Re: [PATCH v11 00/20] Add Secure TSC support for SNP guests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 7/31/2024 8:37 PM, Nikunj A Dadhania wrote:
> This patchset is also available at:
> 
>   https://github.com/AMDESE/linux-kvm/tree/sectsc-guest-latest
> 
> and is based on v6.11-rc1
> 
> Overview
> --------
> 
> Secure TSC allows guests to securely use RDTSC/RDTSCP instructions as the
> parameters being used cannot be changed by hypervisor once the guest is
> launched. More details in the AMD64 APM Vol 2, Section "Secure TSC".
> 
> In order to enable secure TSC, SEV-SNP guests need to send TSC_INFO guest
> message before the APs are booted. Details from the TSC_INFO response will
> then be used to program the VMSA before the APs are brought up. See "SEV
> Secure Nested Paging Firmware ABI Specification" document (currently at
> https://www.amd.com/system/files/TechDocs/56860.pdf) section "TSC Info"
> 
> SEV-guest driver has the implementation for guest and AMD Security
> Processor communication. As the TSC_INFO needs to be initialized during
> early boot before APs are started, move the guest messaging code from
> sev-guest driver to sev/core.c and provide well defined APIs to the
> sev-guest driver.
> 
> Patches:
> 01-04: sev-guest driver cleanup and enhancements
>    05: Use AES GCM library
> 06-07: SNP init error handling and cache secrets page address
> 08-10: Preparatory patches for code movement
> 11-12: Patches moving SNP guest messaging code from SEV guest driver to
>        SEV common code
> 13-20: SecureTSC enablement patches.
> 
> Testing SecureTSC
> -----------------
> 
> SecureTSC hypervisor patches based on top of SEV-SNP Guest MEMFD series:
> https://github.com/AMDESE/linux-kvm/tree/sectsc-host-latest
> 
> QEMU changes:
> https://github.com/nikunjad/qemu/tree/snp-securetsc-latest
> 
> QEMU commandline SEV-SNP with SecureTSC:
> 
>   qemu-system-x86_64 -cpu EPYC-Milan-v2 -smp 4 \
>     -object memory-backend-memfd,id=ram1,size=1G,share=true,prealloc=false,reserve=false \
>     -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,secure-tsc=on \
>     -machine q35,confidential-guest-support=sev0,memory-backend=ram1 \
>     ...
> 
> Changelog:
> ----------
> v11:
> * Rebased on top of v6.11-rc1
> * Added Acked-by/Reviewed-by
> * Moved SEV Guest driver cleanups in the beginning of the series
> * Commit message updates
> * Enforced PAGE_SIZE constraints for snp_guest_msg
> * After offline discussion with Boris, redesigned and exported
>   SEV guest messaging APIs to sev-guest driver
> * Dropped VMPCK rework patches
> * Make sure movement of SEV core routines does not break the SEV Guest
>   driver midway of the series.
> 

A gentle reminder.

Regards
Nikunj




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux