diff options
| author | Ashish Kalra <ashish.kalra@amd.com> | 2025-08-20 20:50:25 +0000 |
|---|---|---|
| committer | Sean Christopherson <seanjc@google.com> | 2025-09-15 10:14:11 -0700 |
| commit | 6c7c620585c6537dd5dcc75f972b875caf00f773 (patch) | |
| tree | 01aa01695a0b03f79b260c4f1c5cac7b007f479a /tools/docs/lib/parse_data_structs.py | |
| parent | d7fc7d9833f6b60805f67e3f913b7a646ce2a47e (diff) | |
KVM: SEV: Add SEV-SNP CipherTextHiding support
Ciphertext hiding prevents host accesses from reading the ciphertext of
SNP guest private memory. Instead of reading ciphertext, the host reads
will see constant default values (0xff).
The SEV ASID space is split into SEV and SEV-ES/SEV-SNP ASID ranges.
Enabling ciphertext hiding further splits the SEV-ES/SEV-SNP ASID space
into separate ASID ranges for SEV-ES and SEV-SNP guests.
Add a new off-by-default kvm-amd module parameter to enable ciphertext
hiding and allow the admin to configure the SEV-ES and SEV-SNP ASID
ranges. Simply cap the maximum SEV-SNP ASID as appropriate, i.e. don't
reject loading KVM or disable ciphertest hiding for a too-big value, as
KVM's general approach for module params is to sanitize inputs based on
hardware/kernel support, not burn the world down. This also allows the
admin to use -1u to assign all SEV-ES/SNP ASIDs to SNP without needing
dedicated handling in KVM.
Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
Co-developed-by: Sean Christopherson <seanjc@google.com>
Link: https://lore.kernel.org/r/95abc49edfde36d4fb791570ea2a4be6ad95fd0d.1755721927.git.ashish.kalra@amd.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Diffstat (limited to 'tools/docs/lib/parse_data_structs.py')
0 files changed, 0 insertions, 0 deletions