On 16/01/21 01:25, Sean Christopherson wrote:
@@ -1527,12 +1527,14 @@ config AMD_MEM_ENCRYPT
select DYNAMIC_PHYSICAL_MASK
select ARCH_USE_MEMREMAP_PROT
select ARCH_HAS_FORCE_DMA_UNENCRYPTED
- select INSTRUCTION_DECODER
help
Say yes to enable support for the encryption of system memory.
This requires an AMD processor that supports Secure Memory
Encryption (SME).
+ This also enables support for running as a Secure Encrypted
+ Virtualization (SEV) guest.
+
config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
bool "Activate AMD Secure Memory Encryption (SME) by default"
default y
@@ -1547,6 +1549,15 @@ config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
If set to N, then the encryption of system memory can be
activated with the mem_encrypt=on command line option.
+config AMD_SEV_ES_GUEST
+ bool "AMD Secure Encrypted Virtualization - Encrypted State (SEV-ES) Guest support"
+ depends on AMD_MEM_ENCRYPT
+ select INSTRUCTION_DECODER
+ help
+ Enable support for running as a Secure Encrypted Virtualization -
+ Encrypted State (SEV-ES) Guest. This enables SEV-ES boot protocol
+ changes, #VC handling, SEV-ES specific hypercalls, etc...
+
Queued, thanks.
Paolo