Lines Matching refs:guest

50 The SEV guest key management is handled by a separate processor called the AMD
53 encrypting bootstrap code, snapshot, migrating and debugging the guest. For more
71 context. To create the encryption context, user must provide a guest policy,
82                 __u32 policy;           /* guest's policy */
84 …              __u64 dh_uaddr;         /* userspace address pointing to the guest owner's PDH key */
87 …      __u64 session_addr;     /* userspace address which points to the guest session information */
100 of the memory contents that can be sent to the guest owner as an attestation
120 data encrypted by the KVM_SEV_LAUNCH_UPDATE_DATA command. The guest owner may
121 wait to provide the guest with confidential information until it can verify the
122 measurement. Since the guest owner knows the initial contents of the guest at
123 boot, the measurement can be verified by comparing it to what the guest owner
143 issued to make the guest ready for the execution.
151 SEV-enabled guest.
160                 __u32 handle;   /* guest handle */
161                 __u32 policy;   /* guest policy */
162                 __u8 state;     /* guest state (see enum below) */
165 SEV guest state:
171         SEV_STATE_LAUNCHING,    /* guest is currently being launched */
172 …      SEV_STATE_SECRET,       /* guest is being launched and ready to accept the ciphertext data */
173         SEV_STATE_RUNNING,      /* guest is fully launched and running */
174         SEV_STATE_RECEIVING,    /* guest is being migrated in from another SEV machine */
175         SEV_STATE_SENDING       /* guest is getting migrated out to another SEV machine */
196 The command returns an error if the guest policy does not allow debugging.
216 The command returns an error if the guest policy does not allow debugging.
222 data after the measurement has been validated by the guest owner.
234 …          __u64 guest_uaddr;      /* the guest memory region where the secret should be injected */