mirror of
https://git.proxmox.com/git/qemu-server
synced 2025-08-05 18:36:21 +00:00
5d7288a415
This patch is for enabling AMD SEV (Secure Encrypted Virtualization) support in QEMU. VM-Config-Examples: amd_sev: type=std,no-debug=1,no-key-sharing=1 amd_sev: es,no-debug=1,kernel-hashes=1 kernel-hashes, reduced-phys-bits & cbitpos correspond to the variables with the same name in QEMU. kernel-hashes=1 adds kernel hashes to enable measured linux kernel launch since it is per default off for backward compatibility. reduced-phys-bios and cbitpos are system specific and are read out by the query-machine-capabilities c program and saved to the /run/qemu-server/host-hw-capabilities.json file. This file is parsed and than used by qemu-server to correctly start a AMD SEV VM. type=std stands for standard sev to differentiate it from sev-es (es) or sev-snp (snp) when support is upstream. QEMU's sev-guest policy gets calculated with the parameters no-debug & no-key-sharing. These parameters correspond to policy-bits 0 & 1. If type is 'es' than policy-bit 2 gets set to 1 to activate SEV-ES. Policy bit 3 (nosend) is always set to 1, because migration features for sev are not upstream yet and are attackable. SEV-ES is highly experimental since it could not be tested. see coherent doc patch Signed-off-by: Markus Frank <m.frank@proxmox.com> Reviewed-by: Fiona Ebner <f.ebner@proxmox.com> |
||
|---|---|---|
| .. | ||
| Agent.pm | ||
| CGroup.pm | ||
| Cloudinit.pm | ||
| CPUConfig.pm | ||
| Drive.pm | ||
| Helpers.pm | ||
| ImportDisk.pm | ||
| Machine.pm | ||
| Makefile | ||
| Memory.pm | ||
| Monitor.pm | ||
| PCI.pm | ||
| QMPHelpers.pm | ||
| USB.pm | ||