From: Paolo Bonzini <pbonzini@redhat.com>
To: "Christoph Hellwig" <hch@infradead.org>, "Jörg Rödel" <joro@8bytes.org>
Cc: coconut-svsm@lists.linux.dev, linux-coco@lists.linux.dev,
kvm@vger.kernel.org, qemu-devel@nongnu.org,
Sean Christopherson <seanjc@google.com>,
Thomas.Lendacky@amd.com, huibo.wang@amd.com,
pankaj.gupta@amd.com
Subject: Re: KVM Planes with SVSM on Linux v6.17
Date: Thu, 23 Oct 2025 19:09:58 +0200 [thread overview]
Message-ID: <8901c04b-6fb8-4964-a8dc-5a871d026a70@redhat.com> (raw)
In-Reply-To: <aPpE8emZ9n4N7S-T@infradead.org>
On 10/23/25 17:08, Christoph Hellwig wrote:
> On Wed, Oct 22, 2025 at 10:35:28AM +0200, Jörg Rödel wrote:
>> Hi all,
>>
>> This morning I pushed out my current Linux and QEMU branches which support
>> running COCONUT-SVSM on AMD SEV-SNP based on kernel v6.17 and the original KVM
>> Planes patch-set from Paolo.
>
> Can you explain what this alphabet-soup even means?
With pleasure :)
- SEV-SNP: virtualization feature to encrypt VM memory (SEV) and also
protect from attacks from the hypervisor (SNP), by matching the
hypervisor's page tables against a reverse page mapping (from host
physical to guest physical address) maintained by processor firmware in
collaboration with the guest
- VMPL (bonus): SNP feature to create privilege levels within a single
VM, for example to manage persistent secrets. The firmware at VMPL0 can
hold secrets that even the guest OS at VMPL1+ cannot access.
- KVM planes: KVM feature to create privilege levels within a single
VM, including VMPLs
- SVSM (Secure VM Service Module): privileged firmware running at VMPL0
- COCONUT-SVSM: one implementation of SVSM
Paolo
prev parent reply other threads:[~2025-10-23 17:10 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-22 8:35 KVM Planes with SVSM on Linux v6.17 Jörg Rödel
2025-10-23 15:08 ` Christoph Hellwig
2025-10-23 17:09 ` Paolo Bonzini [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8901c04b-6fb8-4964-a8dc-5a871d026a70@redhat.com \
--to=pbonzini@redhat.com \
--cc=Thomas.Lendacky@amd.com \
--cc=coconut-svsm@lists.linux.dev \
--cc=hch@infradead.org \
--cc=huibo.wang@amd.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=pankaj.gupta@amd.com \
--cc=qemu-devel@nongnu.org \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).