Lines Matching refs:SEV

1 AMD Secure Encrypted Virtualization (SEV)
4 Secure Encrypted Virtualization (SEV) is a feature found on AMD processors.
6 SEV is an extension to the AMD-V architecture which supports running encrypted
18 encrypted guest. These SEV commands can be issued via KVM_MEMORY_ENCRYPT_OP
21 Secure Encrypted Virtualization - Encrypted State (SEV-ES) builds on the SEV
38 For a SEV-ES guest, the ``LAUNCH_UPDATE_VMSA`` command is also used to encrypt the
44 should be treated as a binary blob and must be passed as-is to the SEV firmware.
49 several flags that restricts what can be done on a running SEV guest.
50 See SEV API Spec ([SEVAPI]_) section 3 and 6.2 for more details.
57 Setting the "SEV-ES required" policy bit (bit 2) will launch the guest as a
58 SEV-ES guest::
78 ``LAUNCH_UPDATE_VMSA`` encrypts all the vCPU VMSAs for a SEV-ES guest using the
83 for a SEV-ES guest, encrypted VMSAs. This measurement is a signature of the
84 memory contents and, for a SEV-ES guest, the VMSA contents, that can be sent
95 See SEV API Spec ([SEVAPI]_) 'Launching a guest' usage flow (Appendix A) for the
98 To launch a SEV guest::
104 To launch a SEV-ES guest::
110 An SEV-ES guest has some restrictions as compared to a SEV guest. Because the
112 a SEV-ES guest:
125 it in the exact same way as it is calculated by the AMD-SP.  SEV API Spec
141 is the last 16 bytes of the base64-decoded data field (see SEV API Spec
156 * if SEV-ES is enabled (``policy & 0x4 != 0``), ``vmsas_blob`` is the
161 If kernel hashes are not used, or SEV-ES is disabled, use empty blobs for
167 Since the memory contents of a SEV guest are encrypted, hypervisor access to
198 * `Extending Secure Encrypted Virtualization With SEV-ES (2018)
199 …<https://www.linux-kvm.org/images/9/94/Extending-Secure-Encrypted-Virtualization-with-SEV-ES-Thoma…
205 * SEV is section 15.34
206 * SEV-ES is section 15.35