amd-memory-encryption.rst - OpenGrok cross reference for /Linux-v6.1/Documentation/virt/kvm/x86/amd-memory-encryption.rst

Lines Matching full:guest
52 The SEV guest key management is handled by a separate processor called the AMD
55 encrypting bootstrap code, snapshot, migrating and debugging the guest. For more
101 context. To create the encryption context, user must provide a guest policy,
112                 __u32 policy;           /* guest's policy */
114 …              __u64 dh_uaddr;         /* userspace address pointing to the guest owner's PDH key */
117 …      __u64 session_addr;     /* userspace address which points to the guest session information */
132 of the memory contents that can be sent to the guest owner as an attestation
152 data encrypted by the KVM_SEV_LAUNCH_UPDATE_DATA command. The guest owner may
153 wait to provide the guest with confidential information until it can verify the
154 measurement. Since the guest owner knows the initial contents of the guest at
155 boot, the measurement can be verified by comparing it to what the guest owner
178 issued to make the guest ready for the execution.
186 SEV-enabled guest.
195                 __u32 handle;   /* guest handle */
196                 __u32 policy;   /* guest policy */
197                 __u8 state;     /* guest state (see enum below) */
200 SEV guest state:
206         SEV_STATE_LAUNCHING,    /* guest is currently being launched */
207 …      SEV_STATE_SECRET,       /* guest is being launched and ready to accept the ciphertext data */
208         SEV_STATE_RUNNING,      /* guest is fully launched and running */
209         SEV_STATE_RECEIVING,    /* guest is being migrated in from another SEV machine */
210         SEV_STATE_SENDING       /* guest is getting migrated out to another SEV machine */
231 The command returns an error if the guest policy does not allow debugging.
251 The command returns an error if the guest policy does not allow debugging.
257 data after the measurement has been validated by the guest owner.
269 …          __u64 guest_uaddr;      /* the guest memory region where the secret should be injected */
280 report containing the SHA-256 digest of the guest memory and VMSA passed through the KVM_SEV_LAUNCH
282 used by the guest owner with the KVM_SEV_LAUNCH_MEASURE.
304 outgoing guest encryption context.
306 If session_len is zero on entry, the length of the guest session information is
316                 __u32 policy;                 /* guest policy */
327                 __u64 session_uaddr;          /* Guest session information */
335 outgoing guest memory region with the encryption context creating using
380 context for an incoming SEV guest. To create the encryption context, the user must
381 provide a guest policy, the platform public Diffie-Hellman (PDH) key and session
392                 __u32 policy;           /* guest's policy */
397 …      __u64 session_uaddr;    /* userspace address which points to the guest session information */
409 the incoming buffers into the guest memory region with encryption context
422                 __u64 guest_uaddr;      /* the destination guest memory region */
433 issued by the hypervisor to make the guest ready for execution.