mirror of
https://git.proxmox.com/git/qemu-server
synced 2025-08-14 02:01:15 +00:00
5d7288a415
This patch is for enabling AMD SEV (Secure Encrypted Virtualization) support in QEMU. VM-Config-Examples: amd_sev: type=std,no-debug=1,no-key-sharing=1 amd_sev: es,no-debug=1,kernel-hashes=1 kernel-hashes, reduced-phys-bits & cbitpos correspond to the variables with the same name in QEMU. kernel-hashes=1 adds kernel hashes to enable measured linux kernel launch since it is per default off for backward compatibility. reduced-phys-bios and cbitpos are system specific and are read out by the query-machine-capabilities c program and saved to the /run/qemu-server/host-hw-capabilities.json file. This file is parsed and than used by qemu-server to correctly start a AMD SEV VM. type=std stands for standard sev to differentiate it from sev-es (es) or sev-snp (snp) when support is upstream. QEMU's sev-guest policy gets calculated with the parameters no-debug & no-key-sharing. These parameters correspond to policy-bits 0 & 1. If type is 'es' than policy-bit 2 gets set to 1 to activate SEV-ES. Policy bit 3 (nosend) is always set to 1, because migration features for sev are not upstream yet and are attackable. SEV-ES is highly experimental since it could not be tested. see coherent doc patch Signed-off-by: Markus Frank <m.frank@proxmox.com> Reviewed-by: Fiona Ebner <f.ebner@proxmox.com> |
||
|---|---|---|
| debian | ||
| PVE | ||
| qemu-configs | ||
| qmeventd | ||
| query-machine-capabilities | ||
| test | ||
| vm-network-scripts | ||
| .gitignore | ||
| bootsplash.jpg | ||
| bootsplash.xcf | ||
| Makefile | ||
| modules-load.conf | ||
| qm | ||
| qmextract | ||
| qmrestore | ||
