[v12,46/46] virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement

From: Michael Roth <michael.roth@amd.com>

Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com;
From: Brijesh Singh <brijesh.singh@amd.com>
To: <x86@kernel.org>, <linux-kernel@vger.kernel.org>,
        <kvm@vger.kernel.org>, <linux-efi@vger.kernel.org>,
        <platform-driver-x86@vger.kernel.org>,
        <linux-coco@lists.linux.dev>, <linux-mm@kvack.org>
CC: Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Joerg Roedel <jroedel@suse.de>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Ard Biesheuvel <ardb@kernel.org>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <seanjc@google.com>,
        "Vitaly Kuznetsov" <vkuznets@redhat.com>,
        Jim Mattson <jmattson@google.com>,
        "Andy Lutomirski" <luto@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Sergio Lopez <slp@redhat.com>, Peter Gonda <pgonda@google.com>,
        "Peter Zijlstra" <peterz@infradead.org>,
        Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>,
        David Rientjes <rientjes@google.com>,
        Dov Murik <dovmurik@linux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@ibm.com>,
        Borislav Petkov <bp@alien8.de>,
        Michael Roth <michael.roth@amd.com>,
        Vlastimil Babka <vbabka@suse.cz>,
        "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
        Andi Kleen <ak@linux.intel.com>,
        "Dr . David Alan Gilbert" <dgilbert@redhat.com>,
        <brijesh.ksingh@gmail.com>, <tony.luck@intel.com>,
        <marcorr@google.com>, <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Brijesh Singh <brijesh.singh@amd.com>
Subject: [PATCH v12 46/46] virt: sevguest: Add documentation for SEV-SNP CPUID
 Enforcement
Date: Mon, 7 Mar 2022 15:33:56 -0600
Message-ID: <20220307213356.2797205-47-brijesh.singh@amd.com>
In-Reply-To: <20220307213356.2797205-1-brijesh.singh@amd.com>
References: <20220307213356.2797205-1-brijesh.singh@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Mar 2022 21:35:40.4471
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 2bda279a-0d38-41a5-283e-08da00826d46
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 BN8NAM11FT015.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3479
Precedence: bulk
List-ID: <linux-efi.vger.kernel.org>
X-Mailing-List: linux-efi@vger.kernel.org

Message ID	20220307213356.2797205-47-brijesh.singh@amd.com
State	New
Headers	show Return-Path: <linux-efi-owner@kernel.org> Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; From: Brijesh Singh <brijesh.singh@amd.com> To: <x86@kernel.org>, <linux-kernel@vger.kernel.org>, <kvm@vger.kernel.org>, <linux-efi@vger.kernel.org>, <platform-driver-x86@vger.kernel.org>, <linux-coco@lists.linux.dev>, <linux-mm@kvack.org> CC: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Joerg Roedel <jroedel@suse.de>, Tom Lendacky <thomas.lendacky@amd.com>, "H. Peter Anvin" <hpa@zytor.com>, Ard Biesheuvel <ardb@kernel.org>, Paolo Bonzini <pbonzini@redhat.com>, Sean Christopherson <seanjc@google.com>, "Vitaly Kuznetsov" <vkuznets@redhat.com>, Jim Mattson <jmattson@google.com>, "Andy Lutomirski" <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, Sergio Lopez <slp@redhat.com>, Peter Gonda <pgonda@google.com>, "Peter Zijlstra" <peterz@infradead.org>, Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>, David Rientjes <rientjes@google.com>, Dov Murik <dovmurik@linux.ibm.com>, Tobin Feldman-Fitzthum <tobin@ibm.com>, Borislav Petkov <bp@alien8.de>, Michael Roth <michael.roth@amd.com>, Vlastimil Babka <vbabka@suse.cz>, "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>, Andi Kleen <ak@linux.intel.com>, "Dr . David Alan Gilbert" <dgilbert@redhat.com>, <brijesh.ksingh@gmail.com>, <tony.luck@intel.com>, <marcorr@google.com>, <sathyanarayanan.kuppuswamy@linux.intel.com>, Brijesh Singh <brijesh.singh@amd.com> Subject: [PATCH v12 46/46] virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement Date: Mon, 7 Mar 2022 15:33:56 -0600 Message-ID: <20220307213356.2797205-47-brijesh.singh@amd.com> In-Reply-To: <20220307213356.2797205-1-brijesh.singh@amd.com> References: <20220307213356.2797205-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: bulk
Series	Add AMD Secure Nested Paging (SEV-SNP) Guest Support \| expand [v12,00/46] Add AMD Secure Nested Paging (SEV-SNP) Guest Support [v12,02/46] KVM: SVM: Create a separate mapping for the SEV-ES save area [v12,03/46] KVM: SVM: Create a separate mapping for the GHCB save area [v12,04/46] KVM: SVM: Update the SEV-ES save area mapping [v12,05/46] x86/boot: Introduce helpers for MSR reads/writes [v12,06/46] x86/boot: Use MSR read/write helpers instead of inline assembly [v12,07/46] x86/compressed/64: Detect/setup SEV/SME features earlier in boot [v12,08/46] x86/sev: Detect/setup SEV/SME features earlier in boot [v12,09/46] x86/mm: Extend cc_attr to include AMD SEV-SNP [v12,10/46] x86/sev: Define the Linux specific guest termination reasons [v12,11/46] x86/sev: Save the negotiated GHCB version [v12,12/46] x86/sev: Check SEV-SNP features support [v12,13/46] x86/sev: Add a helper for the PVALIDATE instruction [v12,14/46] x86/sev: Check the vmpl level [v12,15/46] x86/compressed: Add helper for validating pages in the decompression stage [v12,16/46] x86/compressed: Register GHCB memory when SEV-SNP is active [v12,17/46] x86/sev: Register GHCB memory when SEV-SNP is active [v12,18/46] x86/sev: Add helper for validating pages in early enc attribute changes [v12,19/46] x86/kernel: Make the .bss..decrypted section shared in RMP table [v12,20/46] x86/kernel: Validate ROM memory before accessing when SEV-SNP is active [v12,21/46] x86/mm: Validate memory when changing the C-bit [v12,22/46] x86/sev: Use SEV-SNP AP creation to start secondary CPUs [v12,23/46] x86/head/64: Re-enable stack protection [v12,24/46] x86/compressed/acpi: Move EFI detection to helper [v12,25/46] x86/compressed/acpi: Move EFI system table lookup to helper [v12,26/46] x86/compressed/acpi: Move EFI config table lookup to helper [v12,27/46] x86/compressed/acpi: Move EFI vendor table lookup to helper [v12,28/46] x86/compressed/acpi: Move EFI kexec handling into common code [v12,29/46] x86/boot: Add Confidential Computing type to setup_data [v12,30/46] KVM: x86: Move lookup of indexed CPUID leafs to helper [v12,31/46] x86/sev: Move MSR-based VMGEXITs for CPUID to helper [v12,32/46] x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers [v12,33/46] x86/boot: Add a pointer to Confidential Computing blob in bootparams [v12,34/46] x86/compressed: Add SEV-SNP feature detection/setup [v12,35/46] x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests [v12,36/46] x86/compressed: Export and rename add_identity_map() [v12,37/46] x86/compressed/64: Add identity mapping for Confidential Computing blob [v12,38/46] x86/sev: Add SEV-SNP feature detection/setup [v12,39/46] x86/sev: Use firmware-validated CPUID for SEV-SNP guests [v12,40/46] x86/sev: add sev=debug cmdline option to dump SNP CPUID table [v12,41/46] x86/sev: Provide support for SNP guest request NAEs [v12,42/46] x86/sev: Register SEV-SNP guest request platform device [v12,43/46] virt: Add SEV-SNP guest driver [v12,44/46] virt: sevguest: Add support to derive key [v12,45/46] virt: sevguest: Add support to get extended report [v12,46/46] virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement [v12,43.1/46] virt: Add SEV-SNP guest driver

[v12,46/46] virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement

Commit Message

Comments

Patch