On Wed, Sep 14, 2016 at 01:46:09PM -0500, Brijesh Singh wrote:
> 7) Guest owner validates the measurement. If measurement matches then we are
> good to launch the guest. This should ensure that bootcode was not
> compromised by hypervisor.
As hypervisor can e.g. execute said code in any order (wit
Hi Michael,
Yes policy is described in chapter 3, page 23. I am open to separate the
fields.
Let me know if something like this works
sev-launch-rule,flags.ks=0,policy.dbg=0,policy.ks=0,policy.nosend=0,...
My question is, does all of it have to be sev specific?
For example, add a generic fla
On Wed, Sep 14, 2016 at 11:10:54AM -0500, Brijesh Singh wrote:
>
> I am open to idea and need direction on which way to go. I will work on
> documenting the parameters and usages. Should I consider implementing your
> below approach in v2 ?
>
> -object
> sev-launch-rule,flags=0,policy=0,dh_pub_
On Wed, Sep 14, 2016 at 11:10:54AM -0500, Brijesh Singh wrote:
>
> > > Various commands and parameters are documented [1]
> > >
> > > [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
> >
> > If I understand correctly, the docs describe the firmware
> > interface. The interface pro
Various commands and parameters are documented [1]
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
If I understand correctly, the docs describe the firmware
interface. The interface provided by QEMU is not the same thing,
and needs to be documented as well (even if it contains
On Wed, Sep 14, 2016 at 08:54:12AM -0300, Eduardo Habkost wrote:
> On Wed, Sep 14, 2016 at 09:30:51AM +0100, Daniel P. Berrange wrote:
> > On Tue, Sep 13, 2016 at 07:00:44PM -0300, Eduardo Habkost wrote:
> > > (CCing Daniel Berrange in case he has feedback on the
> > > nonce/dh_pub_qx/dh_pub_qy loa
On Wed, Sep 14, 2016 at 09:30:51AM +0100, Daniel P. Berrange wrote:
> On Tue, Sep 13, 2016 at 07:00:44PM -0300, Eduardo Habkost wrote:
> > (CCing Daniel Berrange in case he has feedback on the
> > nonce/dh_pub_qx/dh_pub_qy loading/parsing at the end of this
> > message)
> >
> > On Tue, Sep 13, 201
On Tue, Sep 13, 2016 at 10:47:47AM -0400, Brijesh Singh wrote:
> This patch adds the initial support required to integrate Secure
> Encrypted Virtualization feature, the patch include the following
> changes:
>
> - adds sev.c and sev.h files: the file will contain SEV APIs implemention.
> - add kv
On Tue, Sep 13, 2016 at 07:00:44PM -0300, Eduardo Habkost wrote:
> (CCing Daniel Berrange in case he has feedback on the
> nonce/dh_pub_qx/dh_pub_qy loading/parsing at the end of this
> message)
>
> On Tue, Sep 13, 2016 at 02:54:40PM -0500, Brijesh Singh wrote:
> > Hi Eduardo,
> >
> > On 09/13/20
(CCing Daniel Berrange in case he has feedback on the
nonce/dh_pub_qx/dh_pub_qy loading/parsing at the end of this
message)
On Tue, Sep 13, 2016 at 02:54:40PM -0500, Brijesh Singh wrote:
> Hi Eduardo,
>
> On 09/13/2016 10:58 AM, Eduardo Habkost wrote:
> > >
> > > A typical SEV config file looks
On Tue, Sep 13, 2016 at 02:54:40PM -0500, Brijesh Singh wrote:
> Hi Eduardo,
>
> On 09/13/2016 10:58 AM, Eduardo Habkost wrote:
> > >
> > > A typical SEV config file looks like this:
> > >
> >
> > Are those config options documented somewhere?
> >
>
> Various commands and parameters are docum
Hi Eduardo,
On 09/13/2016 10:58 AM, Eduardo Habkost wrote:
A typical SEV config file looks like this:
Are those config options documented somewhere?
Various commands and parameters are documented [1]
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
[sev-launch]
f
On Tue, Sep 13, 2016 at 10:47:47AM -0400, Brijesh Singh wrote:
> This patch adds the initial support required to integrate Secure
> Encrypted Virtualization feature, the patch include the following
> changes:
>
> - adds sev.c and sev.h files: the file will contain SEV APIs implemention.
> - add kv
This patch adds the initial support required to integrate Secure
Encrypted Virtualization feature, the patch include the following
changes:
- adds sev.c and sev.h files: the file will contain SEV APIs implemention.
- add kvm_sev_enabled(): similar to kvm_enabled() this function can be
used to ch
14 matches
Mail list logo
