amd-memory-encryption.rst - OpenGrok cross reference for /linux-6.14.4/Documentation/arch/x86/amd-memory-encryption.rst

Lines Matching +full:inside +full:- +full:secure
1 .. SPDX-License-Identifier: GPL-2.0
7 Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) are
19 memory. Private memory is encrypted with the guest-specific key, while shared
37 as private. All the DMA operations inside the guest must be performed on shared
39 is operating in 64-bit or 32-bit PAE mode, in all other modes the SEV hardware
78 	- Supported:
81 	- Enabled:
84 	- Active:
87 	  kernel is non-zero).
99 Secure Nested Paging (SNP)
102 SEV-SNP introduces new features (SEV_FEATURES[1:63]) which can be enabled
108 +-----------------+---------------+---------------+------------------+
114 +-----------------+---------------+---------------+------------------+
117 +-----------------+---------------+---------------+------------------+
120 +-----------------+---------------+---------------+------------------+
123 +-----------------+---------------+---------------+------------------+
126 +-----------------+---------------+---------------+------------------+
129 +-----------------+---------------+---------------+------------------+
136 The RMP is a structure in system memory that is used to ensure a one-to-one
145 --------------
147 Support for this form of the RMP is present when support for SEV-SNP is
151 		Bit[4] indicates support for SEV-SNP
167 SEV-SNP guests. The RMP covers the system physical address from::
169         0 to ((RMP_END + 1 - RMP_BASE - 16KB) / 16B) x 4KB.
174 cover all of system memory in order for Linux to enable SEV-SNP.
177 -------------
224 segment table (RST). Each entry in the RST is 8-bytes in size and represents
232                     This address is left shift 20-bits (or just masked when
245 SEV-SNP.
250 Secure VM Service Module (SVSM)
260 levels, apart from the guest OS but still within the secure SNP environment.
264 running at VMPL0 to perform privileged operations or to interact with secure
268 In this scenario, the software running at VMPL0 is usually called a Secure VM
270 with it is documented in "Secure VM Service Module for SEV-SNP Guests", docID:
273 (Latest versions of the above-mentioned documents can be found by using
276   site:amd.com "Secure VM Service Module for SEV-SNP Guests", docID: 58019