• Paolo Bonzini's avatar
    KVM: SEV: introduce KVM_SEV_INIT2 operation · 4f5defae
    Paolo Bonzini authored
    The idea that no parameter would ever be necessary when enabling SEV or
    SEV-ES for a VM was decidedly optimistic.  In fact, in some sense it's
    already a parameter whether SEV or SEV-ES is desired.  Another possible
    source of variability is the desired set of VMSA features, as that affects
    the measurement of the VM's initial state and cannot be changed
    arbitrarily by the hypervisor.
    
    Create a new sub-operation for KVM_MEMORY_ENCRYPT_OP that can take a struct,
    and put the new op to work by including the VMSA features as a field of the
    struct.  The existing KVM_SEV_INIT and KVM_SEV_ES_INIT use the full set of
    supported VMSA features for backwards compatibility.
    
    The struct also includes the usual bells and whistles for future
    extensibility: a flags field that must be zero for now, and some padding
    at the end.
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    Message-ID: <20240404121327.3107131-13-pbonzini@redhat.com>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    4f5defae
amd-memory-encryption.rst 16.9 KB