f91f9f254b
Several architectures have mechanisms which are designed to protect guest memory from interference or eavesdropping by a compromised hypervisor. AMD SEV does this with in-chip memory encryption and Intel's TDX can do similar things. POWER's Protected Execution Framework (PEF) accomplishes a similar goal using an ultravisor and new memory protection features, instead of encryption. To (partially) unify handling for these, this introduces a new ConfidentialGuestSupport QOM base class. "Confidential" is kind of vague, but "confidential computing" seems to be the buzzword about these schemes, and "secure" or "protected" are often used in connection to unrelated things (such as hypervisor-from-guest or guest-from-guest security). The "support" in the name is significant because in at least some of the cases it requires the guest to take specific actions in order to protect itself from hypervisor eavesdropping. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> |
||
---|---|---|
.. | ||
hax | ||
hvf | ||
kvm | ||
tcg | ||
whpx | ||
arch_dump.c | ||
arch_memory_mapping.c | ||
cpu-dump.c | ||
cpu-param.h | ||
cpu-qom.h | ||
cpu.c | ||
cpu.h | ||
gdbstub.c | ||
helper.c | ||
helper.h | ||
machine.c | ||
meson.build | ||
monitor.c | ||
ops_sse_header.h | ||
ops_sse.h | ||
sev_i386.h | ||
sev-stub.c | ||
sev.c | ||
shift_helper_template.h | ||
svm.h | ||
trace-events | ||
trace.h | ||
xsave_helper.c |