amd-memory-encryption.rst - OpenGrok cross reference for /Documentation/arch/x86/amd-memory-encryption.rst

Lines Matching +full:activate +full:- +full:to +full:- +full:activate
1 .. SPDX-License-Identifier: GPL-2.0
10 SME provides the ability to mark individual pages of memory as encrypted using
12 automatically decrypted when read from DRAM and encrypted when written to
13 DRAM.  SME can therefore be used to protect the contents of DRAM from physical
19 memory. Private memory is encrypted with the guest-specific key, while shared
24 below on how to determine its position).  The encryption bit can also be
25 specified in the cr3 register, allowing the PGD table to be encrypted. Each
27 bit in the page table entry that points to the next table. This allows the full
28 page table hierarchy to be encrypted. Note, this means that just because the
30 Each page table entry in the hierarchy needs to have the encryption bit set to
33 for a PUD which results in the PUD pointed to by that entry to not be
39 is operating in 64-bit or 32-bit PAE mode, in all other modes the SEV hardware
40 forces the memory encryption bit to 1.
43 CPUID function 0x8000001f reports information related to SME::
49 		Bits[5:0]  pagetable bit number used to activate memory
56 If support for SME is present, MSR 0xc00100010 (MSR_AMD64_SYSCFG) can be used to
57 determine if SME is enabled and/or to enable memory encryption::
63 If SEV is supported, MSR 0xc0010131 (MSR_AMD64_SEV) can be used to determine if
70 Linux relies on BIOS to set this bit if BIOS has determined that the reduction
78 	- Supported:
81 	- Enabled:
84 	- Active:
86 	  the encryption bit to page table entries (the SME mask in the
87 	  kernel is non-zero).
91 will not be necessary to activate the Linux memory encryption support.
96 will not be able to activate memory encryption, even if configured to do
102 SEV-SNP introduces new features (SEV_FEATURES[1:63]) which can be enabled
104 guest side implementation to function correctly. The below table lists the
108 +-----------------+---------------+---------------+------------------+
114 +-----------------+---------------+---------------+------------------+
117 +-----------------+---------------+---------------+------------------+
120 +-----------------+---------------+---------------+------------------+
123 +-----------------+---------------+---------------+------------------+
126 +-----------------+---------------+---------------+------------------+
129 +-----------------+---------------+---------------+------------------+
143 They can provide services to the guest, like a vTPM, for example.
145 When a guest is not running at VMPL0, it needs to communicate with the software
146 running at VMPL0 to perform privileged operations or to interact with secure
148 *required* to be executed at VMPL0.
151 Service Module (SVSM). Discovery of an SVSM and the API used to communicate
152 with it is documented in "Secure VM Service Module for SEV-SNP Guests", docID:
155 (Latest versions of the above-mentioned documents can be found by using
158   site:amd.com "Secure VM Service Module for SEV-SNP Guests", docID: 58019