Lines Matching +full:mode +full:- +full:normal
1 .. SPDX-License-Identifier: GPL-2.0
16 (PVR=0x004e1203) or greater will be PEF-capable. A new ISA release
19 When enabled, PEF adds a new higher privileged mode, called Ultravisor
20 mode, to POWER architecture. Along with the new mode there is new
22 for short). Ultravisor mode is the highest privileged mode in POWER
25 +------------------+
29 +------------------+
31 +------------------+
33 +------------------+
35 +------------------+
56 process is running in secure mode, MSR(S) bit 41. MSR(S)=1, process
57 is in secure mode, MSR(s)=0 process is in normal mode.
73 **Secure Mode MSR Settings**
75 +---+---+---+---------------+
79 +---+---+---+---------------+
81 +---+---+---+---------------+
83 +---+---+---+---------------+
85 +---+---+---+---------------+
87 **Normal Mode MSR Settings**
89 +---+---+---+---------------+
93 +---+---+---+---------------+
95 +---+---+---+---------------+
97 +---+---+---+---------------+
99 +---+---+---+---------------+
101 * Memory is partitioned into secure and normal memory. Only processes
102 that are running in secure mode can access secure memory.
117 * When a process is running in secure mode all hypercalls
120 * When a process is in secure mode all interrupts go to the
131 If SMFCTRL(D) is not set they do not work in secure mode. When set,
139 * LDBAR (LD Base Address Register) and IMC (In-Memory Collection)
140 non-architected registers. An attempt to write to them will cause a
152 * SVMs are created from normal VM using (open source) tooling supplied
155 * All SVMs start as normal VMs and utilize an ultracall, UV_ESM
156 (Enter Secure Mode), to make the transition.
161 passes control in secure mode.
180 is a mode of AES that provides integrity and secrecy concurrently.
182 * The movement of data between normal and secure pages is coordinated
183 with the Ultravisor by a new HMM plug-in in the Hypervisor.
194 * Normal memory: Memory that is accessible to Hypervisor.
196 * Normal page: Page backed by normal memory and available to
199 * Shared page: A page backed by normal memory and available to both
222 be accessed when running in Ultravisor-privileged mode.
237 parameter-position based code. i.e U_PARAMETER, U_P2, U_P3 etc
242 to normal memory may be encrypted using dynamically generated keys.
267 -----------
269 Encrypt and move the contents of a page from secure memory to normal
275 .. code-block:: c
280 uint64_t src_gpa, /* source guest-physical-address */
296 * U_BUSY if page cannot be currently paged-out.
301 Encrypt the contents of a secure-page and make it available to
302 Hypervisor in a normal page.
304 By default, the source page is unmapped from the SVM's partition-
321 #. When Ultravisor runs low on secure memory and it needs to page-out
324 then allocate a normal page and issue the ``UV_PAGE_OUT`` ultracall
326 page into the normal page.
330 which the Hypervisor can access. The data in the normal page will
334 ----------
336 Move the contents of a page from normal memory to secure memory.
341 .. code-block:: c
356 * U_BUSY if page cannot be currently paged-in.
367 Move the contents of the page identified by ``src_ra`` from normal
372 partition-scoped page-table of the SVM. If `dest_gpa` is not shared,
389 #. When a normal VM switches to secure mode, all its pages residing
390 in normal memory, are moved into secure memory.
395 #. When an SVM accesses a secure page that has been paged-out,
401 -------------
408 .. code-block:: c
412 uint64_t guest_pa, /* destination guest-physical-address */
441 because it is paged-out to disk, Ultravisor needs to know that the
446 -------------
454 .. code-block:: c
479 Validate and write a LPID and its partition-table-entry for the given
487 called PATE (Partition Table Entries), point to the partition-
489 virtual machines (both secure and normal). The Hypervisor
490 operates in partition 0 and its partition-scoped page tables
491 reside in normal memory.
493 #. This ultracall allows the Hypervisor to register the partition-
494 scoped and process-scoped page table entries for the Hypervisor
502 the PATE entries for a normal VM and can change the PATE entry
507 ---------
516 .. code-block:: c
536 * Non-volatile registers are restored to their original values.
556 --------------------
558 Register an SVM address-range with specified properties.
563 .. code-block:: c
603 #. When new memory is hot-plugged, a new memory slot gets registered.
607 ----------------------
609 Unregister an SVM address-range that was previously registered using
615 .. code-block:: c
641 #. Memory hot-remove.
645 ----------------
652 .. code-block:: c
683 -------------
690 .. code-block:: c
732 ---------------
739 .. code-block:: c
777 --------------------
784 .. code-block:: c
814 ------
816 Secure the virtual machine (*enter secure mode*).
821 .. code-block:: c
851 #. A normal virtual machine can choose to switch to a secure mode.
881 ----------------
883 Begin the process of converting a normal virtual machine into an SVM.
888 .. code-block:: c
906 pages from normal to secure memory etc. When the process is
913 has initiated the process of switching to secure mode.
917 ---------------
924 .. code-block:: c
955 ----------------
962 .. code-block:: c
980 normal VM).
989 On entry into this hypercall the non-volatile GPRs and FPRs are
997 out pages that were paged-into secure memory, and issue the
1015 -------------
1017 Move the contents of a page from normal memory to secure memory.
1022 .. code-block:: c
1025 uint64_t guest_pa, /* guest-physical-address */
1058 #. When a normal VM becomes a secure VM (using the UV_ESM ultracall),
1060 the VM from normal memory to secure memory.
1063 in normal memory that can be shared between the SVM and Hypervisor.
1065 #. Ultravisor uses this hypercall to page-in a paged-out page. This
1066 can happen when the SVM touches a paged-out page.
1070 and inform Hypervisor that it has released access to the normal
1074 ---------------
1076 Move the contents of the page to normal memory.
1081 .. code-block:: c
1084 uint64_t guest_pa, /* guest-physical-address */
1101 Move the contents of the page identified by ``guest_pa`` to normal
1111 contents of some secure pages, into normal pages using this
1117 - `Supporting Protected Computing on IBM Power Architecture <https://developer.ibm.com/articles/l-s…