amd-memory-encryption.rst - OpenGrok cross reference for /Documentation/virt/kvm/amd-memory-encryption.rst

Lines Matching +full:memory +full:- +full:region
10 SEV is an extension to the AMD-V architecture which supports running
12 the memory contents of a VM will be transparently encrypted with a key
29 		Bit[23]	   1 = memory encryption can be enabled
30 			   0 = memory encryption can not be enabled
33 		Bit[0]	   1 = memory encryption can be enabled
34 			   0 = memory encryption can not be enabled
43 SEV hardware uses ASIDs to associate a memory encryption key with a VM.
44 Hence, the ASID for the SEV-enabled guests must be from 1 to a maximum value
51 Secure Processor (AMD-SP). Firmware running inside the AMD-SP provides a secure
54 information, see the SEV Key Management spec [api-spec]_
60 ---------------
65 Returns: 0 on success, -negative on error
68 -----------------------
70 The KVM_SEV_LAUNCH_START command is used for creating the memory encryption
72 the owner's public Diffie-Hellman (PDH) key and session information.
76 Returns: 0 on success, -negative on error
96 -----------------------------
98 The KVM_SEV_LAUNCH_UPDATE_DATA is used for encrypting a memory region. It also
99 calculates a measurement of the memory contents. The measurement is a signature
100 of the memory contents that can be sent to the guest owner as an attestation
101 that the memory was encrypted correctly by the firmware.
105 Returns: 0 on success, -negative on error
110                 __u64 uaddr;    /* userspace address to be encrypted (must be 16-byte aligned) */
111                 __u32 len;      /* length of the data to be encrypted (must be 16-byte aligned) */
117 -------------------------
128 Returns: 0 on success, -negative on error
140 ------------------------
145 Returns: 0 on success, -negative on error
148 -----------------------
151 SEV-enabled guest.
155 Returns: 0 on success, -negative on error
179 ----------------------
182 firmware to decrypt the data at the given memory region.
186 Returns: 0 on success, -negative on error
193                 __u32 len;              /* length of memory region to decrypt */
199 ----------------------
202 firmware to encrypt the data at the given memory region.
206 Returns: 0 on success, -negative on error
213                 __u32 len;              /* length of memory region to encrypt */
219 ------------------------
226 Returns: 0 on success, -negative on error
234 …          __u64 guest_uaddr;      /* the guest memory region where the secret should be injected */
237                 __u64 trans_uaddr;      /* the hypervisor memory region which contains the secret */
245 See [white-paper]_, [api-spec]_, [amd-apm]_ and [kvm-forum]_ for more info.
247 .. [white-paper] http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encrypti…
248 .. [api-spec] http://support.amd.com/TechDocs/55766_SEV-KM_API_Specification.pdf
249 .. [amd-apm] http://support.amd.com/TechDocs/24593.pdf (section 15.34)
250 .. [kvm-forum]  http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Mem…