Lines Matching full:guest

50 The SEV guest key management is handled by a separate processor called the AMD
53 encrypting bootstrap code, snapshot, migrating and debugging the guest. For more
94 context. To create the encryption context, user must provide a guest policy,
105                 __u32 policy;           /* guest's policy */
107 …              __u64 dh_uaddr;         /* userspace address pointing to the guest owner's PDH key */
110 …      __u64 session_addr;     /* userspace address which points to the guest session information */
125 of the memory contents that can be sent to the guest owner as an attestation
145 data encrypted by the KVM_SEV_LAUNCH_UPDATE_DATA command. The guest owner may
146 wait to provide the guest with confidential information until it can verify the
147 measurement. Since the guest owner knows the initial contents of the guest at
148 boot, the measurement can be verified by comparing it to what the guest owner
168 issued to make the guest ready for the execution.
176 SEV-enabled guest.
185                 __u32 handle;   /* guest handle */
186                 __u32 policy;   /* guest policy */
187                 __u8 state;     /* guest state (see enum below) */
190 SEV guest state:
196         SEV_STATE_LAUNCHING,    /* guest is currently being launched */
197 …      SEV_STATE_SECRET,       /* guest is being launched and ready to accept the ciphertext data */
198         SEV_STATE_RUNNING,      /* guest is fully launched and running */
199         SEV_STATE_RECEIVING,    /* guest is being migrated in from another SEV machine */
200         SEV_STATE_SENDING       /* guest is getting migrated out to another SEV machine */
221 The command returns an error if the guest policy does not allow debugging.
241 The command returns an error if the guest policy does not allow debugging.
247 data after the measurement has been validated by the guest owner.
259 …          __u64 guest_uaddr;      /* the guest memory region where the secret should be injected */