[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3fe8b6d0-f01f-ea12-c04e-1e69a8697e19@amd.com>
Date: Wed, 14 Aug 2024 09:44:32 +0530
From: "Nikunj A. Dadhania" <nikunj@....com>
To: linux-kernel@...r.kernel.org, thomas.lendacky@....com, bp@...en8.de,
x86@...nel.org
Cc: mingo@...hat.com, tglx@...utronix.de, dave.hansen@...ux.intel.com,
pgonda@...gle.com, seanjc@...gle.com, pbonzini@...hat.com,
kvm@...r.kernel.org
Subject: Re: [PATCH v11 00/20] Add Secure TSC support for SNP guests
On 7/31/2024 8:37 PM, Nikunj A Dadhania wrote:
> This patchset is also available at:
>
> https://github.com/AMDESE/linux-kvm/tree/sectsc-guest-latest
>
> and is based on v6.11-rc1
>
> Overview
> --------
>
> Secure TSC allows guests to securely use RDTSC/RDTSCP instructions as the
> parameters being used cannot be changed by hypervisor once the guest is
> launched. More details in the AMD64 APM Vol 2, Section "Secure TSC".
>
> In order to enable secure TSC, SEV-SNP guests need to send TSC_INFO guest
> message before the APs are booted. Details from the TSC_INFO response will
> then be used to program the VMSA before the APs are brought up. See "SEV
> Secure Nested Paging Firmware ABI Specification" document (currently at
> https://www.amd.com/system/files/TechDocs/56860.pdf) section "TSC Info"
>
> SEV-guest driver has the implementation for guest and AMD Security
> Processor communication. As the TSC_INFO needs to be initialized during
> early boot before APs are started, move the guest messaging code from
> sev-guest driver to sev/core.c and provide well defined APIs to the
> sev-guest driver.
>
> Patches:
> 01-04: sev-guest driver cleanup and enhancements
> 05: Use AES GCM library
> 06-07: SNP init error handling and cache secrets page address
> 08-10: Preparatory patches for code movement
> 11-12: Patches moving SNP guest messaging code from SEV guest driver to
> SEV common code
> 13-20: SecureTSC enablement patches.
>
> Testing SecureTSC
> -----------------
>
> SecureTSC hypervisor patches based on top of SEV-SNP Guest MEMFD series:
> https://github.com/AMDESE/linux-kvm/tree/sectsc-host-latest
>
> QEMU changes:
> https://github.com/nikunjad/qemu/tree/snp-securetsc-latest
>
> QEMU commandline SEV-SNP with SecureTSC:
>
> qemu-system-x86_64 -cpu EPYC-Milan-v2 -smp 4 \
> -object memory-backend-memfd,id=ram1,size=1G,share=true,prealloc=false,reserve=false \
> -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,secure-tsc=on \
> -machine q35,confidential-guest-support=sev0,memory-backend=ram1 \
> ...
>
> Changelog:
> ----------
> v11:
> * Rebased on top of v6.11-rc1
> * Added Acked-by/Reviewed-by
> * Moved SEV Guest driver cleanups in the beginning of the series
> * Commit message updates
> * Enforced PAGE_SIZE constraints for snp_guest_msg
> * After offline discussion with Boris, redesigned and exported
> SEV guest messaging APIs to sev-guest driver
> * Dropped VMPCK rework patches
> * Make sure movement of SEV core routines does not break the SEV Guest
> driver midway of the series.
>
A gentle reminder.
Regards
Nikunj
Powered by blists - more mailing lists