13U9KyY1cBY8VZn+veKgrKWVI76soeQ89XInLbu46j25DpIWP2cCZQu7Su0rmDlNFmi1+ra2XhP8ae0qLSrH+tnAYJEW8QMXviS7kjc=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:CA;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230022)(4636009)(136003)(396003)(376002)(39860400002)(346002)(451199015)(40470700004)(46966006)(36840700001)(36756003)(36860700001)(4326008)(70206006)(1076003)(40460700003)(70586007)(8676002)(16526019)(47076005)(2616005)(7406005)(8936002)(41300700001)(426003)(83380400001)(336012)(5660300002)(316002)(54906003)(6916009)(478600001)(186003)(26005)(82310400005)(86362001)(6666004)(7416002)(82740400003)(2906002)(81166007)(356005)(40480700001)(44832011)(36900700001);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Dec 2022 20:07:45.2637
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
057bc176-fb98-4e50-7694-08dade0edd8e
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
CO1NAM11FT030.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4311
X-Rspam-User:
X-Rspamd-Server: rspam02
X-Rspamd-Queue-Id: 55B151C001D
X-Stat-Signature: 97did3cscwg71eccwwdtrck4hgjysdp1
X-HE-Tag: 1671048468-774175
X-HE-Meta:
U2FsdGVkX19BrI6WWAiPfHAYpPrSOobNGkKRbe7yQkArbJZyupmrSRVNVOlCvoPQrUvv2I2VgciVDF0djkowzu+O5cQ+ItdQNLrchLXFKrGfjXHCvEVjrsU+DF1KnJtfbY3w7xJJbW1f4Ig7QiuqKzKJEHMzE2BX+X9faC2PAR3w35lschzp1+sc5AspRQSC9a66Ve07Upi3AdOQu69CqAS0GPxO2IY+xvIsENj4tTyH3RqtITBkIOCIJPq+lDdR2Hd2FBqhJQ3lY2Qzi7UwExP4BoKtPcEI+j56ebUzwnXqgbWJT5u8V8+k8KNBDedGKMQJ03KRrNFy02YU24CW/uJhzt5tU+rZ6bjWXNGtvHKRGRr7VatmTrb4n5x01vvhHHU7U1mwJpd/fndYrphTOIK6N+qmtDrthDdiOkWcNQDnkV/KggkBXT5Uvg3pRDZ0NRi0+iihnXDJc8a5EglRFuUnHT46VWPQFQe1oPEXy6FdK8CPQWqBu8ZAIRod4kr1ZYM4aw/V8FWu/57A7lK4gtbyjC8EN83NzkfGVH0mhBkW8DDw2zzvndc3R1muf8DbKLDCw6t4wFnK62s4K6wM3BxyA3Y+C9STmFwVeIvQZ4uGGpbu5iUpYAmNFAns0SALeLw9q7Czb3FmOmpE1nPShVJrzdUp82K+GM48SDsJdEdUJK/dn1N30Kw41krqIH3g1FuKm6F6EDhvB3Heq2lwzDI+GVMPauKU003nmiDoCYNiR+zyhrsBfuvxpKkIUVrUREQY4+gqWmTxdgqXM38moipq521Ohply8f+8ZhYyN6KjJpsMr0FSJ3FWs7hugPeWvO7pVsSuUn4ffGWr6eHcuDZKQZHGURwd8RRDperys4H3UV+poX/FbSrA9rv5rdK3qN1j7ZAmrTA7G9qku6lGrroUCbomFCCPtX10E/Sw16MBaXSqX6z+8mqzmTebXy780JSIIEBAGWqEbuUr8C3
mZ6uDU2z
ukZiO948v1qG5pX3ACRHzg9Acd858k4Eu00RBjXYDQHRbhQrI9hO8qbPICA==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
|
| Series |
Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support
|
expand
|
diff --git a/Documentation/virt/kvm/x86/amd-memory-encryption.rst b/Documentation/virt/kvm/x86/amd-memory-encryption.rst index e4b42aaab1de..3cfe7b7cef61 100644 --- a/Documentation/virt/kvm/x86/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/x86/amd-memory-encryption.rst @@ -536,6 +536,50 @@ Returns: 0 on success, -negative on error See SEV-SNP specification for further details on launch finish input parameters. +22. KVM_SEV_SNP_GET_CERTS +------------------------- + +After the SNP guest launch flow has started, the KVM_SEV_SNP_GET_CERTS command +can be issued to request the data that has been installed with the +KVM_SEV_SNP_SET_CERTS command. + +Parameters (in/out): struct kvm_sev_snp_get_certs + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_snp_get_certs { + __u64 certs_uaddr; + __u64 certs_len + }; + +If no certs have been installed, then the return value is -ENOENT. +If the buffer specified in the struct is too small, the certs_len field will be +overwritten with the required bytes to receive all the certificate bytes and the +return value will be -EINVAL. + +23. KVM_SEV_SNP_SET_CERTS +------------------------- + +After the SNP guest launch flow has started, the KVM_SEV_SNP_SET_CERTS command +can be issued to override the /dev/sev certs data that is returned when a +guest issues an extended guest request. This is useful for instance-specific +extensions to the host certificates. + +Parameters (in/out): struct kvm_sev_snp_set_certs + +Returns: 0 on success, -negative on error + +:: + + struct kvm_sev_snp_set_certs { + __u64 certs_uaddr; + __u64 certs_len + }; + +The certs_len field may not exceed SEV_FW_BLOB_MAX_SIZE. + References ==========