amd-memory-encryption.rst - OpenGrok cross reference for /Documentation/arch/x86/amd-memory-encryption.rst

Lines Matching +full:guest +full:- +full:side
1 .. SPDX-License-Identifier: GPL-2.0
17 of the guest VM are secured so that a decrypted version is available only
18 within the VM itself. SEV guest VMs have the concept of private and shared
19 memory. Private memory is encrypted with the guest-specific key, while shared
36 When SEV is enabled, instruction pages and guest page tables are always treated
37 as private. All the DMA operations inside the guest must be performed on shared
38 memory. Since the memory encryption bit is controlled by the guest OS when it
39 is operating in 64-bit or 32-bit PAE mode, in all other modes the SEV hardware
53 			   system physical addresses, not guest physical
78 	- Supported:
81 	- Enabled:
84 	- Active:
87 	  kernel is non-zero).
102 SEV-SNP introduces new features (SEV_FEATURES[1:63]) which can be enabled
104 guest side implementation to function correctly. The below table lists the
105 expected guest behavior with various possible scenarios of guest/hypervisor
108 +-----------------+---------------+---------------+------------------+
109 | Feature Enabled | Guest needs   | Guest has     | Guest boot       |
114 +-----------------+---------------+---------------+------------------+
117 +-----------------+---------------+---------------+------------------+
120 +-----------------+---------------+---------------+------------------+
123 +-----------------+---------------+---------------+------------------+
126 +-----------------+---------------+---------------+------------------+
129 +-----------------+---------------+---------------+------------------+
136 defines four privilege levels at which guest software can run. The most
142 levels, apart from the guest OS but still within the secure SNP environment.
143 They can provide services to the guest, like a vTPM, for example.
145 When a guest is not running at VMPL0, it needs to communicate with the software
152 with it is documented in "Secure VM Service Module for SEV-SNP Guests", docID:
155 (Latest versions of the above-mentioned documents can be found by using
158   site:amd.com "Secure VM Service Module for SEV-SNP Guests", docID: 58019