On 7/31/2024 8:37 PM, Nikunj A Dadhania wrote: > This patchset is also available at: > > https://github.com/AMDESE/linux-kvm/tree/sectsc-guest-latest > > and is based on v6.11-rc1 > > Overview > -------- > > Secure TSC allows guests to securely use RDTSC/RDTSCP instructions as the > parameters being used cannot be changed by hypervisor once the guest is > launched. More details in the AMD64 APM Vol 2, Section "Secure TSC". > > In order to enable secure TSC, SEV-SNP guests need to send TSC_INFO guest > message before the APs are booted. Details from the TSC_INFO response will > then be used to program the VMSA before the APs are brought up. See "SEV > Secure Nested Paging Firmware ABI Specification" document (currently at > https://www.amd.com/system/files/TechDocs/56860.pdf) section "TSC Info" > > SEV-guest driver has the implementation for guest and AMD Security > Processor communication. As the TSC_INFO needs to be initialized during > early boot before APs are started, move the guest messaging code from > sev-guest driver to sev/core.c and provide well defined APIs to the > sev-guest driver. > > Patches: > 01-04: sev-guest driver cleanup and enhancements > 05: Use AES GCM library > 06-07: SNP init error handling and cache secrets page address > 08-10: Preparatory patches for code movement > 11-12: Patches moving SNP guest messaging code from SEV guest driver to > SEV common code > 13-20: SecureTSC enablement patches. > > Testing SecureTSC > ----------------- > > SecureTSC hypervisor patches based on top of SEV-SNP Guest MEMFD series: > https://github.com/AMDESE/linux-kvm/tree/sectsc-host-latest > > QEMU changes: > https://github.com/nikunjad/qemu/tree/snp-securetsc-latest > > QEMU commandline SEV-SNP with SecureTSC: > > qemu-system-x86_64 -cpu EPYC-Milan-v2 -smp 4 \ > -object memory-backend-memfd,id=ram1,size=1G,share=true,prealloc=false,reserve=false \ > -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,secure-tsc=on \ > -machine q35,confidential-guest-support=sev0,memory-backend=ram1 \ > ... > > Changelog: > ---------- > v11: > * Rebased on top of v6.11-rc1 > * Added Acked-by/Reviewed-by > * Moved SEV Guest driver cleanups in the beginning of the series > * Commit message updates > * Enforced PAGE_SIZE constraints for snp_guest_msg > * After offline discussion with Boris, redesigned and exported > SEV guest messaging APIs to sev-guest driver > * Dropped VMPCK rework patches > * Make sure movement of SEV core routines does not break the SEV Guest > driver midway of the series. > A gentle reminder. Regards Nikunj
