Merge tag 'x86_sev_for_v6.11_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 SEV updates from Borislav Petkov:
- Add support for running the kernel in a SEV-SNP guest, over a Secure
VM Service Module (SVSM).
When running over a SVSM, different services can run at different
protection levels, apart from the guest OS but still within the
secure SNP environment. They can provide services to the guest, like
a vTPM, for example.
This series adds the required facilities to interface with such a
SVSM module.
- The usual fixlets, refactoring and cleanups
[ And as always: "SEV" is AMD's "Secure Encrypted Virtualization".
I can't be the only one who gets all the newer x86 TLA's confused,
can I?
- Linus ]
* tag 'x86_sev_for_v6.11_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
Documentation/ABI/configfs-tsm: Fix an unexpected indentation silly
x86/sev: Do RMP memory coverage check after max_pfn has been set
x86/sev: Move SEV compilation units
virt: sev-guest: Mark driver struct with __refdata to prevent section mismatch
x86/sev: Allow non-VMPL0 execution when an SVSM is present
x86/sev: Extend the config-fs attestation support for an SVSM
x86/sev: Take advantage of configfs visibility support in TSM
fs/configfs: Add a callback to determine attribute visibility
sev-guest: configfs-tsm: Allow the privlevel_floor attribute to be updated
virt: sev-guest: Choose the VMPCK key based on executing VMPL
x86/sev: Provide guest VMPL level to userspace
x86/sev: Provide SVSM discovery support
x86/sev: Use the SVSM to create a vCPU when not in VMPL0
x86/sev: Perform PVALIDATE using the SVSM when not at VMPL0
x86/sev: Use kernel provided SVSM Calling Areas
x86/sev: Check for the presence of an SVSM in the SNP secrets page
x86/irqflags: Provide native versions of the local_irq_save()/restore()
Showing
- Documentation/ABI/testing/configfs-tsm 63 additions, 0 deletionsDocumentation/ABI/testing/configfs-tsm
- Documentation/ABI/testing/sysfs-devices-system-cpu 12 additions, 0 deletionsDocumentation/ABI/testing/sysfs-devices-system-cpu
- Documentation/arch/x86/amd-memory-encryption.rst 28 additions, 1 deletionDocumentation/arch/x86/amd-memory-encryption.rst
- Documentation/virt/coco/sev-guest.rst 11 additions, 0 deletionsDocumentation/virt/coco/sev-guest.rst
- arch/x86/boot/compressed/sev.c 70 additions, 16 deletionsarch/x86/boot/compressed/sev.c
- arch/x86/coco/Makefile 1 addition, 0 deletionsarch/x86/coco/Makefile
- arch/x86/coco/sev/Makefile 15 additions, 0 deletionsarch/x86/coco/sev/Makefile
- arch/x86/coco/sev/core.c 377 additions, 72 deletionsarch/x86/coco/sev/core.c
- arch/x86/coco/sev/shared.c 453 additions, 7 deletionsarch/x86/coco/sev/shared.c
- arch/x86/include/asm/cpufeatures.h 1 addition, 0 deletionsarch/x86/include/asm/cpufeatures.h
- arch/x86/include/asm/irqflags.h 20 additions, 0 deletionsarch/x86/include/asm/irqflags.h
- arch/x86/include/asm/msr-index.h 2 additions, 0 deletionsarch/x86/include/asm/msr-index.h
- arch/x86/include/asm/sev-common.h 18 additions, 0 deletionsarch/x86/include/asm/sev-common.h
- arch/x86/include/asm/sev.h 131 additions, 4 deletionsarch/x86/include/asm/sev.h
- arch/x86/include/uapi/asm/svm.h 1 addition, 0 deletionsarch/x86/include/uapi/asm/svm.h
- arch/x86/kernel/Makefile 0 additions, 6 deletionsarch/x86/kernel/Makefile
- arch/x86/mm/mem_encrypt_amd.c 7 additions, 1 deletionarch/x86/mm/mem_encrypt_amd.c
- arch/x86/virt/svm/sev.c 22 additions, 22 deletionsarch/x86/virt/svm/sev.c
- drivers/virt/coco/sev-guest/sev-guest.c 205 additions, 6 deletionsdrivers/virt/coco/sev-guest/sev-guest.c
- drivers/virt/coco/tdx-guest/tdx-guest.c 25 additions, 1 deletiondrivers/virt/coco/tdx-guest/tdx-guest.c
Please register or sign in to comment