cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EPYC Discussions

lit-davidr
Journeyman III
‎10-05-2022 06:07 PM

AMD SEV-SNP multi-cpu support

Hi,

We're in the process of buying hardware and wanted to verify whether the SEV-SNP features work on multi-cpu? It's my understanding that the memory encryption happens based on the keys inside a CPU. So I am curious to know how this works when a guest is running with two host processors?

I also wanted to confirm if the "undervolting" vulnerability has been addressed or is on the roadmap to being addressed?

Thanks!

David

2 Replies
Sandeep_Gupta
Staff
Staff
‎10-14-2022 10:51 AM

Please refer to – (this is the latest Host Patches, we have)

[PATCH Part2 v6 00/49] Add AMD Secure Nested Paging (SEV-SNP) (kernel.org) - https://lore.kernel.org/lkml/cover.1655761627.git.ashish.kalra@amd.com/T/#mf71fb7d0f06b0c72c0b01df71...

 

 

2022-06-20 22:56 Ashish Kalra

  2022-06-20 22:59 ` [PATCH Part2 v6 01/49] x86/cpufeatures: Add SEV-SNP CPU feature Ashish Kalra

                   ` (48 more replies)

  0 siblings, 49 replies; 193+ messages in thread

From: Ashish Kalra @ 2022-06-20 22:56 UTC (permalink / raw)

  To: x86, linux-kernel, kvm, linux-coco, linux-mm, linux-crypto

  Cc: tglx, mingo, jroedel, thomas.lendacky, hpa, ardb, pbonzini,

        seanjc, vkuznets, wanpengli, jmattson, luto, dave.hansen, slp,

        pgonda, peterz, srinivas.pandruvada, rientjes, dovmurik, tobin,

        bp, michael.roth, vbabka, kirill, ak, tony.luck, marcorr,

        sathyanarayanan.kuppuswamy, alpergun, dgilbert, jarkko

 

From: Ashish Kalra <ashish.kalra@amd.com>

 

This part of the Secure Encrypted Paging (SEV-SNP) series focuses on the changes required in a host OS for SEV-SNP support. The series builds upon SEV-SNP Guest Support now part of mainline.

 

This series provides the basic building blocks to support booting the SEV-SNP VMs, it does not cover all the security enhancement introduced by the SEV-SNP such as interrupt protection.

 

The CCP driver is enhanced to provide new APIs that use the SEV-SNP specific commands defined in the SEV-SNP firmware specification. The KVM driver uses those APIs to create and managed the SEV-SNP guests.

 

The GHCB specification version 2 introduces new set of NAE's that is used by the SEV-SNP guest to communicate with the hypervisor. The series provides support to handle the following new NAE events:

- Register GHCB GPA

- Page State Change Request

- Hypevisor feature

- Guest message request

 

The RMP check is enforced as soon as SEV-SNP is enabled. Not every memory access requires an RMP check. In particular, the read accesses from the hypervisor do not require RMP checks because the data confidentiality is already protected via memory encryption. When hardware encounters an RMP checks failure, it raises a page-fault exception. If RMP check failure is due to the page-size mismatch, then split the large page to resolve the fault.

 

The series does not provide support for the interrupt security and migration and those feature will be added after the base support.

 

Please note that some areas, such as how private guest pages are managed/pinned/protected, are likely to change once Unmapped Private Memory support is further along in development/design and can be incorporated into this series. We are posting these patches without UPM support for now to hopefully get some review on other aspects of the series in the meantime.

 

Here is a link to latest UPM v6 patches:

https://lore.kernel.org/linux-mm/20220519153713.819591-1-chao.p.peng@linux.intel.com/

Sandeep_Gupta
Staff
Staff
‎10-14-2022 10:58 AM

Also please refer to - AMD-SEV-SNP -- Discussion list for open source work around AMD’s SEV-SNP technology.

AMD-SEV-SNP Info Page (suse.com) - https://lists.suse.com/mailman/listinfo/amd-sev-snp