AnsweredAssumed Answered

AMD SEV LAUNCH_SECRET

Question asked by ehuang on Nov 19, 2019

According to AMD Memory Encryption White Paper (https://developer.amd.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf), a guest owner can provide a secret (such as a disk decryption key) in the guest launch process.
Suppose the secret is NOT a disk decryption key. The SEV API (https://developer.amd.com/wp-content/resources/55766.PDF) says that LAUNCH_SECRET command will inject the secret into the launched guest at GUEST_PADDR.
Does anyone know how a software application running in the guest accesses that region of memory (i.e., that secret) programmatically?

Outcomes