system/i386/amd-memory-encryption.rst

4 Secure Encrypted Virtualization (SEV) is a feature found on AMD processors.
9 unencrypted version. Each encrypted VM is associated with a unique encryption
10 key; if its data is accessed by a different entity using a different key the
14 Key management for this feature is handled by a separate processor known as the
16 inside the AMD-SP provides commands to support a common VM lifecycle. This
22 support to additionally protect the guest register state. In order to allow a
23 hypervisor to perform functions on behalf of a guest, there is architectural
24 support for notifying a guest's operating system when certain types of VMEXITs
31 Boot images (such as bios) must be encrypted before a guest can be booted. The
34 together generate a fresh memory encryption key for the VM, encrypt the boot
35 images and provide a measurement than can be used as an attestation of a
38 For a SEV-ES guest, the ``LAUNCH_UPDATE_VMSA`` command is also used to encrypt the
41 ``LAUNCH_START`` is called first to create a cryptographic launch context within
42 the firmware. To create this context, guest owner must provide a guest policy,
44 should be treated as a binary blob and must be passed as-is to the SEV firmware.
48 in bad measurement). The guest policy is a 4-byte data structure containing
49 several flags that restricts what can be done on a running SEV guest.
57 Setting the "SEV-ES required" policy bit (bit 2) will launch the guest as a
64 establish a cryptographic session with the guest owner to negotiate keys used
78 ``LAUNCH_UPDATE_VMSA`` encrypts all the vCPU VMSAs for a SEV-ES guest using the
83 for a SEV-ES guest, encrypted VMSAs. This measurement is a signature of the
84 memory contents and, for a SEV-ES guest, the VMSA contents, that can be sent
95 See SEV API Spec ([SEVAPI]_) 'Launching a guest' usage flow (Appendix A) for the
98 To launch a SEV guest::
104 To launch a SEV-ES guest::
110 An SEV-ES guest has some restrictions as compared to a SEV guest. Because the
112 a SEV-ES guest:
116  - Does not support reboot - a system reset requires updating the guest register
148   example, ``OVMF.fd``).  Note that you must build a stateless firmware file
150   therefore it is not secure to use a firmware which uses state from an NVRAM
166 Boot images (such as bios) must be encrypted before a guest can be booted. The
169 three commands communicate with SEV-SNP firmware to generate a fresh memory
170 encryption key for the VM, encrypt the boot images for a successful launch. For
174 ``SNP_LAUNCH_START`` is called first to create a cryptographic launch context
175 within the firmware. To create this context, the guest owner must provide a
187 | policy                    | hex   | 0x30000  | a 64-bit guest policy        |
222 To launch a SEV-SNP guest (additional parameters are documented in the QAPI
233 Since the memory contents of a SEV guest are encrypted, hypervisor access to
235 then a hypervisor can use the DEBUG_DECRYPT and DEBUG_ENCRYPT commands to access