Lines Matching full:guest
98 __u16 ghcb_version; /* maximum guest GHCB version allowed */
108 requests. If ``ghcb_version`` is 0 for any other guest type, then the maximum
109 allowed guest GHCB protocol will default to version 2.
133 context. To create the encryption context, user must provide a guest policy,
144 __u32 policy; /* guest's policy */
146 … __u64 dh_uaddr; /* userspace address pointing to the guest owner's PDH key */
149 … __u64 session_addr; /* userspace address which points to the guest session information */
164 of the memory contents that can be sent to the guest owner as an attestation
184 data encrypted by the KVM_SEV_LAUNCH_UPDATE_DATA command. The guest owner may
185 wait to provide the guest with confidential information until it can verify the
186 measurement. Since the guest owner knows the initial contents of the guest at
187 boot, the measurement can be verified by comparing it to what the guest owner
210 issued to make the guest ready for the execution.
218 SEV-enabled guest.
227 __u32 handle; /* guest handle */
228 __u32 policy; /* guest policy */
229 __u8 state; /* guest state (see enum below) */
232 SEV guest state:
238 SEV_STATE_LAUNCHING, /* guest is currently being launched */
239 … SEV_STATE_SECRET, /* guest is being launched and ready to accept the ciphertext data */
240 SEV_STATE_RUNNING, /* guest is fully launched and running */
241 SEV_STATE_RECEIVING, /* guest is being migrated in from another SEV machine */
242 SEV_STATE_SENDING /* guest is getting migrated out to another SEV machine */
263 The command returns an error if the guest policy does not allow debugging.
283 The command returns an error if the guest policy does not allow debugging.
289 data after the measurement has been validated by the guest owner.
301 … __u64 guest_uaddr; /* the guest memory region where the secret should be injected */
312 report containing the SHA-256 digest of the guest memory and VMSA passed through the KVM_SEV_LAUNCH
314 used by the guest owner with the KVM_SEV_LAUNCH_MEASURE.
336 outgoing guest encryption context.
338 If session_len is zero on entry, the length of the guest session information is
348 __u32 policy; /* guest policy */
359 __u64 session_uaddr; /* Guest session information */
367 outgoing guest memory region with the encryption context creating using
412 context for an incoming SEV guest. To create the encryption context, the user must
413 provide a guest policy, the platform public Diffie-Hellman (PDH) key and session
424 __u32 policy; /* guest's policy */
429 … __u64 session_uaddr; /* userspace address which points to the guest session information */
441 the incoming buffers into the guest memory region with encryption context
454 __u64 guest_uaddr; /* the destination guest memory region */
465 issued by the hypervisor to make the guest ready for execution.
473 context for the SEV-SNP guest. It must be called prior to issuing
483 __u64 policy; /* Guest policy to use. */
484 __u8 gosvw[16]; /* Guest OS visible workarounds. */
497 data into a guest GPA range, measuring the contents into the SNP guest context
500 associated with the guest context once it is booted, after which point it can
525 __u64 gfn_start; /* Guest page number to load/encrypt data into. */
527 __u64 len; /* 4k-aligned length in bytes to copy into guest memory.*/
528 __u8 type; /* The type of the guest pages being initialized. */
550 After completion of the SNP guest launch flow, the KVM_SEV_SNP_LAUNCH_FINISH
551 command can be issued to make the guest ready for execution.
590 The SEV guest key management is handled by a separate processor called the AMD
593 encrypting bootstrap code, snapshot, migrating and debugging the guest. For more