1Confidential Guest Support 2========================== 3 4Traditionally, hypervisors such as QEMU have complete access to a 5guest's memory and other state, meaning that a compromised hypervisor 6can compromise any of its guests. A number of platforms have added 7mechanisms in hardware and/or firmware which give guests at least some 8protection from a compromised hypervisor. This is obviously 9especially desirable for public cloud environments. 10 11These mechanisms have different names and different modes of 12operation, but are often referred to as Secure Guests or Confidential 13Guests. We use the term "Confidential Guest Support" to distinguish 14this from other aspects of guest security (such as security against 15attacks from other guests, or from network sources). 16 17Running a Confidential Guest 18---------------------------- 19 20To run a confidential guest you need to add two command line parameters: 21 221. Use ``-object`` to create a "confidential guest support" object. The 23 type and parameters will vary with the specific mechanism to be 24 used 252. Set the ``confidential-guest-support`` machine parameter to the ID of 26 the object from (1). 27 28Example (for AMD SEV):: 29 30 qemu-system-x86_64 \ 31 <other parameters> \ 32 -machine ...,confidential-guest-support=sev0 \ 33 -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1 34 35Supported mechanisms 36-------------------- 37 38Currently supported confidential guest mechanisms are: 39 40* AMD Secure Encrypted Virtualization (SEV) (see :doc:`i386/amd-memory-encryption`) 41* POWER Protected Execution Facility (PEF) (see :ref:`power-papr-protected-execution-facility-pef`) 42* s390x Protected Virtualization (PV) (see :doc:`s390x/protvirt`) 43 44Other mechanisms may be supported in future. 45