Lines Matching refs:VM
7 the confidentiality and integrity of data in the VM's memory, even in the
9 CoCo VMs on Hyper-V share the generic CoCo VM threat model and security
14 A Linux CoCo VM on Hyper-V requires the cooperation and interaction of the
21 * The VM runs a version of Linux that supports being a CoCo VM
27 VM on Hyper-V.
31 To create a CoCo VM, the "Isolated VM" attribute must be specified to Hyper-V
32 when the VM is created. A VM cannot be changed from a CoCo VM to a normal VM,
37 Hyper-V CoCo VMs can run in two modes. The mode is selected when the VM is
38 created and cannot be changed during the life of the VM.
41 enlightened to understand and manage all aspects of running as a CoCo VM.
44 host provides some operations needed to run as a CoCo VM. The guest operating
50 as a CoCo VM. Fully-enlightened mode is one end of the spectrum. A full
52 aspects of running as a CoCo VM are handled by the paravisor, and a normal
71 In the CoCo VM threat model, the paravisor is in the guest security domain
89 L1 VM. In paravisor mode, TD partitioning is used. The paravisor runs in the
90 L1 VM, and the guest OS runs in a nested L2 VM.
101 CoCo VM functionality:
103 * Initial guest memory setup. When a new VM is created in paravisor mode, the
111 CoCo VM to route #VC and #VE exceptions to VMPL 0 and the L1 VM,
117 guest indicating that the VM is operating with the respective hardware
124 to selectively enable aspects of CoCo VM functionality even when the CPUID
127 mode VM achieves the desired effect or not running SEV-SNP specific early
135 VM. The __ioremap_caller() function has been enhanced to make a callback to
139 * Encrypt/decrypt memory transitions. In a CoCo VM, transitioning guest
161 directly to the hypervisor, just as in a non-CoCo VM. But in paravisor mode,
209 CoCo VM have not been hardened, and they are not allowed to load in a CoCo
210 VM. See vmbus_is_valid_offer() where such devices are excluded.
225 Finally, the VMBus virtual PCI driver needs special handling in a CoCo VM.
230 emulate the access. So in a CoCo VM, these functions must make a hypercall
248 handler to fixup this case. But a CoCo VM running on Hyper-V may be