On 04/10/21 22:49, Zixuan Wang wrote:
From: Zixuan Wang <zixuanwang@xxxxxxxxxx> AMD Secure Encrypted Virtualization (SEV) is a hardware accelerated memory encryption feature that protects guest VMs from host attacks. This commit provides set up code and a test case for AMD SEV. The set up code checks if SEV is supported and enabled, and then sets SEV c-bit for each page table entry. Co-developed-by: Hyunwook (Wooky) Baek <baekhw@xxxxxxxxxx> Signed-off-by: Hyunwook (Wooky) Baek <baekhw@xxxxxxxxxx> Signed-off-by: Zixuan Wang <zixuanwang@xxxxxxxxxx>
Whee, it works! qemu/qemu/build/qemu-system-x86_64 \ -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x7 \ -machine q35,memory-encryption=sev0 --no-reboot -nodefaults \ -device pc-testdev -device isa-debug-exit,iobase=0xf4,iosize=0x4 \ -vnc none -serial stdio -device pci-testdev -machine accel=kvm \ -drive file=/usr/share/edk2/ovmf/OVMF_CODE.cc.fd,format=raw,if=pflash \ -drive file.dir=efi-tests/amd_sev/,file.driver=vvfat,file.rw=on,format=raw,if=virtio \ -net none -nographic -smp 1 -m 256 --cpu EPYC-Rome So the "magic" flags are -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x3 -machine memory-encryption=sev0 Paolo
