cancel
Showing results for 
Search instead for 
Did you mean: 

Server Gurus Discussions

ehuang
Journeyman III

AMD SEV LAUNCH_SECRET

According to AMD Memory Encryption White Paper (https://developer.amd.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf), a guest owner can provide a secret (such as a disk decryption key) in the guest launch process.
Suppose the secret is NOT a disk decryption key. The SEV API (https://developer.amd.com/wp-content/resources/55766.PDF) says that LAUNCH_SECRET command will inject the secret into the launched guest at GUEST_PADDR.
Does anyone know how a software application running in the guest accesses that region of memory (i.e., that secret) programmatically?

0 Likes
1 Reply
imlk
Journeyman III

0 Likes