cutemeli/server
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2adfbd9ea73fc04955d459a3e37101263067ebdb
server/usr/share/doc/qemu-system-common/system/i386/amd-memory-encryption.html
cutemeli 2adfbd9ea7 .gitignore angepasst
2026-01-07 20:52:11 +01:00

368 lines
28 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html class="writer-html5" lang="en" data-content_root="../../">
<head>
<meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>AMD Secure Encrypted Virtualization (SEV) &mdash; QEMU Debian 1:8.2.2+ds-0ubuntu1.11 documentation</title>
<link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" />
<link rel="stylesheet" type="text/css" href="../../_static/css/theme.css?v=86f27845" />
<link rel="stylesheet" type="text/css" href="../../_static/theme_overrides.css?v=08e6c168" />
<link rel="shortcut icon" href="../../_static/qemu_32x32.png"/>
<script src="../../_static/jquery.js?v=8dae8fb0"></script>
<script src="../../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
<script src="../../_static/documentation_options.js?v=802af9f6"></script>
<script src="../../_static/doctools.js?v=888ff710"></script>
<script src="../../_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="../../_static/custom.js?v=2ab9f71d"></script>
<script src="../../_static/js/theme.js"></script>
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
<link rel="next" title="Xtensa System emulator" href="../target-xtensa.html" />
<link rel="prev" title="Software Guard eXtensions (SGX)" href="sgx.html" />
</head>
<body class="wy-body-for-nav">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search" style="background: #802400" >
<a href="../../index.html" class="icon icon-home">
QEMU
<img src="../../_static/qemu_128x128.png" class="logo" alt="Logo"/>
</a>
<div class="version">
8.2.2
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
<p class="caption" role="heading"><span class="caption-text">Contents:</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../about/index.html">About QEMU</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../index.html">System Emulation</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../introduction.html">Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../invocation.html">Invocation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../device-emulation.html">Device Emulation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../keys.html">Keys in the graphical frontends</a></li>
<li class="toctree-l2"><a class="reference internal" href="../mux-chardev.html">Keys in the character backend multiplexer</a></li>
<li class="toctree-l2"><a class="reference internal" href="../monitor.html">QEMU Monitor</a></li>
<li class="toctree-l2"><a class="reference internal" href="../images.html">Disk Images</a></li>
<li class="toctree-l2"><a class="reference internal" href="../virtio-net-failover.html">QEMU virtio-net standby (net_failover)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../linuxboot.html">Direct Linux Boot</a></li>
<li class="toctree-l2"><a class="reference internal" href="../generic-loader.html">Generic Loader</a></li>
<li class="toctree-l2"><a class="reference internal" href="../guest-loader.html">Guest Loader</a></li>
<li class="toctree-l2"><a class="reference internal" href="../barrier.html">QEMU Barrier Client</a></li>
<li class="toctree-l2"><a class="reference internal" href="../vnc-security.html">VNC security</a></li>
<li class="toctree-l2"><a class="reference internal" href="../tls.html">TLS setup for network services</a></li>
<li class="toctree-l2"><a class="reference internal" href="../secrets.html">Providing secret data to QEMU</a></li>
<li class="toctree-l2"><a class="reference internal" href="../authz.html">Client authorization</a></li>
<li class="toctree-l2"><a class="reference internal" href="../gdb.html">GDB usage</a></li>
<li class="toctree-l2"><a class="reference internal" href="../replay.html">Record/replay</a></li>
<li class="toctree-l2"><a class="reference internal" href="../managed-startup.html">Managed start up options</a></li>
<li class="toctree-l2"><a class="reference internal" href="../bootindex.html">Managing device boot order with bootindex properties</a></li>
<li class="toctree-l2"><a class="reference internal" href="../cpu-hotplug.html">Virtual CPU hotplug</a></li>
<li class="toctree-l2"><a class="reference internal" href="../pr-manager.html">Persistent reservation managers</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../targets.html">QEMU System Emulator Targets</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../target-arm.html">Arm System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-avr.html">AVR System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-m68k.html">ColdFire System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-mips.html">MIPS System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-ppc.html">PowerPC System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-openrisc.html">OpenRISC System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-riscv.html">RISC-V System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-rx.html">RX System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-s390x.html">s390x System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-sparc.html">Sparc32 System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-sparc64.html">Sparc64 System emulator</a></li>
<li class="toctree-l3 current"><a class="reference internal" href="../target-i386.html">x86 System emulator</a><ul class="current">
<li class="toctree-l4"><a class="reference internal" href="../target-i386.html#board-specific-documentation">Board-specific documentation</a></li>
<li class="toctree-l4 current"><a class="reference internal" href="../target-i386.html#architectural-features">Architectural features</a></li>
<li class="toctree-l4"><a class="reference internal" href="../target-i386.html#os-requirements">OS requirements</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../target-xtensa.html">Xtensa System emulator</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../security.html">Security</a></li>
<li class="toctree-l2"><a class="reference internal" href="../multi-process.html">Multi-process QEMU</a></li>
<li class="toctree-l2"><a class="reference internal" href="../confidential-guest-support.html">Confidential Guest Support</a></li>
<li class="toctree-l2"><a class="reference internal" href="../vm-templating.html">QEMU VM templating</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../user/index.html">User Mode Emulation</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../tools/index.html">Tools</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../interop/index.html">System Emulation Management and Interoperability</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../specs/index.html">System Emulation Guest Hardware Specifications</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../devel/index.html">Developer Information</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" style="background: #802400" >
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../../index.html">QEMU</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="../../index.html" class="icon icon-home" aria-label="Home"></a></li>
<li class="breadcrumb-item"><a href="../index.html">System Emulation</a></li>
<li class="breadcrumb-item"><a href="../targets.html">QEMU System Emulator Targets</a></li>
<li class="breadcrumb-item"><a href="../target-i386.html">x86 System emulator</a></li>
<li class="breadcrumb-item active">AMD Secure Encrypted Virtualization (SEV)</li>
<li class="wy-breadcrumbs-aside">
<a href="https://gitlab.com/qemu-project/qemu/blob/master/docs/system/i386/amd-memory-encryption.rst" class="fa fa-gitlab"> Edit on GitLab</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<section id="amd-secure-encrypted-virtualization-sev">
<h1>AMD Secure Encrypted Virtualization (SEV)<a class="headerlink" href="#amd-secure-encrypted-virtualization-sev" title="Link to this heading"></a></h1>
<p>Secure Encrypted Virtualization (SEV) is a feature found on AMD processors.</p>
<p>SEV is an extension to the AMD-V architecture which supports running encrypted
virtual machines (VMs) under the control of KVM. Encrypted VMs have their pages
(code and data) secured such that only the guest itself has access to the
unencrypted version. Each encrypted VM is associated with a unique encryption
key; if its data is accessed by a different entity using a different key the
encrypted guests data will be incorrectly decrypted, leading to unintelligible
data.</p>
<p>Key management for this feature is handled by a separate processor known as the
AMD secure processor (AMD-SP), which is present in AMD SOCs. Firmware running
inside the AMD-SP provides commands to support a common VM lifecycle. This
includes commands for launching, snapshotting, migrating and debugging the
encrypted guest. These SEV commands can be issued via KVM_MEMORY_ENCRYPT_OP
ioctls.</p>
<p>Secure Encrypted Virtualization - Encrypted State (SEV-ES) builds on the SEV
support to additionally protect the guest register state. In order to allow a
hypervisor to perform functions on behalf of a guest, there is architectural
support for notifying a guests operating system when certain types of VMEXITs
are about to occur. This allows the guest to selectively share information with
the hypervisor to satisfy the requested function.</p>
<section id="launching">
<h2>Launching<a class="headerlink" href="#launching" title="Link to this heading"></a></h2>
<p>Boot images (such as bios) must be encrypted before a guest can be booted. The
<code class="docutils literal notranslate"><span class="pre">MEMORY_ENCRYPT_OP</span></code> ioctl provides commands to encrypt the images: <code class="docutils literal notranslate"><span class="pre">LAUNCH_START</span></code>,
<code class="docutils literal notranslate"><span class="pre">LAUNCH_UPDATE_DATA</span></code>, <code class="docutils literal notranslate"><span class="pre">LAUNCH_MEASURE</span></code> and <code class="docutils literal notranslate"><span class="pre">LAUNCH_FINISH</span></code>. These four commands
together generate a fresh memory encryption key for the VM, encrypt the boot
images and provide a measurement than can be used as an attestation of a
successful launch.</p>
<p>For a SEV-ES guest, the <code class="docutils literal notranslate"><span class="pre">LAUNCH_UPDATE_VMSA</span></code> command is also used to encrypt the
guest register state, or VM save area (VMSA), for all of the guest vCPUs.</p>
<p><code class="docutils literal notranslate"><span class="pre">LAUNCH_START</span></code> is called first to create a cryptographic launch context within
the firmware. To create this context, guest owner must provide a guest policy,
its public Diffie-Hellman key (PDH) and session parameters. These inputs
should be treated as a binary blob and must be passed as-is to the SEV firmware.</p>
<p>The guest policy is passed as plaintext. A hypervisor may choose to read it,
but should not modify it (any modification of the policy bits will result
in bad measurement). The guest policy is a 4-byte data structure containing
several flags that restricts what can be done on a running SEV guest.
See SEV API Spec (<a class="reference internal" href="#sevapi" id="id1"><span>[SEVAPI]</span></a>) section 3 and 6.2 for more details.</p>
<p>The guest policy can be provided via the <code class="docutils literal notranslate"><span class="pre">policy</span></code> property:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1"># ${QEMU} \</span>
<span class="n">sev</span><span class="o">-</span><span class="n">guest</span><span class="p">,</span><span class="nb">id</span><span class="o">=</span><span class="n">sev0</span><span class="p">,</span><span class="n">policy</span><span class="o">=</span><span class="mh">0x1</span><span class="o">...</span>\
</pre></div>
</div>
<p>Setting the “SEV-ES required” policy bit (bit 2) will launch the guest as a
SEV-ES guest:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1"># ${QEMU} \</span>
<span class="n">sev</span><span class="o">-</span><span class="n">guest</span><span class="p">,</span><span class="nb">id</span><span class="o">=</span><span class="n">sev0</span><span class="p">,</span><span class="n">policy</span><span class="o">=</span><span class="mh">0x5</span><span class="o">...</span>\
</pre></div>
</div>
<p>The guest owner provided DH certificate and session parameters will be used to
establish a cryptographic session with the guest owner to negotiate keys used
for the attestation.</p>
<p>The DH certificate and session blob can be provided via the <code class="docutils literal notranslate"><span class="pre">dh-cert-file</span></code> and
<code class="docutils literal notranslate"><span class="pre">session-file</span></code> properties:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1"># ${QEMU} \</span>
<span class="n">sev</span><span class="o">-</span><span class="n">guest</span><span class="p">,</span><span class="nb">id</span><span class="o">=</span><span class="n">sev0</span><span class="p">,</span><span class="n">dh</span><span class="o">-</span><span class="n">cert</span><span class="o">-</span><span class="n">file</span><span class="o">=&lt;</span><span class="n">file1</span><span class="o">&gt;</span><span class="p">,</span><span class="n">session</span><span class="o">-</span><span class="n">file</span><span class="o">=&lt;</span><span class="n">file2</span><span class="o">&gt;</span>
</pre></div>
</div>
<p><code class="docutils literal notranslate"><span class="pre">LAUNCH_UPDATE_DATA</span></code> encrypts the memory region using the cryptographic context
created via the <code class="docutils literal notranslate"><span class="pre">LAUNCH_START</span></code> command. If required, this command can be called
multiple times to encrypt different memory regions. The command also calculates
the measurement of the memory contents as it encrypts.</p>
<p><code class="docutils literal notranslate"><span class="pre">LAUNCH_UPDATE_VMSA</span></code> encrypts all the vCPU VMSAs for a SEV-ES guest using the
cryptographic context created via the <code class="docutils literal notranslate"><span class="pre">LAUNCH_START</span></code> command. The command also
calculates the measurement of the VMSAs as it encrypts them.</p>
<p><code class="docutils literal notranslate"><span class="pre">LAUNCH_MEASURE</span></code> can be used to retrieve the measurement of encrypted memory and,
for a SEV-ES guest, encrypted VMSAs. This measurement is a signature of the
memory contents and, for a SEV-ES guest, the VMSA contents, that can be sent
to the guest owner as an attestation that the memory and VMSAs were encrypted
correctly by the firmware. The guest owner may wait to provide the guest
confidential information until it can verify the attestation measurement.
Since the guest owner knows the initial contents of the guest at boot, the
attestation measurement can be verified by comparing it to what the guest owner
expects.</p>
<p><code class="docutils literal notranslate"><span class="pre">LAUNCH_FINISH</span></code> finalizes the guest launch and destroys the cryptographic
context.</p>
<p>See SEV API Spec (<a class="reference internal" href="#sevapi" id="id2"><span>[SEVAPI]</span></a>) Launching a guest usage flow (Appendix A) for the
complete flow chart.</p>
<p>To launch a SEV guest:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1"># ${QEMU} \</span>
<span class="o">-</span><span class="n">machine</span> <span class="o">...</span><span class="p">,</span><span class="n">confidential</span><span class="o">-</span><span class="n">guest</span><span class="o">-</span><span class="n">support</span><span class="o">=</span><span class="n">sev0</span> \
<span class="o">-</span><span class="nb">object</span> <span class="n">sev</span><span class="o">-</span><span class="n">guest</span><span class="p">,</span><span class="nb">id</span><span class="o">=</span><span class="n">sev0</span><span class="p">,</span><span class="n">cbitpos</span><span class="o">=</span><span class="mi">47</span><span class="p">,</span><span class="n">reduced</span><span class="o">-</span><span class="n">phys</span><span class="o">-</span><span class="n">bits</span><span class="o">=</span><span class="mi">1</span>
</pre></div>
</div>
<p>To launch a SEV-ES guest:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1"># ${QEMU} \</span>
<span class="o">-</span><span class="n">machine</span> <span class="o">...</span><span class="p">,</span><span class="n">confidential</span><span class="o">-</span><span class="n">guest</span><span class="o">-</span><span class="n">support</span><span class="o">=</span><span class="n">sev0</span> \
<span class="o">-</span><span class="nb">object</span> <span class="n">sev</span><span class="o">-</span><span class="n">guest</span><span class="p">,</span><span class="nb">id</span><span class="o">=</span><span class="n">sev0</span><span class="p">,</span><span class="n">cbitpos</span><span class="o">=</span><span class="mi">47</span><span class="p">,</span><span class="n">reduced</span><span class="o">-</span><span class="n">phys</span><span class="o">-</span><span class="n">bits</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span><span class="n">policy</span><span class="o">=</span><span class="mh">0x5</span>
</pre></div>
</div>
<p>An SEV-ES guest has some restrictions as compared to a SEV guest. Because the
guest register state is encrypted and cannot be updated by the VMM/hypervisor,
a SEV-ES guest:</p>
<blockquote>
<div><ul class="simple">
<li><p>Does not support SMM - SMM support requires updating the guest register
state.</p></li>
<li><p>Does not support reboot - a system reset requires updating the guest register
state.</p></li>
<li><p>Requires in-kernel irqchip - the burden is placed on the hypervisor to
manage booting APs.</p></li>
</ul>
</div></blockquote>
</section>
<section id="calculating-expected-guest-launch-measurement">
<h2>Calculating expected guest launch measurement<a class="headerlink" href="#calculating-expected-guest-launch-measurement" title="Link to this heading"></a></h2>
<p>In order to verify the guest launch measurement, The Guest Owner must compute
it in the exact same way as it is calculated by the AMD-SP. SEV API Spec
(<a class="reference internal" href="#sevapi" id="id3"><span>[SEVAPI]</span></a>) section 6.5.1 describes the AMD-SP operations:</p>
<blockquote>
<div><p>GCTX.LD is finalized, producing the hash digest of all plaintext data
imported into the guest.</p>
<p>The launch measurement is calculated as:</p>
<p>HMAC(0x04 || API_MAJOR || API_MINOR || BUILD || GCTX.POLICY || GCTX.LD || MNONCE; GCTX.TIK)</p>
<p>where “||” represents concatenation.</p>
</div></blockquote>
<p>The values of API_MAJOR, API_MINOR, BUILD, and GCTX.POLICY can be obtained
from the <code class="docutils literal notranslate"><span class="pre">query-sev</span></code> qmp command.</p>
<p>The value of MNONCE is part of the response of <code class="docutils literal notranslate"><span class="pre">query-sev-launch-measure</span></code>: it
is the last 16 bytes of the base64-decoded data field (see SEV API Spec
(<a class="reference internal" href="#sevapi" id="id4"><span>[SEVAPI]</span></a>) section 6.5.2 Table 52: LAUNCH_MEASURE Measurement Buffer).</p>
<p>The value of GCTX.LD is
<code class="docutils literal notranslate"><span class="pre">SHA256(firmware_blob</span> <span class="pre">||</span> <span class="pre">kernel_hashes_blob</span> <span class="pre">||</span> <span class="pre">vmsas_blob)</span></code>, where:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">firmware_blob</span></code> is the content of the entire firmware flash file (for
example, <code class="docutils literal notranslate"><span class="pre">OVMF.fd</span></code>). Note that you must build a stateless firmware file
which doesnt use an NVRAM store, because the NVRAM area is not measured, and
therefore it is not secure to use a firmware which uses state from an NVRAM
store.</p></li>
<li><p>if kernel is used, and <code class="docutils literal notranslate"><span class="pre">kernel-hashes=on</span></code>, then <code class="docutils literal notranslate"><span class="pre">kernel_hashes_blob</span></code> is
the content of PaddedSevHashTable (including the zero padding), which itself
includes the hashes of kernel, initrd, and cmdline that are passed to the
guest. The PaddedSevHashTable struct is defined in <code class="docutils literal notranslate"><span class="pre">target/i386/sev.c</span></code>.</p></li>
<li><p>if SEV-ES is enabled (<code class="docutils literal notranslate"><span class="pre">policy</span> <span class="pre">&amp;</span> <span class="pre">0x4</span> <span class="pre">!=</span> <span class="pre">0</span></code>), <code class="docutils literal notranslate"><span class="pre">vmsas_blob</span></code> is the
concatenation of all VMSAs of the guest vcpus. Each VMSA is 4096 bytes long;
its content is defined inside Linux kernel code as <code class="docutils literal notranslate"><span class="pre">struct</span> <span class="pre">vmcb_save_area</span></code>,
or in AMD APM Volume 2 (<a class="reference internal" href="#apmvol2" id="id5"><span>[APMVOL2]</span></a>) Table B-2: VMCB Layout, State Save Area.</p></li>
</ul>
<p>If kernel hashes are not used, or SEV-ES is disabled, use empty blobs for
<code class="docutils literal notranslate"><span class="pre">kernel_hashes_blob</span></code> and <code class="docutils literal notranslate"><span class="pre">vmsas_blob</span></code> as needed.</p>
</section>
<section id="debugging">
<h2>Debugging<a class="headerlink" href="#debugging" title="Link to this heading"></a></h2>
<p>Since the memory contents of a SEV guest are encrypted, hypervisor access to
the guest memory will return cipher text. If the guest policy allows debugging,
then a hypervisor can use the DEBUG_DECRYPT and DEBUG_ENCRYPT commands to access
the guest memory region for debug purposes. This is not supported in QEMU yet.</p>
</section>
<section id="snapshot-restore">
<h2>Snapshot/Restore<a class="headerlink" href="#snapshot-restore" title="Link to this heading"></a></h2>
<p>TODO</p>
</section>
<section id="live-migration">
<h2>Live Migration<a class="headerlink" href="#live-migration" title="Link to this heading"></a></h2>
<p>TODO</p>
</section>
<section id="references">
<h2>References<a class="headerlink" href="#references" title="Link to this heading"></a></h2>
<p><a class="reference external" href="https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/white-papers/memory-encryption-white-paper.pdf">AMD Memory Encryption whitepaper</a></p>
<div role="list" class="citation-list">
<div class="citation" id="sevapi" role="doc-biblioentry">
<span class="label"><span class="fn-bracket">[</span>SEVAPI<span class="fn-bracket">]</span></span>
<span class="backrefs">(<a role="doc-backlink" href="#id1">1</a>,<a role="doc-backlink" href="#id2">2</a>,<a role="doc-backlink" href="#id3">3</a>,<a role="doc-backlink" href="#id4">4</a>)</span>
<p><a class="reference external" href="https://www.amd.com/system/files/TechDocs/55766_SEV-KM_API_Specification.pdf">Secure Encrypted Virtualization API</a></p>
</div>
<div class="citation" id="apmvol2" role="doc-biblioentry">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id5">APMVOL2</a><span class="fn-bracket">]</span></span>
<p><a class="reference external" href="https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/programmer-references/24593.pdf">AMD64 Architecture Programmers Manual Volume 2: System Programming</a></p>
</div>
</div>
<p>KVM Forum slides:</p>
<ul class="simple">
<li><p><a class="reference external" href="http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf">AMDs Virtualization Memory Encryption (2016)</a></p></li>
<li><p><a class="reference external" href="https://www.linux-kvm.org/images/9/94/Extending-Secure-Encrypted-Virtualization-with-SEV-ES-Thomas-Lendacky-AMD.pdf">Extending Secure Encrypted Virtualization With SEV-ES (2018)</a></p></li>
</ul>
<p><a class="reference external" href="https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/programmer-references/24593.pdf">AMD64 Architecture Programmers Manual:</a></p>
<ul class="simple">
<li><p>SME is section 7.10</p></li>
<li><p>SEV is section 15.34</p></li>
<li><p>SEV-ES is section 15.35</p></li>
</ul>
</section>
</section>
</div>
</div>
<footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
<a href="sgx.html" class="btn btn-neutral float-left" title="Software Guard eXtensions (SGX)" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
<a href="../target-xtensa.html" class="btn btn-neutral float-right" title="Xtensa System emulator" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
</div>
<hr/>
<div role="contentinfo">
<p>&#169; Copyright 2025, The QEMU Project Developers.</p>
</div>
Built with <a href="https://www.sphinx-doc.org/">Sphinx</a> using a
<a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a>
provided by <a href="https://readthedocs.org">Read the Docs</a>.
<!-- Empty para to force a blank line after "Built with Sphinx ..." -->
<p></p>
<p>This documentation is for QEMU version 8.2.2.</p>
<p><a href="../../about/license.html">QEMU and this manual are released under the
GNU General Public License, version 2.</a></p>
</footer>
</div>
</div>
</section>
</div>
<script>
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink