diff for duplicates of <cover.1712759753.git.andrei.semenov@vates.fr> diff --git a/a/1.txt b/N1/1.txt index 204a074..1f8f8c1 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,4 +1,32 @@ -///HERE YOU GO +This patch series initiate work on AMD SEV technology implementation in Xen. +SEV stands for "Secure Encrypted Virtualization" and allows the memory contents +of a VM to be encrypted with a key unique to this VM. In this way the neither +other VMs nor hypervisor can't read the memory content of this "encrypted" +VM. + +In order to create and to run such a VM different layers of software must +interact (bascally Xen hypevisor, Xen toolstack in dom0 and the encrypted VM +itself). + +In this work we start with discovering and enabling SEV feature on the platform. +The second patch ports AMD Secure Processor driver on Xen. This AMD Secure +Processor device (a.k.a PSP) is the way the different software layers interact +with AMD firmware/hardware to manage and run the encrypted VM. + +Actually there's two modes of functionning of the ASP driver. The "polling" mode +and the "interrupt" mode. The interrupt mode raises some questions about how we +put the client thread to sleep (wait for interrupt). The actual way, based on +waitqueue, have two major inconvinients. + +- compatibility with Intel Control-flow Enfocement (shadow stack) +- requests serialization (locking) + +So, actually if CET is enabled on the platform all requests will be done by the +driver in "polling" mode. As with requests serialization, the "interrupt" mode +actually assumes the serialization is done by the driver client. + +Obviously, I hope there wll be discussions with the community on these 2 +inconvienients to find out more efficient solutions. Andrei Semenov (2): Implemented AMD SEV discovery and enabling. diff --git a/a/content_digest b/N1/content_digest index 07975d7..4e4854a 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,6 +1,6 @@ "From\0Andrei Semenov <andrei.semenov@vates.fr>\0" - "Subject\0[PATCH v1 0/2] AMD SEV initial work\0" - "Date\0Wed, 10 Apr 2024 17:36:35 +0200\0" + "Subject\0[PATCH v1 0/2] Starting AMD SEV work\0" + "Date\0Wed, 10 Apr 2024 17:36:34 +0200\0" "To\0xen-devel@lists.xenproject.org\0" "Cc\0Andrei Semenov <andrei.semenov@vates.fr>" Jan Beulich <jbeulich@suse.com> @@ -11,7 +11,35 @@ " Stefano Stabellini <sstabellini@kernel.org>\0" "\00:1\0" "b\0" - "///HERE YOU GO\n" + "This patch series initiate work on AMD SEV technology implementation in Xen.\n" + "SEV stands for \"Secure Encrypted Virtualization\" and allows the memory contents\n" + "of a VM to be encrypted with a key unique to this VM. In this way the neither\n" + "other VMs nor hypervisor can't read the memory content of this \"encrypted\"\n" + "VM.\n" + "\n" + "In order to create and to run such a VM different layers of software must\n" + "interact (bascally Xen hypevisor, Xen toolstack in dom0 and the encrypted VM\n" + "itself).\n" + "\n" + "In this work we start with discovering and enabling SEV feature on the platform.\n" + "The second patch ports AMD Secure Processor driver on Xen. This AMD Secure\n" + "Processor device (a.k.a PSP) is the way the different software layers interact\n" + "with AMD firmware/hardware to manage and run the encrypted VM.\n" + "\n" + "Actually there's two modes of functionning of the ASP driver. The \"polling\" mode\n" + "and the \"interrupt\" mode. The interrupt mode raises some questions about how we\n" + "put the client thread to sleep (wait for interrupt). The actual way, based on\n" + "waitqueue, have two major inconvinients.\n" + "\n" + "- compatibility with Intel Control-flow Enfocement (shadow stack)\n" + "- requests serialization (locking)\n" + "\n" + "So, actually if CET is enabled on the platform all requests will be done by the\n" + "driver in \"polling\" mode. As with requests serialization, the \"interrupt\" mode\n" + "actually assumes the serialization is done by the driver client.\n" + "\n" + "Obviously, I hope there wll be discussions with the community on these 2\n" + "inconvienients to find out more efficient solutions.\n" "\n" "Andrei Semenov (2):\n" " Implemented AMD SEV discovery and enabling.\n" @@ -42,4 +70,4 @@ "-- \n" 2.35.3 -5d8e25a436cf650a2f0ac33e370a35319b481acacb983ea6fc6639017ff67ee5 +7924b6ac35f5fa3c2912c2a27e6bedafce85ae983af3b949e9394e0d3b06c6e7
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.