c7f7e6970d
AMD SEV allows a guest owner to inject a secret blob into the memory of a virtual machine. The secret is encrypted with the SEV Transport Encryption Key and integrity is guaranteed with the Transport Integrity Key. Although QEMU facilitates the injection of the launch secret, it cannot access the secret. Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Message-Id: <20201027170303.47550-1-tobin@linux.ibm.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
24 lines
603 B
C
24 lines
603 B
C
/*
|
|
* QEMU Secure Encrypted Virutualization (SEV) support
|
|
*
|
|
* Copyright: Advanced Micro Devices, 2016-2018
|
|
*
|
|
* Authors:
|
|
* Brijesh Singh <brijesh.singh@amd.com>
|
|
*
|
|
* This work is licensed under the terms of the GNU GPL, version 2 or later.
|
|
* See the COPYING file in the top-level directory.
|
|
*
|
|
*/
|
|
|
|
#ifndef QEMU_SEV_H
|
|
#define QEMU_SEV_H
|
|
|
|
#include "sysemu/kvm.h"
|
|
|
|
void *sev_guest_init(const char *id);
|
|
int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len);
|
|
int sev_inject_launch_secret(const char *hdr, const char *secret,
|
|
uint64_t gpa, Error **errp);
|
|
#endif
|