amd-memory-encryption.rst - OpenGrok cross reference for /linux/Documentation/virt/kvm/amd-memory-encryption.rst

Lines Matching refs:guest
50 The SEV guest key management is handled by a separate processor called the AMD
53 encrypting bootstrap code, snapshot, migrating and debugging the guest. For more
94 context. To create the encryption context, user must provide a guest policy,
105                 __u32 policy;           /* guest's policy */
107 …              __u64 dh_uaddr;         /* userspace address pointing to the guest owner's PDH key */
110 …      __u64 session_addr;     /* userspace address which points to the guest session information */
125 of the memory contents that can be sent to the guest owner as an attestation
145 data encrypted by the KVM_SEV_LAUNCH_UPDATE_DATA command. The guest owner may
146 wait to provide the guest with confidential information until it can verify the
147 measurement. Since the guest owner knows the initial contents of the guest at
148 boot, the measurement can be verified by comparing it to what the guest owner
171 issued to make the guest ready for the execution.
179 SEV-enabled guest.
188                 __u32 handle;   /* guest handle */
189                 __u32 policy;   /* guest policy */
190                 __u8 state;     /* guest state (see enum below) */
193 SEV guest state:
199         SEV_STATE_LAUNCHING,    /* guest is currently being launched */
200 …      SEV_STATE_SECRET,       /* guest is being launched and ready to accept the ciphertext data */
201         SEV_STATE_RUNNING,      /* guest is fully launched and running */
202         SEV_STATE_RECEIVING,    /* guest is being migrated in from another SEV machine */
203         SEV_STATE_SENDING       /* guest is getting migrated out to another SEV machine */
224 The command returns an error if the guest policy does not allow debugging.
244 The command returns an error if the guest policy does not allow debugging.
250 data after the measurement has been validated by the guest owner.
262 …          __u64 guest_uaddr;      /* the guest memory region where the secret should be injected */
273 report containing the SHA-256 digest of the guest memory and VMSA passed through the KVM_SEV_LAUNCH
275 used by the guest owner with the KVM_SEV_LAUNCH_MEASURE.
297 outgoing guest encryption context.
299 If session_len is zero on entry, the length of the guest session information is
309                 __u32 policy;                 /* guest policy */
328 outgoing guest memory region with the encryption context creating using
373 context for an incoming SEV guest. To create the encryption context, the user must
374 provide a guest policy, the platform public Diffie-Hellman (PDH) key and session
385                 __u32 policy;           /* guest's policy */
390 …      __u64 session_uaddr;    /* userspace address which points to the guest session information */
402 the incoming buffers into the guest memory region with encryption context
415                 __u64 guest_uaddr;      /* the destination guest memory region */
426 issued by the hypervisor to make the guest ready for execution.
In current file

In project "undefined"

On Google
