Lines Matching +full:non +full:- +full:secure
1 .. SPDX-License-Identifier: GPL-2.0
15 POWER 9 that enables Secure Virtual Machines (SVMs). DD2.3 chips
16 (PVR=0x004e1203) or greater will be PEF-capable. A new ISA release
25 +------------------+
29 +------------------+
31 +------------------+
33 +------------------+
35 +------------------+
56 process is running in secure mode, MSR(S) bit 41. MSR(S)=1, process
57 is in secure mode, MSR(s)=0 process is in normal mode.
63 the VM it is returning to is secure.
73 **Secure Mode MSR Settings**
75 +---+---+---+---------------+
79 +---+---+---+---------------+
81 +---+---+---+---------------+
83 +---+---+---+---------------+
85 +---+---+---+---------------+
89 +---+---+---+---------------+
93 +---+---+---+---------------+
95 +---+---+---+---------------+
97 +---+---+---+---------------+
99 +---+---+---+---------------+
101 * Memory is partitioned into secure and normal memory. Only processes
102 that are running in secure mode can access secure memory.
104 * The hardware does not allow anything that is not running secure to
105 access secure memory. This means that the Hypervisor cannot access
110 * I/O systems are not allowed to directly address secure memory. This
117 * When a process is running in secure mode all hypercalls
120 * When a process is in secure mode all interrupts go to the
131 If SMFCTRL(D) is not set they do not work in secure mode. When set,
135 * PTCR and partition table entries (partition table is in secure
139 * LDBAR (LD Base Address Register) and IMC (In-Memory Collection)
140 non-architected registers. An attempt to write to them will cause a
156 (Enter Secure Mode), to make the transition.
159 secure memory, decrypts the verification information, and checks the
161 passes control in secure mode.
182 * The movement of data between normal and secure pages is coordinated
183 with the Ultravisor by a new HMM plug-in in the Hypervisor.
203 * Secure memory: Memory that is accessible only to Ultravisor and
206 * Secure page: Page backed by secure memory and only available to
209 * SVM: Secure Virtual Machine.
219 support Secure Virtual Machines (SVM)s and Paravirtualized KVM. The
222 be accessed when running in Ultravisor-privileged mode.
237 parameter-position based code. i.e U_PARAMETER, U_P2, U_P3 etc
241 and Hypervisor. Secure pages that are transferred from secure memory
243 When the secure pages are transferred back to secure memory, they may
267 -----------
269 Encrypt and move the contents of a page from secure memory to normal
275 .. code-block:: c
280 uint64_t src_gpa, /* source guest-physical-address */
296 * U_BUSY if page cannot be currently paged-out.
301 Encrypt the contents of a secure-page and make it available to
304 By default, the source page is unmapped from the SVM's partition-
321 #. When Ultravisor runs low on secure memory and it needs to page-out
325 and the Ultravisor will encrypt and move the contents of the secure
334 ----------
336 Move the contents of a page from normal memory to secure memory.
341 .. code-block:: c
356 * U_BUSY if page cannot be currently paged-in.
368 memory to secure memory and map it to the guest physical address
372 partition-scoped page-table of the SVM. If `dest_gpa` is not shared,
373 copy the contents of the page into the corresponding secure page.
389 #. When a normal VM switches to secure mode, all its pages residing
390 in normal memory, are moved into secure memory.
395 #. When an SVM accesses a secure page that has been paged-out,
401 -------------
408 .. code-block:: c
412 uint64_t guest_pa, /* destination guest-physical-address */
422 * U_P2 if ``guest_pa`` is invalid (or corresponds to a secure
434 ``guest_pa`` corresponds to a secure page, Ultravisor will ignore the
441 because it is paged-out to disk, Ultravisor needs to know that the
446 -------------
454 .. code-block:: c
473 of a secure virtual machine or if called from a
479 Validate and write a LPID and its partition-table-entry for the given
486 #. The Partition table resides in Secure memory and its entries,
487 called PATE (Partition Table Entries), point to the partition-
489 virtual machines (both secure and normal). The Hypervisor
490 operates in partition 0 and its partition-scoped page tables
493 #. This ultracall allows the Hypervisor to register the partition-
494 scoped and process-scoped page table entries for the Hypervisor
507 ---------
516 .. code-block:: c
536 * Non-volatile registers are restored to their original values.
556 --------------------
558 Register an SVM address-range with specified properties.
563 .. code-block:: c
597 #. When a virtual machine goes secure, all the memory slots managed by
598 the Hypervisor move into secure memory. The Hypervisor iterates
603 #. When new memory is hot-plugged, a new memory slot gets registered.
607 ----------------------
609 Unregister an SVM address-range that was previously registered using
615 .. code-block:: c
641 #. Memory hot-remove.
645 ----------------
652 .. code-block:: c
665 * U_INVALID if VM is not secure.
683 -------------
690 .. code-block:: c
703 * U_INVALID if the VM is not secure.
714 If the address is already backed by a secure page, unmap the page and
724 secure pages. Hence an SVM must explicitly request Ultravisor for
732 ---------------
739 .. code-block:: c
752 * U_INVALID if VM is not secure.
764 and back it with a secure page. Inform the Hypervisor to release
766 yet, mark the PTE as secure and back it with a secure page when that
767 address is accessed. If it is already backed by an secure page zero
777 --------------------
784 .. code-block:: c
795 * U_INVAL if VM is not secure.
814 ------
816 Secure the virtual machine (*enter secure mode*).
821 .. code-block:: c
832 * U_SUCCESS on success (including if VM is already secure).
834 * U_INVALID if VM is not secure.
844 Secure the virtual machine. On successful completion, return
851 #. A normal virtual machine can choose to switch to a secure mode.
881 ----------------
888 .. code-block:: c
898 * H_STATE if the VM is not in a position to switch to secure.
906 pages from normal to secure memory etc. When the process is
913 has initiated the process of switching to secure mode.
917 ---------------
924 .. code-block:: c
938 transition the VM to Secure VM.
955 ----------------
962 .. code-block:: c
976 * H_STATE if called after a VM has gone secure (i.e
989 On entry into this hypercall the non-volatile GPRs and FPRs are
997 out pages that were paged-into secure memory, and issue the
1015 -------------
1017 Move the contents of a page from normal memory to secure memory.
1022 .. code-block:: c
1025 uint64_t guest_pa, /* guest-physical-address */
1058 #. When a normal VM becomes a secure VM (using the UV_ESM ultracall),
1060 the VM from normal memory to secure memory.
1065 #. Ultravisor uses this hypercall to page-in a paged-out page. This
1066 can happen when the SVM touches a paged-out page.
1074 ---------------
1081 .. code-block:: c
1084 uint64_t guest_pa, /* guest-physical-address */
1110 #. If Ultravisor is running low on secure pages, it can move the
1111 contents of some secure pages, into normal pages using this
1117 - `Supporting Protected Computing on IBM Power Architecture <https://developer.ibm.com/articles/l-s…