AnsweredAssumed Answered


Question asked by ehuang on Nov 19, 2019

According to AMD Memory Encryption White Paper (, a guest owner can provide a secret (such as a disk decryption key) in the guest launch process.
Suppose the secret is NOT a disk decryption key. The SEV API ( says that LAUNCH_SECRET command will inject the secret into the launched guest at GUEST_PADDR.
Does anyone know how a software application running in the guest accesses that region of memory (i.e., that secret) programmatically?