Skip to content
Snippets Groups Projects
Select Git revision
  • feature/libtcg-rebase default protected
1 result
Search by author
  • Any Author
  • Anton Anton anjo
1 author
  1. Jul 18, 2022
  3. Jun 24, 2022
  5. May 13, 2022
  7. Mar 15, 2022
  9. Feb 17, 2022
  11. Jan 21, 2022
  13. Dec 10, 2021
  15. Jul 09, 2021
  17. Jun 17, 2021
  19. Jun 01, 2021
    • Brijesh Singh's avatar
      target/i386/sev: add support to query the attestation report · 3ea1a802
      Brijesh Singh authored 
      
The SEV FW >= 0.23 added a new command that can be used to query the
attestation report containing the SHA-256 digest of the guest memory
and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK.

Note, we already have a command (LAUNCH_MEASURE) that can be used to
query the SHA-256 digest of the guest memory encrypted through the
LAUNCH_UPDATE. The main difference between previous and this command
is that the report is signed with the PEK and unlike the LAUNCH_MEASURE
command the ATTESATION_REPORT command can be called while the guest
is running.

Add a QMP interface "query-sev-attestation-report" that can be used
to get the report encoded in base64.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Tom Lendacky <Thomas.Lendacky@amd.com>
Cc: Eric Blake <eblake@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org
Reviewed-by: default avatarJames Bottomley <jejb@linux.ibm.com>
Tested-by: default avatarJames Bottomley <jejb@linux.ibm.com>
Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
Reviewed-by: default avatarConnor Kuehl <ckuehl@redhat.com>
Message-Id: <20210429170728.24322-1-brijesh.singh@amd.com>
Signed-off-by: default avatarEduardo Habkost <ehabkost@redhat.com>
      3ea1a802
  21. Jan 21, 2021
  23. Nov 01, 2020
  25. Oct 08, 2020
  27. Sep 29, 2020
  29. Jul 10, 2020
  31. Jun 18, 2020
  33. Apr 28, 2020
  35. Feb 26, 2020
  37. Jan 08, 2020
  39. Dec 16, 2019
  41. Oct 15, 2019
  43. Sep 16, 2019
    • Wanpeng Li's avatar
      i386/kvm: support guest access CORE cstate · d38d201f
      Wanpeng Li authored 
      
Allow guest reads CORE cstate when exposing host CPU power management capabilities
to the guest. PKG cstate is restricted to avoid a guest to get the whole package
information in multi-tenant scenario.

Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: default avatarWanpeng Li <wanpengli@tencent.com>
Message-Id: <1563154124-18579-1-git-send-email-wanpengli@tencent.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      d38d201f
  45. Jun 21, 2019
    • Liran Alon's avatar
      linux-headers: sync with latest KVM headers from Linux 5.2 · 1d33bea4
      Liran Alon authored 
      
Improve the KVM_{GET,SET}_NESTED_STATE structs by detailing the format
of VMX nested state data in a struct.

In order to avoid changing the ioctl values of
KVM_{GET,SET}_NESTED_STATE, there is a need to preserve
sizeof(struct kvm_nested_state). This is done by defining the data
struct as "data.vmx[0]". It was the most elegant way I found to
preserve struct size while still keeping struct readable and easy to
maintain. It does have a misfortunate side-effect that now it has to be
accessed as "data.vmx[0]" rather than just "data.vmx".

Because we are already modifying these structs, I also modified the
following:
* Define the "format" field values as macros.
* Rename vmcs_pa to vmcs12_pa for better readability.

Signed-off-by: default avatarLiran Alon <liran.alon@oracle.com>
Reviewed-by: default avatarMaran Wilson <maran.wilson@oracle.com>
Message-Id: <20190619162140.133674-7-liran.alon@oracle.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      1d33bea4
  47. May 21, 2019
  49. Apr 25, 2019
  51. Feb 04, 2019
  53. Oct 19, 2018
  55. Oct 12, 2018
  57. Aug 20, 2018
  59. Jun 22, 2018
  61. Jun 01, 2018
  63. May 23, 2018
  65. Mar 13, 2018
  67. Jan 22, 2018
  69. Dec 13, 2017
  71. Sep 29, 2017
  73. Sep 05, 2017