Please refer to – (this is the latest Host Patches, we have)
[PATCH Part2 v6 00/49] Add AMD Secure Nested Paging (SEV-SNP) (kernel.org) - https://lore.kernel.org/lkml/cover.1655761627.git.ashish.kalra@amd.com/T/#mf71fb7d0f06b0c72c0b01df71...
2022-06-20 22:56 Ashish Kalra
2022-06-20 22:59 ` [PATCH Part2 v6 01/49] x86/cpufeatures: Add SEV-SNP CPU feature Ashish Kalra
` (48 more replies)
0 siblings, 49 replies; 193+ messages in thread
From: Ashish Kalra @ 2022-06-20 22:56 UTC (permalink / raw)
To: x86, linux-kernel, kvm, linux-coco, linux-mm, linux-crypto
Cc: tglx, mingo, jroedel, thomas.lendacky, hpa, ardb, pbonzini,
seanjc, vkuznets, wanpengli, jmattson, luto, dave.hansen, slp,
pgonda, peterz, srinivas.pandruvada, rientjes, dovmurik, tobin,
bp, michael.roth, vbabka, kirill, ak, tony.luck, marcorr,
sathyanarayanan.kuppuswamy, alpergun, dgilbert, jarkko
From: Ashish Kalra <ashish.kalra@amd.com>
This part of the Secure Encrypted Paging (SEV-SNP) series focuses on the changes required in a host OS for SEV-SNP support. The series builds upon SEV-SNP Guest Support now part of mainline.
This series provides the basic building blocks to support booting the SEV-SNP VMs, it does not cover all the security enhancement introduced by the SEV-SNP such as interrupt protection.
The CCP driver is enhanced to provide new APIs that use the SEV-SNP specific commands defined in the SEV-SNP firmware specification. The KVM driver uses those APIs to create and managed the SEV-SNP guests.
The GHCB specification version 2 introduces new set of NAE's that is used by the SEV-SNP guest to communicate with the hypervisor. The series provides support to handle the following new NAE events:
- Register GHCB GPA
- Page State Change Request
- Hypevisor feature
- Guest message request
The RMP check is enforced as soon as SEV-SNP is enabled. Not every memory access requires an RMP check. In particular, the read accesses from the hypervisor do not require RMP checks because the data confidentiality is already protected via memory encryption. When hardware encounters an RMP checks failure, it raises a page-fault exception. If RMP check failure is due to the page-size mismatch, then split the large page to resolve the fault.
The series does not provide support for the interrupt security and migration and those feature will be added after the base support.
Please note that some areas, such as how private guest pages are managed/pinned/protected, are likely to change once Unmapped Private Memory support is further along in development/design and can be incorporated into this series. We are posting these patches without UPM support for now to hopefully get some review on other aspects of the series in the meantime.
Here is a link to latest UPM v6 patches:
https://lore.kernel.org/linux-mm/20220519153713.819591-1-chao.p.peng@linux.intel.com/