| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cover.1758308408.git.thomas.lendacky@amd.com> Date: Fri, 19 Sep 2025 14:00:04 -0500 From: Tom Lendacky <thomas.lendacky@....com> To: <kvm@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <x86@...nel.org>, <linux-crypto@...r.kernel.org> CC: Paolo Bonzini <pbonzini@...hat.com>, Sean Christopherson <seanjc@...gle.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>, "Thomas Gleixner" <tglx@...utronix.de>, Michael Roth <michael.roth@....com>, "Ashish Kalra" <ashish.kalra@....com>, Herbert Xu <herbert@...dor.apana.org.au>, "David Miller" <davem@...emloft.net> Subject: [RFC PATCH v2 0/4] SEV-SNP guest policy bit support updates This series aims to allow more flexibility in specifying SEV-SNP policy bits by improving discoverability of supported policy bits from userspace and enabling support for newer policy bits. - The first patch adds a new KVM_X86_GRP_SEV attribute group, KVM_X86_SNP_POLICY_BITS, that can be used to return the supported SEV-SNP policy bits. The initial support for this attribute will return the current KVM supported policy bitmask. - The next 3 patches provide for adding to the known SEV-SNP policy bits. Since some policy bits are dependent on specific levels of SEV firmware support, the CCP driver is updated to provide an API to return the supported policy bits. The supported policy bits bitmask used by KVM is generated by taking the policy bitmask returned by the CCP driver and ANDing it with the KVM supported policy bits. KVM supported policy bits are policy bits that do not require any specific implementation support from KVM to allow. This series has a prereq against the ciphertext hiding patches and so it is based on the ciphertext branch of the kvm-x86 repo. The series is based off of: https://github.com/kvm-x86/linux.git ciphertext --- Changes for v2: - Marked the KVM supported policy bits as read-only after init. Tom Lendacky (4): KVM: SEV: Publish supported SEV-SNP policy bits KVM: SEV: Consolidate the SEV policy bits in a single header file crypto: ccp - Add an API to return the supported SEV-SNP policy bits KVM: SEV: Add known supported SEV-SNP policy bits arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/svm/sev.c | 45 ++++++++++++++++++++------------- arch/x86/kvm/svm/svm.h | 3 --- drivers/crypto/ccp/sev-dev.c | 37 +++++++++++++++++++++++++++ include/linux/psp-sev.h | 39 ++++++++++++++++++++++++++++ 5 files changed, 105 insertions(+), 20 deletions(-) base-commit: 6c7c620585c6537dd5dcc75f972b875caf00f773 -- 2.46.2
Powered by blists - more mailing lists