193777de3SPhilippe Mathieu-Daudé /* 293777de3SPhilippe Mathieu-Daudé * QEMU Secure Encrypted Virutualization (SEV) support 393777de3SPhilippe Mathieu-Daudé * 493777de3SPhilippe Mathieu-Daudé * Copyright: Advanced Micro Devices, 2016-2018 593777de3SPhilippe Mathieu-Daudé * 693777de3SPhilippe Mathieu-Daudé * Authors: 793777de3SPhilippe Mathieu-Daudé * Brijesh Singh <brijesh.singh@amd.com> 893777de3SPhilippe Mathieu-Daudé * 993777de3SPhilippe Mathieu-Daudé * This work is licensed under the terms of the GNU GPL, version 2 or later. 1093777de3SPhilippe Mathieu-Daudé * See the COPYING file in the top-level directory. 1193777de3SPhilippe Mathieu-Daudé * 1293777de3SPhilippe Mathieu-Daudé */ 1393777de3SPhilippe Mathieu-Daudé 1452581c71SMarkus Armbruster #ifndef I386_SEV_H 1552581c71SMarkus Armbruster #define I386_SEV_H 1693777de3SPhilippe Mathieu-Daudé 1702eacf31SPhilippe Mathieu-Daudé #ifndef CONFIG_USER_ONLY 1802eacf31SPhilippe Mathieu-Daudé #include CONFIG_DEVICES /* CONFIG_SEV */ 1902eacf31SPhilippe Mathieu-Daudé #endif 2002eacf31SPhilippe Mathieu-Daudé 21deae846fSPhilippe Mathieu-Daudé #include "exec/confidential-guest-support.h" 2293777de3SPhilippe Mathieu-Daudé 2316dcf200SMichael Roth #define TYPE_SEV_COMMON "sev-common" 2416dcf200SMichael Roth #define TYPE_SEV_GUEST "sev-guest" 257b34df44SBrijesh Singh #define TYPE_SEV_SNP_GUEST "sev-snp-guest" 2616dcf200SMichael Roth 2793777de3SPhilippe Mathieu-Daudé #define SEV_POLICY_NODBG 0x1 2893777de3SPhilippe Mathieu-Daudé #define SEV_POLICY_NOKS 0x2 2993777de3SPhilippe Mathieu-Daudé #define SEV_POLICY_ES 0x4 3093777de3SPhilippe Mathieu-Daudé #define SEV_POLICY_NOSEND 0x8 3193777de3SPhilippe Mathieu-Daudé #define SEV_POLICY_DOMAIN 0x10 3293777de3SPhilippe Mathieu-Daudé #define SEV_POLICY_SEV 0x20 3393777de3SPhilippe Mathieu-Daudé 3459d3740cSMichael Roth #define SEV_SNP_POLICY_SMT 0x10000 3559d3740cSMichael Roth #define SEV_SNP_POLICY_DBG 0x80000 3659d3740cSMichael Roth 3793777de3SPhilippe Mathieu-Daudé typedef struct SevKernelLoaderContext { 3893777de3SPhilippe Mathieu-Daudé char *setup_data; 3993777de3SPhilippe Mathieu-Daudé size_t setup_size; 4093777de3SPhilippe Mathieu-Daudé char *kernel_data; 4193777de3SPhilippe Mathieu-Daudé size_t kernel_size; 4293777de3SPhilippe Mathieu-Daudé char *initrd_data; 4393777de3SPhilippe Mathieu-Daudé size_t initrd_size; 4493777de3SPhilippe Mathieu-Daudé char *cmdline_data; 4593777de3SPhilippe Mathieu-Daudé size_t cmdline_size; 4693777de3SPhilippe Mathieu-Daudé } SevKernelLoaderContext; 4793777de3SPhilippe Mathieu-Daudé 4802eacf31SPhilippe Mathieu-Daudé #ifdef CONFIG_SEV 49deae846fSPhilippe Mathieu-Daudé bool sev_enabled(void); 5002eacf31SPhilippe Mathieu-Daudé bool sev_es_enabled(void); 5199190f80SMichael Roth bool sev_snp_enabled(void); 5202eacf31SPhilippe Mathieu-Daudé #else 5302eacf31SPhilippe Mathieu-Daudé #define sev_enabled() 0 5402eacf31SPhilippe Mathieu-Daudé #define sev_es_enabled() 0 5599190f80SMichael Roth #define sev_snp_enabled() 0 5602eacf31SPhilippe Mathieu-Daudé #endif 5702eacf31SPhilippe Mathieu-Daudé 58f703f1efSPhilippe Mathieu-Daudé uint32_t sev_get_cbit_position(void); 59f703f1efSPhilippe Mathieu-Daudé uint32_t sev_get_reduced_phys_bits(void); 60f703f1efSPhilippe Mathieu-Daudé bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp); 6193777de3SPhilippe Mathieu-Daudé 62*77d1abd9SBrijesh Singh int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp); 63deae846fSPhilippe Mathieu-Daudé int sev_inject_launch_secret(const char *hdr, const char *secret, 64deae846fSPhilippe Mathieu-Daudé uint64_t gpa, Error **errp); 65deae846fSPhilippe Mathieu-Daudé 66deae846fSPhilippe Mathieu-Daudé int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size); 67deae846fSPhilippe Mathieu-Daudé void sev_es_set_reset_vector(CPUState *cpu); 68deae846fSPhilippe Mathieu-Daudé 69f3c30c57SBrijesh Singh void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size); 70f3c30c57SBrijesh Singh 7193777de3SPhilippe Mathieu-Daudé #endif 72