From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751916AbdJTCem (ORCPT <rfc822;w@1wt.eu>);
        Thu, 19 Oct 2017 22:34:42 -0400
Received: from mail-bl2nam02on0064.outbound.protection.outlook.com ([104.47.38.64]:18752
        "EHLO NAM02-BL2-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1751712AbdJTCei (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 19 Oct 2017 22:34:38 -0400
Authentication-Results: spf=none (sender IP is )
 smtp.mailfrom=brijesh.singh@amd.com; 
From: Brijesh Singh <brijesh.singh@amd.com>
To: kvm@vger.kernel.org
Cc: bp@alien8.de, Brijesh Singh <brijesh.singh@amd.com>,
        Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Paolo Bonzini <pbonzini@redhat.com>,
        =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
        Jonathan Corbet <corbet@lwn.net>, Borislav Petkov <bp@suse.de>,
        Tom Lendacky <thomas.lendacky@amd.com>, x86@kernel.org,
        linux-kernel@vger.kernel.org
Subject: [Part2 PATCH v6 01/38] Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV)
Date: Thu, 19 Oct 2017 21:33:36 -0500
Message-Id: <20171020023413.122280-2-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.9.5
In-Reply-To: <20171020023413.122280-1-brijesh.singh@amd.com>
References: <20171020023413.122280-1-brijesh.singh@amd.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: MWHPR1701CA0020.namprd17.prod.outlook.com (10.172.58.30) To
 SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: ba1780f0-ae44-4f62-3a38-08d5176319e0
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603199);SRVR:SN1PR12MB0157;
X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0157;3:aIjOODvR6qFyzz8SpFsMt8QlLnu/PpWmVIvhpanuFM1slJhhQkuqFptQwVqNlt4stFmY7Eb1ZbeGN92pMQvqZS91eIqiHSHMZNKgrzu5qlupuuvX9ANyB70x5HhtC7zwA52jmXpf4HNZMNd9Gb15tPzqcxlIo5GDXWvv5SDY2pRtHNKgIPxUoyhrigjGGq2BlcyGGFSmf4sKeBBEqDUkTqpklHvriwMvcnUy8jZMAYbUqlmuypLv+0e5OmHVKJhw;25:CheAD7DJ3XjkSloZx+DNOfVAbg+PZi/DrTZHfJ4ysi3gG1bXAamPVwgXd0cgFo7RC9kPqbKgIVJ/S1HvhfI+0VARDYH0vLrsIwerW31/siqk1iUY+n5IdHPOBmCSueWijXGNtNY+GstzspMtfcWsT9YUYq0eOfEWj8SxMOclJAgvNzgHPM6bvWx3mjvui8+VQ3zLOwBUPjuDN77tcPTbGfsnDVxtYNP+/uCq6Oogy91RogmkPzdg0Ofz7AYtS3rPWAU5CHgxvbECGFfhaC6E12fesJQaDwlONBYWo9lJgFZgDaB96Dxm52KCmAnIRlspfzNiHcSghUY6IqiaPMGdqQ==;31:/g8LecCilKo/4wdg/c4rAheOEpvrlFk/A//eQEOZpER3FrQbo5drfJfv3gCRCQcsSyfXPt9NPmGWFkIWxsXuEjykO9ibO3mIaz/0q1XwcK1/sKyd+dCIfBi+NUZi9f/PWckNPnFnAgNWLsGRdYcLGuQu9VKsJzfepN8B2L2zfkvDVoCXHE8qzYncuSNrRK2i3DZ8MaLp3aiEdqtVBWQlg6QYHGSeaxKBGhlZtGM/u/U=
X-MS-TrafficTypeDiagnostic: SN1PR12MB0157:
X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0157;20:9lcuyduD2VgmyXomrjW3mYiCbZWKsgIaphKlMwdenlZUtqR9rcstIBMqV/a9uEG9N9olVy9SrJQG6IUwcDxEfmhylH8oe7EqbfWtzsWNvga5Zvwjm7NzrVY1EYVSa8BUh5iHRqYmPaMlzr9w2koAMfqP2n7fBseWrK/CsoFVxvkYQDPh+Ndx7U8dN+LUVglpD1Kl7Ly+7D5NyFgUcROW00w/u9cOIVN9khKD5V8UqeGeCfh8xm901Ad66VOqGojchXTwVm4feQvmyG8c+zIkVryKFqYbirCOgEMdKOpbCgFfn3W4/DKY6Up7JdKcM+NSza6+hb6RDjW3t9hfXpC9T68yGOnk7KBLfJpwvbZyur9oL8re0xD7l1qP5AkHFykOYEue60nMSgq+BZAFxo5C2XkExkbG8ceAc8Z6V4SnEh3e6Gd7bJVxsJcqPtjVaSKeuAWYQ6YKHxQXMDZ0KUgZGUMhavdxV90RvQsZv754KF9D9L5ktzE8r6wrSnPIplii;4:VJ5iRgAzl1bDRTOd2cSKQEJZz5SaUADKNOvJCe1M3ECeoWVfwbs+J5XOpkjQWGndcnX/eJJ4HR3xQo2mdqmr0S9NeMXZ0s/tVOwiEvk1cturUGvUlw5KmQP162L9o2EGaEHei1ily++RreMqqaz2HgJbAmTAl25qkHxrKcrOKCPdFwpBtH6k7AmUCxQgKBnUtzSgZnM8195VMCNLZSt3QeJwa6IzmAcgHvBhYlwqsJSq281Ig2Crun8z86da5dmqAalL/edum/WGfosgMBSetjIRl4EEH4lz2mBtrAmHuKSzPuWddfUjOYfn18KxnDaKtvdLU8/3OO0kIFm9XAKVPCGKDdncYsLa/riMtSiSKMY=
X-Exchange-Antispam-Report-Test: UriScan:(20558992708506)(9452136761055)(767451399110);
X-Microsoft-Antispam-PRVS: <SN1PR12MB01578A7FBC3753F674E77D69E5430@SN1PR12MB0157.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231020)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123555025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:SN1PR12MB0157;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:SN1PR12MB0157;
X-Forefront-PRVS: 0466CA5A45
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(346002)(376002)(39860400002)(199003)(189002)(36756003)(7736002)(68736007)(50466002)(1076002)(478600001)(4326008)(16526018)(316002)(53936002)(6486002)(86362001)(305945005)(53416004)(54906003)(50226002)(2351001)(106356001)(101416001)(81166006)(105586002)(8676002)(2361001)(76176999)(2870700001)(2906002)(50986999)(6916009)(23676002)(66066001)(47776003)(97736004)(6116002)(2950100002)(189998001)(8936002)(3846002)(33646002)(81156014)(7416002)(5660300001)(25786009)(19627235001);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB0157;H:ubuntu-010236106000.amd.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en;
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTU3OzIzOk1meTRRYSsydmFnd1FmUW1LWW1POU9KQkJ1?=
 =?utf-8?B?OUd0ckh2SXAxU2ROS2IwVHA2c3Y3ZVdnaVpncHNSeTlxNTNqSGljZU9ET3RY?=
 =?utf-8?B?QnRUQTgvTnBOSUsvYWZQWmhsM01GTVFIR3dBc2htRjNJbSsyaUJWZTVpMUth?=
 =?utf-8?B?WWs2dlprTG1yNzFTQ01wNXc2enFFY0FWU3p2bVNCRHR2bU91UkRmVk5EdTRS?=
 =?utf-8?B?RTVLSUVxYlBYV1FoNkNHZGlkMXQzTFNQL1NHYStHNmkwUHVvbmNSWEEyNVBM?=
 =?utf-8?B?dTNTQWhKWVZ3V0xQcml5YkkwUEszdlBqS0QzT3RyYVVCcHZIaDFXTmhRbDhN?=
 =?utf-8?B?ZnhITDRrWUVHSW5Ybi90ZUFzcDR6M2xBRlN1SytBYklKenVFVFhPQmlRbFMx?=
 =?utf-8?B?Q0VHWnpycjB0V3ZxNUdWcjhrbThtRHgxU3pDSElOQVZUVU9IYlcxazZUVDF1?=
 =?utf-8?B?OXJQN1JhWmh0TFBvSjhsNGo4dFBHWHhtNGpwandLT3Y0Nnc0Q3pIMjZVUmNJ?=
 =?utf-8?B?QjlSelk0NVY5R3VyWXVrMDdzeXVUc29wRUx1RUlKV2x1MkZqWncyQzJjYzBN?=
 =?utf-8?B?cjFTWm5tM0VDeHg1M2dNOGNhWXVkcXJqVUFRK0pxK01QZGJ5cVFpTTJSUzIx?=
 =?utf-8?B?SFI4TkFCNGpvdmpUSVN2c29menR3UmdQNWkvRnM0cnM0LzhRS09JWmFsWklF?=
 =?utf-8?B?UFZ6Z2I5T0lRYnhBS3pRN1gwSHZsVUc4V3RlQXFqSks1UlJReEVwbUJnTXFD?=
 =?utf-8?B?WEdOaVU0a2RRV1VGbVhJMm5SN2RPaFdxSFZhWkh5ZnJ1R01RS0xEUDhnRkRK?=
 =?utf-8?B?Y1J0bkVtQjFhZUZqQ2gwR1RaMEpLeU9ic0wvYnpuS3lidVNxd2RrZGF4UmYz?=
 =?utf-8?B?QUwxUE9SR0VHVjRyR0RzOUZHREsxOUdocjRaK0xpcXlnK1R3ZzNWYWxGUFp2?=
 =?utf-8?B?eVYxTHpvMUprOUd6cFB3MzVJQlZxb3lKN25VYWJ1U0szMnhhUEFHd0NCalZz?=
 =?utf-8?B?UlE2aStXYnR5djJWUjJ5VWJBaDBlNHd0SHlZbUlySTU2eGpYWjZNSER5bTlX?=
 =?utf-8?B?bi84Z09WZVhuY1ZYZmllc3ZkWFBvRHJ0Vm5ZRlFzT29mTW1kVUJRczFzblNK?=
 =?utf-8?B?bHVyQU1tN2ZUdDlLeDNWVHB4MEpIMDBxNlRCWGZYeG9YZXU1ZFdmaGFQcGo4?=
 =?utf-8?B?YmZMSHlBSlRvZW0zWUE1UjZWNDIyTGpkQjIwWkN6UFF1aG9sMFZDUkpUNXJq?=
 =?utf-8?B?NExGWitRUGJtdkVyUW02RWUwc2RrTW5xbzZTK1JacENXeitXQnJFc0VGcXI5?=
 =?utf-8?B?N0RwZXdWblpML0NmclNJYURTSmNBVFJuZE4xcjJreGZMZU4wVFZ3M1RteDhk?=
 =?utf-8?B?VDEwOG5SRU5PdnM5cTY3SW1UNjVqMittN1QxVHQ3MEF0bFlpR0tMK3cwSmp0?=
 =?utf-8?B?Z1hTdWtSdU9maXFMNnd0OUhGTlRIaFRWdzIvMTUvRzQ5b3FZS215d1kvUGNN?=
 =?utf-8?Q?ZogTk4qCU5ym2vmh2VXwRlH9kw+nBLeDgeDtJABnPesZmD?=
X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0157;6:8truZ532Lwv4ZPltJ6kVAZhAnMwguqB8Z5XKs9M8bidy+YUWCd+M8aU/Yb3hrP2paMFYjLTuYBSie2GeNqEec8YnUTtenJtCm8oWEncBHiHYbjoRfpZ4T7M8rei3oX+tkDZw+n1Ccc7Vf8Sj4yG6mRriX2v9GeAFas7viy6gV8fzzsLdVd5nFScPFN5wutSK8N3AjbS+N47ETb3EAFkAPSNU/ZJdzNS6PMnMlHiR8IQTadsfg2y05tHdQo2hyTnAqIiTh7WjpAKvlCpIFm6fjgSPfS9b29n5XX71yHbYpO/vKhiBQo3IeUq5v3K4Z9wPSs/EdfDBxSGg9xLXe6tsTg==;5:lyGtK89XS5z5XfEQ3+ab8EbEMzA4WZjpdsrwacOM3/u4ef2X1gxMhN0QxwqY2Z/bFnM8fbT8e5ByVLzOOgkfOGrQoV8+X3xSxTeNHF9iAiKlrpw+tHLiTQSu3BuC0oC/7Gwn+7MVSNhIlHqkKe4rXA==;24:trwdk8aqZRU0oLUlJFV5UgTpd1dM8x1JDG1KTkiyeCEbsDX4YuCR5LT1rCN54eq9anmnUNpUq3AMrngafq507ZyZyp9QKKWByIrnJTuiUX8=;7:QKvJGIr6K9HwuVydKwpb1gHg9skdtHoPysJPhLOgGndWf9cw5vkAnvfN6XbPblnOJ07pNO6o95rHjQJLin2ZKS6kkhn3je2Wt+J5R5fFLHp5NEmNBHi/B90Rcr0k/GlEARZmQ35QVgw0BGtELOlBQaQm5El8Cn8SWuKslLMXTQ1aDLgUmiN5l1x8+Xjlbjy81VN2TZUEwHcSCSZFD0gbxyr6CTslMNEWS68l1jYacMc=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0157;20:AqMiIzet1pznhS1GcMJPYFBz0RJ4/xpykcpowDH1f4KY2TxwDGLpOJQcf5ZpPdfBp0fj7kB1zapcBfX1YmusRiUIOagHw4J6SR6sUjdzuBAZZQMzLfIz9QzbtLpn0Sj3gZWFf/Mgn35Hyo9exh7TIdObLLPu9xUDGxr+Le2mGTDFgUmN6PpsrQNvKmBFL2iFSE5UsPdIZqI1JpC2W4ElGJZ4ChU50yFbrcsawVshC09FCaA889rh1Cwm2XK3WKUN
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Oct 2017 02:34:32.9088 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ba1780f0-ae44-4f62-3a38-08d5176319e0
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0157
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Create a Documentation entry to describe the AMD Secure Encrypted
Virtualization (SEV) feature.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Borislav Petkov <bp@suse.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: kvm@vger.kernel.org
Cc: x86@kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Borislav Petkov <bp@suse.de>
---
 Documentation/virtual/kvm/00-INDEX                 |  3 ++
 .../virtual/kvm/amd-memory-encryption.txt          | 38 ++++++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 Documentation/virtual/kvm/amd-memory-encryption.txt

diff --git a/Documentation/virtual/kvm/00-INDEX b/Documentation/virtual/kvm/00-INDEX
index 69fe1a8b7ad1..3da73aabff5a 100644
--- a/Documentation/virtual/kvm/00-INDEX
+++ b/Documentation/virtual/kvm/00-INDEX
@@ -26,3 +26,6 @@ s390-diag.txt
 	- Diagnose hypercall description (for IBM S/390)
 timekeeping.txt
 	- timekeeping virtualization for x86-based architectures.
+amd-memory-encryption.txt
+	- notes on AMD Secure Encrypted Virtualization feature and SEV firmware
+	  command description
diff --git a/Documentation/virtual/kvm/amd-memory-encryption.txt b/Documentation/virtual/kvm/amd-memory-encryption.txt
new file mode 100644
index 000000000000..26472b4cdbaf
--- /dev/null
+++ b/Documentation/virtual/kvm/amd-memory-encryption.txt
@@ -0,0 +1,38 @@
+Secure Encrypted Virtualization (SEV) is a feature found on AMD processors.
+
+SEV is an extension to the AMD-V architecture which supports running
+virtual machines (VMs) under the control of a hypervisor. When enabled,
+the memory contents of a VM will be transparently encrypted with a key
+unique to that VM.
+
+The hypervisor can determine the SEV support through the CPUID
+instruction. The CPUID function 0x8000001f reports information related
+to SEV:
+
+	0x8000001f[eax]:
+			Bit[1] 	indicates support for SEV
+	    ...
+		  [ecx]:
+			Bits[31:0]  Number of encrypted guests supported simultaneously
+
+If support for SEV is present, MSR 0xc001_0010 (MSR_K8_SYSCFG) and MSR 0xc001_0015
+(MSR_K7_HWCR) can be used to determine if it can be enabled:
+
+	0xc001_0010:
+		Bit[23]	   1 = memory encryption can be enabled
+			   0 = memory encryption can not be enabled
+
+	0xc001_0015:
+		Bit[0]	   1 = memory encryption can be enabled
+			   0 = memory encryption can not be enabled
+
+When SEV support is available, it can be enabled in a specific VM by
+setting the SEV bit before executing VMRUN.
+
+	VMCB[0x90]:
+		Bit[1]	    1 = SEV is enabled
+			    0 = SEV is disabled
+
+SEV hardware uses ASIDs to associate a memory encryption key with a VM.
+Hence, the ASID for the SEV-enabled guests must be from 1 to a maximum value
+defined in the CPUID 0x8000001f[ecx] field.
-- 
2.9.5