Hello,
On behalf of the QEMU Team, I'd like to announce the availability of
the QEMU 10.0.0 release. This release contains 2800+ commits from 211
authors.
You can grab the tarball from our download page here:
https://www.qemu.org/download/#source
The full list of changes are available at:
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
fifth release candidate for the QEMU 10.0 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-10.0.0-rc4.tar.xz
http://download.qem
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
fourth release candidate for the QEMU 10.0 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-10.0.0-rc3.tar.xz
http://download.qe
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
third release candidate for the QEMU 10.0 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-10.0.0-rc2.tar.xz
http://download.qem
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
second release candidate for the QEMU 10.0 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-10.0.0-rc1.tar.xz
http://download.qe
On Wed, Mar 26, 2025 at 05:13:50PM -0300, Fabiano Rosas wrote:
> Michael Roth writes:
>
> > Quoting Tom Lendacky (2025-03-26 14:21:31)
> >> On 3/26/25 13:46, Tom Lendacky wrote:
> >> > On 3/7/25 12:15, Fabiano Rosas wrote:
> >> >> From: Steve Sist
Quoting Tom Lendacky (2025-03-26 14:21:31)
> On 3/26/25 13:46, Tom Lendacky wrote:
> > On 3/7/25 12:15, Fabiano Rosas wrote:
> >> From: Steve Sistare
> >>
> >> Unlike cpr-reboot mode, cpr-transfer mode cannot save volatile ram blocks
> >> in the migration stream file and recreate them later, becau
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
first release candidate for the QEMU 10.0 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-10.0.0-rc0.tar.xz
http://download.qem
Quoting Michael Roth (2025-03-19 07:08:40)
> Hello,
>
> On behalf of the QEMU Team, I'd like to announce the availability of the
> first release candidate for the QEMU 10.0 release. This release is meant
> for testing purposes and should not be used in a production envi
27b5149c86 ("make-release: only leave tarball of wrap-file
subprojects")
Cc: Paolo Bonzini
Cc: Michael Tokarev
Cc: qemu-sta...@nongnu.org
Signed-off-by: Michael Roth
---
scripts/make-release | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/scripts/make-re
On Thu, Dec 19, 2024 at 01:37:18PM +, Daniel P. Berrangé wrote:
> On Thu, Dec 19, 2024 at 07:16:01AM -0600, Michael Roth wrote:
> > On Thu, Dec 19, 2024 at 08:13:44AM +, Daniel P. Berrangé wrote:
> > > On Wed, Dec 18, 2024 at 04:29:51PM -0600, Michael Roth wrote:
>
On Thu, Dec 19, 2024 at 08:13:44AM +, Daniel P. Berrangé wrote:
> On Wed, Dec 18, 2024 at 04:29:51PM -0600, Michael Roth wrote:
> > On Wed, Dec 18, 2024 at 05:50:52PM +, Daniel P. Berrangé wrote:
> > > On Wed, Dec 18, 2024 at 09:49:39AM -0600, Michael Roth wrote
On Wed, Dec 18, 2024 at 06:32:05PM +0100, Markus Armbruster wrote:
> Michael Roth writes:
>
> > The GHCB specification[1] defines a VMGEXIT-based Guest Request
> > hypercall to allow an SNP guest to issue encrypted requests directly to
> > SNP firmware to do things li
On Wed, Dec 18, 2024 at 05:50:52PM +, Daniel P. Berrangé wrote:
> On Wed, Dec 18, 2024 at 09:49:39AM -0600, Michael Roth wrote:
> > The GHCB specification[1] defines a VMGEXIT-based Guest Request
> > hypercall to allow an SNP guest to issue encrypted requests directly to
> &g
ndled. This confirmation is done
by way of the kvm_immediate_exit callback infrastructure that was
introduced in a previous patch.
[1] "Guest Hypervisor Communication Block (GHCB) Standardization",
https://www.amd.com/en/developer/sev.html
Signed-off-by: Michael Roth
---
e guest-side then random data will suffice
for testing the KVM bits.
Any feedback/review is appreciated.
Thanks!
-Mike
----
Michael Roth (1):
i386/sev: Add KVM_EXIT_SNP_REQ_CERTS support for certificate-fetching
qapi/q
Provide a generic mechanism so that users of struct kvm_run's
'immediate_exit' flag can register a callback that can be issued after
returning from KVM.
Signed-off-by: Michael Roth
---
accel/kvm/kvm-all.c | 43 +++
include/sysemu/kvm.h |
Signed-off-by: Michael Roth
---
linux-headers/linux/kvm.h | 10 ++
1 file changed, 10 insertions(+)
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index 3bcd4eabe3..10f6c908d9 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -135,6 +135,12
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of
the QEMU 9.2.0 release. This release contains 1700+ commits from 209
authors.
You can grab the tarball from our download page here:
https://www.qemu.org/download/#source
The full list of changes are available at:
h
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
fourth release candidate for the QEMU 9.2 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-9.2.0-rc3.tar.xz
http://download.qemu
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
second release candidate for the QEMU 9.2 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-9.2.0-rc1.tar.xz
http://download.qemu
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
first release candidate for the QEMU 9.2 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-9.2.0-rc0.tar.xz
http://download.qemu.
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of
the QEMU 9.1.0 release. This release contains 2800+ commits from 263
authors.
You can grab the tarball from our download page here:
https://www.qemu.org/download/#source
The full list of changes are available at:
h
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
fifth release candidate for the QEMU 9.1 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-9.1.0-rc4.tar.xz
http://download.qemu.
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
fourth release candidate for the QEMU 9.1 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-9.1.0-rc3.tar.xz
http://download.qemu
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
third release candidate for the QEMU 9.1 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-9.1.0-rc2.tar.xz
http://download.qemu.
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
second release candidate for the QEMU 9.1 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-9.1.0-rc1.tar.xz
http://download.qemu
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
first release candidate for the QEMU 9.1 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-9.1.0-rc0.tar.xz
http://download.qemu.
On Thu, Jul 04, 2024 at 11:53:33AM +0200, Paolo Bonzini wrote:
> On Thu, Jul 4, 2024 at 11:39 AM Daniel P. Berrangé
> wrote:
> > > The debug_swap parameter simply could not be enabled in the old API
> > > without breaking measurements. The new API *is the fix* to allow using
> > > it (though QEMU
vide better default behavior
than the legacy-vm-type=off behavior that was previously in place, so
make it the default for 9.1+ machine types.
Cc: Daniel P. Berrangé
Cc: Paolo Bonzini
cc: k...@vger.kernel.org
Signed-off-by: Michael Roth
---
v2:
- switch to OnOffAuto for legacy-vm-type 'pr
On Tue, Jul 02, 2024 at 11:07:18AM +0800, Xiaoyao Li wrote:
> On 5/30/2024 7:16 PM, Pankaj Gupta wrote:
> > From: Michael Roth
> >
> > SEV-SNP firmware allows a special guest page to be populated with a
> > table of guest CPUID values so that they can be validated
On Wed, Jul 03, 2024 at 01:01:32PM +0200, Paolo Bonzini wrote:
> Some CPUID features may be provided by KVM for some guests, independent of
> processor support, for example TSC deadline or TSC adjust. They are not going
> to be present in named models unless the vendor implements them in hardware,
On Tue, Jun 25, 2024 at 10:51:43AM +0100, Daniel P. Berrangé wrote:
> On Mon, Jun 24, 2024 at 08:19:19PM -0500, Michael Roth wrote:
> > On Fri, Jun 14, 2024 at 11:39:24AM +0100, Daniel P. Berrangé wrote:
> > > The KVM_SEV_INIT2 ioctl was only introduced in Linux 6.10, which wi
SEV guest was
created on a host that originally had an older kernel that didn't
support KVM_SEV_INIT2, but is booted on the same host later on after the
host kernel was upgraded.
Cc: Daniel P. Berrangé
Cc: Paolo Bonzini
cc: k...@vger.kernel.org
Signed-off-by: Michael Roth
---
qapi/qo
On Fri, Jun 14, 2024 at 11:39:24AM +0100, Daniel P. Berrangé wrote:
> The KVM_SEV_INIT2 ioctl was only introduced in Linux 6.10, which will
> only have been released for a bit over a month when QEMU 9.1 is
> released.
>
> The SEV(-ES) support in QEMU has been present since 2.12 dating back
> to 20
On Mon, Jun 03, 2024 at 04:31:45PM +0200, Paolo Bonzini wrote:
> On Mon, Jun 3, 2024 at 4:28 PM Michael Roth wrote:
> > So for now maybe we should plan to drop it from qemu-coco-queue and
> > focus on the stateless builds for the initial code merge.
>
> Yes, I included it
On Mon, Jun 03, 2024 at 12:55:43PM +0100, Daniel P. Berrangé wrote:
> On Thu, May 30, 2024 at 06:16:41AM -0500, Pankaj Gupta wrote:
> > From: Michael Roth
> >
> > SEV-ES and SEV-SNP support OVMF images with non-volatile storage in
> > cases where the storage area is ge
On Sat, Jun 01, 2024 at 06:57:21AM +0200, Gupta, Pankaj wrote:
> Hi Paolo,
>
> > > > please check if branch qemu-coco-queue of
> > > > https://gitlab.com/bonzini/qemu works for you!
> > >
> > > Getting compilation error here: Hope I am looking at correct branch.
> >
> > Oops, sorry:
> >
> > dif
de" folder is obviously missing here - no clue how this could
> have worked before?
>
> Fixes: 66210a1a30 ("scripts/update-linux-headers: Add setup_data.h to import
> list")
> Signed-off-by: Thomas Huth
Tested-by: Michael Roth
> ---
> scripts/update-l
On Thu, Mar 28, 2024 at 08:45:03AM +0800, Xiaoyao Li wrote:
> On 3/21/2024 2:12 AM, Isaku Yamahata wrote:
> > On Wed, Mar 20, 2024 at 03:39:44AM -0500,
> > Michael Roth wrote:
> >
> > > TODO: make this SNP-specific if TDX disables legacy ROMs in general
> >
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of
the QEMU 9.0.0 release. This release contains 2700+ commits from 220
authors.
You can grab the tarball from our download page here:
https://www.qemu.org/download/#source
The full list of changes are available at:
h
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
fifth release candidate for the QEMU 9.0 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-9.0.0-rc4.tar.xz
http://download.qemu.
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
fourth release candidate for the QEMU 9.0 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-9.0.0-rc3.tar.xz
http://download.qemu
calculations.
NOTE: section 11.5.7 also documents that FTW should be all 1's, whereas
QEMU currently sets all zeroes. Should that be changed as part of
this, or are there other reasons for setting 0?
Thanks,
Mike
-------
version. Avoid this by continuing to use the older
KVM_SEV_INIT/KVM_SEV_ES_INIT APIs for older machine types.
Signed-off-by: Michael Roth
---
hw/i386/pc.c | 5 +
hw/i386/pc_piix.c| 1 +
hw/i386/pc_q35.c | 1 +
include/hw/i386/pc.h | 3 +++
target/i386/sev.c| 1 +
5 files
Define the 9.1 machine types and make them identical to 9.0 for now.
This will be needed to add PC compat options for 9.1+ features.
Signed-off-by: Michael Roth
---
hw/i386/pc_piix.c | 12 +++-
hw/i386/pc_q35.c | 11 ++-
2 files changed, 21 insertions(+), 2 deletions(-)
diff
newer interface, while still
providing a mechanism to maintain backward compatibility with VMs
created using the older interfaces, provide a new command-line
parameter:
-object sev-guest,legacy-vm-type=true,...
and have it default to false.
Signed-off-by: Michael Roth
---
qapi/qom.json
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
third release candidate for the QEMU 9.0 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-9.0.0-rc2.tar.xz
http://download.qemu.
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
second release candidate for the QEMU 9.0 release. This release is meant
for testing purposes and should not be used in a production environment.
http://download.qemu.org/qemu-9.0.0-rc1.tar.xz
http://download.qemu
On Fri, Mar 22, 2024 at 07:11:09PM +0100, Paolo Bonzini wrote:
> From: Michael Roth
This should be:
From: Xiaoyao Li
Looks like the author got reset in my tree for some reason and I failed to
notice it before posting. Sorry for the mix-up.
-Mike
>
> Add KVM guest_memfd s
On Wed, Mar 20, 2024 at 03:38:56AM -0500, Michael Roth wrote:
>
> Testing
> ---
>
> This series has been tested against the following host kernel tree, which
> is a snapshot of the latest WIP SNP hypervisor tree at the time of this
> posting. It will likely not be kept
On Wed, Mar 20, 2024 at 09:04:52PM +0100, David Hildenbrand wrote:
> On 20.03.24 18:38, Michael Roth wrote:
> > On Wed, Mar 20, 2024 at 10:37:14AM +0100, David Hildenbrand wrote:
> > > On 20.03.24 09:39, Michael Roth wrote:
> > > > From: Xiaoyao Li
> > > &
On Wed, Mar 20, 2024 at 12:22:34PM +, Daniel P. Berrangé wrote:
> On Wed, Mar 20, 2024 at 03:39:43AM -0500, Michael Roth wrote:
> > TODO: Brijesh as author, me as co-author (vice-versa depending)
> > drop flash handling? we only support BIOS now
>
> A reminder tha
On Wed, Mar 20, 2024 at 10:55:35AM -0700, Isaku Yamahata wrote:
> On Wed, Mar 20, 2024 at 03:39:36AM -0500,
> Michael Roth wrote:
>
> > From: Brijesh Singh
> >
> > A recent version of OVMF expanded the reset vector GUID list to add
> > SEV-specific metadata GUI
On Wed, Mar 20, 2024 at 10:58:30AM +0100, Paolo Bonzini wrote:
> On 3/20/24 09:39, Michael Roth wrote:
> > From: Brijesh Singh
> >
> > The SNP_LAUNCH_START is called first to create a cryptographic launch
> > context within the firmware.
> >
> > Signed-o
On Wed, Mar 20, 2024 at 12:10:04PM +, Daniel P. Berrangé wrote:
> On Wed, Mar 20, 2024 at 03:39:27AM -0500, Michael Roth wrote:
> > Most of the current 'query-sev' command is relevant to both legacy
> > SEV/SEV-ES guests and SEV-SNP guests, with 2 exceptions:
> >
On Wed, Mar 20, 2024 at 10:46:29AM +0100, Paolo Bonzini wrote:
> On 3/20/24 09:39, Michael Roth wrote:
> > SEV uses these notifiers to register/pin pages prior to guest use, since
> > they could potentially be used for private memory where page migration
> > is not support
On Wed, Mar 20, 2024 at 12:35:09PM +, Daniel P. Berrangé wrote:
> On Wed, Mar 20, 2024 at 03:39:19AM -0500, Michael Roth wrote:
> > Add a simple helper to check if the current guest type is SNP. Also have
> > SNP-enabled imply that SEV-ES is enabled as well, and fix up any place
On Wed, Mar 20, 2024 at 11:58:57AM +, Daniel P. Berrangé wrote:
> On Wed, Mar 20, 2024 at 03:39:18AM -0500, Michael Roth wrote:
> > From: Brijesh Singh
> >
> > SEV-SNP support relies on a different set of properties/state than the
> > existing 'sev-guest&#x
On Wed, Mar 20, 2024 at 11:47:28AM +, Daniel P. Berrangé wrote:
> On Wed, Mar 20, 2024 at 03:39:17AM -0500, Michael Roth wrote:
> > Currently all SEV/SEV-ES functionality is managed through a single
> > 'sev-guest' QOM type. With upcoming support for SEV-SNP, taki
On Wed, Mar 20, 2024 at 11:44:13AM +, Daniel P. Berrangé wrote:
> On Wed, Mar 20, 2024 at 03:39:17AM -0500, Michael Roth wrote:
> > Currently all SEV/SEV-ES functionality is managed through a single
> > 'sev-guest' QOM type. With upcoming support for SEV-SNP, taki
On Wed, Mar 20, 2024 at 05:26:00PM +0100, Paolo Bonzini wrote:
> On 3/20/24 09:39, Michael Roth wrote:
> > Some subsystems like VFIO might disable ram block discard for
> > uncoordinated cases. Since kvm_convert_memory()/guest_memfd don't
> > implement a RamDiscardManager
On Wed, Mar 20, 2024 at 10:37:14AM +0100, David Hildenbrand wrote:
> On 20.03.24 09:39, Michael Roth wrote:
> > From: Xiaoyao Li
> >
> > When memory page is converted from private to shared, the original
> > private memory is back&#
From: Xiaoyao Li
The upper 16 bits of kvm_userspace_memory_region::slot are
address space id. Parse it separately in trace_kvm_set_user_memory().
Signed-off-by: Xiaoyao Li
Signed-off-by: Michael Roth
---
accel/kvm/kvm-all.c| 5 +++--
accel/kvm/trace-events | 2 +-
2 files changed, 4
t;require_guest_memfd" to "guest_memfd" in struct
HostMemoryBackend; (David Hildenbrand)
Signed-off-by: Michael Roth
---
backends/hostmem-file.c | 1 +
backends/hostmem-memfd.c | 1 +
backends/hostmem-ram.c | 1 +
backends/hostmem.c | 1 +
hw/core/machine.c| 5 +
LM_BASE_ADDR_HIGH 8
#define LM_END_ADDR_LOW 12
#define LM_END_ADDR_HIGH16
#define LM_VRING_STATE_OFFSET 0x20
Signed-off-by: Michael Roth
---
include/standard-headers/asm-x86/bootparam.h | 17 +-
include/standard-headers/asm-x86/kvm_para.h
TODO: this needs to be done as part of header update to avoid temporary
build bisect breakage. Keeping it separate for reference.
It is now provided by kernel headers.
Signed-off-by: Michael Roth
---
hw/i386/x86.c | 8
1 file changed, 8 deletions(-)
diff --git a/hw/i386/x86.c b/hw
ror message; (Daniel P. Berrangé)
- remove flags in ram_block_add(); (David Hildenbrand)
Changes in v3:
- rename gmem to guest_memfd;
- close(guest_memfd) when RAMBlock is released; (Daniel P. Berrangé)
- Suqash the patch that introduces memory_region_has_guest_memfd().
Signed-off-by: M
enablement
since those interfaces rely on the use of ROM memory regions which make
use of the KVM_MEM_READONLY memslot flag, which is not supported for
guest_memfd-backed memslots.
Signed-off-by: Michael Roth
---
hw/i386/x86.c | 36 +++-
1 file changed, 23 insertions
this handling is needed to allow QEMU to continue
running existing SNP guest kernels.
Signed-off-by: Michael Roth
---
hw/i386/pc.c | 13 +
hw/i386/pc_sysfw.c | 13 ++---
2 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index
TODO: Brijesh as author, me as co-author (vice-versa depending)
drop flash handling? we only support BIOS now
Signed-off-by: Michael Roth
---
hw/i386/pc_sysfw.c| 12 +++-
hw/i386/x86.c | 2 +-
include/hw/i386/x86.h | 2 +-
target/i386/sev
page is reserved for SEV
launch secrets which are not usable anyway on SNP.
If the user disabled kernel hashes, QEMU pre-validates the kernel hashes
page as a zero page.
Signed-off-by: Dov Murik
Signed-off-by: Michael Roth
---
include/hw/i386/pc.h | 2 ++
target/i386/sev.c| 36
From: Dov Murik
Move the declaration of PaddedSevHashTable before SevSnpGuest so
we can add a new such field to the latter.
No functional change intended.
Signed-off-by: Dov Murik
Signed-off-by: Michael Roth
---
target/i386/sev.c | 56 +++
1 file
From: Dov Murik
Extract the building of the kernel hashes table out from
sev_add_kernel_loader_hashes() to allow building it in
other memory areas (for SNP support).
No functional change intended.
Signed-off-by: Dov Murik
Signed-off-by: Michael Roth
---
target/i386/sev.c | 101
From: Dov Murik
In order to enable kernel-hashes for SNP, pull it from
SevGuestProperties to its parent SevCommonProperties so
it will be available for both SEV and SNP.
Signed-off-by: Dov Murik
Signed-off-by: Michael Roth
---
qapi/qom.json | 14 +++---
target/i386/sev.c | 44
, use this interface to validate
the CPUID entries reported by KVM_GET_CPUID2 prior to initial guest
start and populate the CPUID page reserved by OVMF with the resulting
encrypted data.
[1] SEV SNP Firmware ABI Specification, Rev. 0.8, 8.13.2.6
Signed-off-by: Michael Roth
---
target/i386/sev.c
From: Brijesh Singh
OVMF reserves various pages so they can be pre-initialized/validated
prior to launching the guest. Add support for populating these pages
with the expected content.
Signed-off-by: Brijesh Singh
Signed-off-by: Michael Roth
---
target/i386/sev.c | 75
Signed-off-by: Michael Roth
---
scripts/update-linux-headers.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh
index 579b03dc82..b992ed7b15 100755
--- a/scripts/update-linux-headers.sh
+++ b/scripts/update
to retieve the SEV
metadata pointer from the OVMF GUID list.
Signed-off-by: Brijesh Singh
Signed-off-by: Michael Roth
---
hw/i386/pc_sysfw_ovmf.c | 33 +
include/hw/i386/pc.h| 26 ++
2 files changed, 59 insertions(+)
diff --git a/hw
don't
continue trying to re-sync vCPU data during guest runtime.
Signed-off-by: Michael Roth
---
target/i386/sev.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 4155342e72..4d862eef78 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -97
From: Brijesh Singh
Process any queued up launch data and encrypt/measure it into the SNP
guest instance prior to initial guest launch.
Signed-off-by: Brijesh Singh
Co-authored-by: Michael Roth
Signed-off-by: Michael Roth
---
target/i386/sev.c| 101
From: Brijesh Singh
The SNP_LAUNCH_START is called first to create a cryptographic launch
context within the firmware.
Signed-off-by: Brijesh Singh
Signed-off-by: Michael Roth
---
target/i386/sev.c| 42 +++-
target/i386/trace-events | 1 +
2 files
ected format.
Add a certs-path parameter to the sev-snp-guest object so that it can
be used to inject any certificate data into these Extended Guest
Requests.
Signed-off-by: Michael Roth
---
qapi/qom.json | 7 +++-
target/i386/sev.c | 85 +++
2
.
Signed-off-by: Michael Roth
---
target/i386/sev.c | 16
1 file changed, 16 insertions(+)
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 0c6a253138..b54422b28e 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -1560,6 +1560,18 @@ out_unmap:
return 0
handling KVM_EXIT_VMGEXIT events, and
then implement handling for Page State Change requests on top of that.
[1]
https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf
Signed-off-by: Michael Roth
---
target/i386/kvm/kvm.c | 3 +
target/i386/sev.c
Signed-off-by: Michael Roth
---
accel/kvm/kvm-all.c | 2 +-
include/sysemu/kvm.h | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index b5872fdc07..bf0ae0c8ad 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -2913,7
For SEV-SNP guests, launch measurement is queried from within the guest
during attestation, so don't attempt to return it as part of
query-sev-launch-measure.
Signed-off-by: Michael Roth
---
target/i386/sev.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/target
guest update their handling of query-sev appropriately).
The corresponding HMP command has also been fixed up similarly.
Signed-off-by: Michael Roth
---
qapi/misc-target.json | 71 ++-
target/i386/sev.c | 50 --
target/i38
build
bisect breakage.
Signed-off-by: Michael Roth
---
scripts/update-linux-headers.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh
index a0006eec6f..579b03dc82 100755
--- a/scripts/update-linux-headers.sh
+++ b/scripts/u
SNP guests will rely on this bit to determine certain feature support.
Signed-off-by: Michael Roth
---
target/i386/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 33760a2ee1..3fdaac3472 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
SEV/SEV-ES rely on pinned memory to back guest RAM so discarding
isn't actually possible. With SNP, only guest_memfd pages are used
for private guest memory, so discarding of shared memory is still
possible, so only disable discard for SEV/SEV-ES.
Signed-off-by: Michael Roth
---
target
SNP does not support SMM.
Signed-off-by: Michael Roth
---
target/i386/sev.c | 8
1 file changed, 8 insertions(+)
diff --git a/target/i386/sev.c b/target/i386/sev.c
index b06c796aae..134e8f7c22 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -881,6 +881,7 @@ static int
SNP requires guest_memfd for private guest memory, so enable it so that
the appropriate guest_memfd backend will be available for normal RAM
regions.
Signed-off-by: Michael Roth
---
target/i386/sev.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/sev.c b/target/i386/sev.c
using guest attestation instead.
Signed-off-by: Michael Roth
---
target/i386/sev.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 774262d834..e4deb7b41e 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -989,9 +989,17
memory.
Signed-off-by: Michael Roth
---
target/i386/sev.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 61af312a11..774262d834 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -982,7 +982,15 @@ static int
An SNP VM requires VM type KVM_X86_SNP_VM to be passed to
kvm_ioctl(KVM_CREATE_VM). Add it to the list of supported VM types, and
return it appropriately via X86ConfidentialGuestClass->kvm_type().
Signed-off-by: Michael Roth
---
target/i386/kvm/kvm.c | 1 +
target/i386/sev.c |
Add a simple helper to check if the current guest type is SNP. Also have
SNP-enabled imply that SEV-ES is enabled as well, and fix up any places
where the sev_es_enabled() check is expecting a pure/non-SNP guest.
Signed-off-by: Michael Roth
---
target/i386/sev.c | 13 -
target/i386
bs may be up to 4096 characters, but this is
generally well below the default limit for linux hosts where
command-line sizes are defined by the sysconf-configurable ARG_MAX
value, which defaults to 2097152 characters for Ubuntu hosts, for
example.
Signed-off-by: Brijesh Singh
Co-developed-by: Michael Ro
TODO: Either apply this in advance of sevinit2 patches, or drop this in
favor of a separate preceeding sync of 6.8 kvm-next.
A separate standalone linux-headers sync will be used instead.
Signed-off-by: Michael Roth
---
linux-headers/asm-x86/kvm.h | 8
linux-headers/linux/kvm.h | 2
erally used as the name for local variables holding a
pointer to the 'sev-guest' instance. In cases where that now points
to common state, use the name 'sev_common'; in cases where that now
points to state specific to &
1 - 100 of 3724 matches
Mail list logo
