1. Patchew
  2. QEMU
  3. View series

[PATCH 0/5] i386/sev: Add TCG-emulated AMD SEV guest support

Tommaso Califano posted 5 patches 2 weeks, 6 days ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20260317113840.33017-1-califano.tommaso@gmail.com
Maintainers: Richard Henderson <richard.henderson@linaro.org>, Paolo Bonzini <pbonzini@redhat.com>, Eric Blake <eblake@redhat.com>, Markus Armbruster <armbru@redhat.com>, "Daniel P. Berrangé" <berrange@redhat.com>, Zhao Liu <zhao1.liu@intel.com>, Marcelo Tosatti <mtosatti@redhat.com>
accel/tcg/tcg-all.c                  |  18 +-
qapi/qom.json                        |  19 ++
target/i386/cpu.h                    |   2 +
target/i386/sev.c                    | 404 +++++++++++++++++++++++++++
target/i386/sev.h                    |   4 +
target/i386/tcg/system/excp_helper.c |  31 ++
target/i386/tcg/system/misc_helper.c |  13 +
7 files changed, 490 insertions(+), 1 deletion(-)
[PATCH 0/5] i386/sev: Add TCG-emulated AMD SEV guest support
Posted by Tommaso Califano 2 weeks, 6 days ago 
From: Tommaso Califano <califano.tommaso@gmail.com>

QEMU's AMD SEV support currently requires KVM on expensive AMD EPYC
hardware, limiting development and testing of SEV-aware guest software to
users with server-grade machines.

This series introduces a TCG-emulated SEV guest mode that enables SEV
validation without hardware dependencies, focusing on functional testing
rather than reproducing the hardware’s cryptographic context.

The emulation exposes SEV from the guest's perspective:
 - Exposed CPUID leaf 0x8000001F to indicate active support.
 - Active bit 0 in MSR 0xc0010131 to enable SEV on the guest.
 - C-bit manipulation in PTEs/CR3 for paging consistency with the host.
 - Complete SEV attestation workflow for injecting secrets into guest
   memory (including direct kernel boot support).

The emulation uses a new QOM object "sev-emulated", derived from
"sev-guest", to maximize reuse of the existing SEV infrastructure while
maintaining a compiling dependency with KVM.
Below are the pros and cons of this choice.

In addition to inherited guest properties, two new ones are added (binary
files; default all-zero):
 - tik: 16-byte Transport Integrity Key (TIK) for measurement HMAC.
 - tek: 16-byte Transport Encryption Key (TEK) for secret payload
   decryption.

Code reuse benefits:
 - SEV detection via sev_enabled() and TYPE_SEV_COMMON object cast enables
   the required checks for emulation without adding new conditions to the
   codebase.
 - QAPI fields for query-sev/launch-measure inherited from SevCommonState
   and SevGuestState.
 - Identical QMP interface (query-sev, query-sev-launch-measure,
   sev-inject-launch-secret) as real SEV.
 - Shared state machine (sev_set_guest_state()); override backend vtable
   only (kvm_init → sev_emulated_init, launch_update_data, launch_finish,
   sev_launch_get_measure).

Trade-offs:
 - KVM linkage: sev-guest is KVM-centric; even if KVM is not used at
   runtime, its code is required for compilation, so it is not possible to
   use emulation with --disable-kvm.

Example usage:

	-cpu "EPYC-Milan" \
	-accel tcg \
	-object sev-emulated,id=sev0,cbitpos=47,reduced-phys-bits=1,\
		tik=/path/to/tik.bin,tek=/path/to/tek.bin \
	-machine memory-encryption=sev0

Build requirements:

	../qemu/configure --enable-gcrypt --enable-crypto-afalg

These provide libgcrypt support for crypto/hmac.h, crypto/cipher.h, and
crypto/random.h, used for:
 - HMAC-SHA256 launch measurement (TIK key).
 - Secret payload decryption (TEK key).
Note: --disable-kvm unsupported due to sev-guest inheritance (KVM code
linked, no runtime dependency).

Tommaso Califano (5):
  i386/sev: Add sev-emulated QOM object with TCG support
  target/i386: Add MSR SEV support and C-bit reset on TCG
  i386/sev: Implement SEV launch state sequence and query-sev
  i386/sev: Add launch measurement emulation and TIK property
  i386/sev: Implement emulated launch secret injection and TEK property

 accel/tcg/tcg-all.c                  |  18 +-
 qapi/qom.json                        |  19 ++
 target/i386/cpu.h                    |   2 +
 target/i386/sev.c                    | 404 +++++++++++++++++++++++++++
 target/i386/sev.h                    |   4 +
 target/i386/tcg/system/excp_helper.c |  31 ++
 target/i386/tcg/system/misc_helper.c |  13 +
 7 files changed, 490 insertions(+), 1 deletion(-)

-- 
2.53.0
Re: [PATCH 0/5] i386/sev: Add TCG-emulated AMD SEV guest support
Posted by Luigi Leonardi 2 weeks, 6 days ago 
On Tue, Mar 17, 2026 at 12:38:35PM +0100, Tommaso Califano wrote:
>From: Tommaso Califano <califano.tommaso@gmail.com>
>
>QEMU's AMD SEV support currently requires KVM on expensive AMD EPYC
>hardware, limiting development and testing of SEV-aware guest software to
>users with server-grade machines.
>
>This series introduces a TCG-emulated SEV guest mode that enables SEV
>validation without hardware dependencies, focusing on functional testing
>rather than reproducing the hardware’s cryptographic context.
>
>The emulation exposes SEV from the guest's perspective:
> - Exposed CPUID leaf 0x8000001F to indicate active support.
> - Active bit 0 in MSR 0xc0010131 to enable SEV on the guest.
> - C-bit manipulation in PTEs/CR3 for paging consistency with the host.
> - Complete SEV attestation workflow for injecting secrets into guest
>   memory (including direct kernel boot support).
>
>The emulation uses a new QOM object "sev-emulated", derived from
>"sev-guest", to maximize reuse of the existing SEV infrastructure while
>maintaining a compiling dependency with KVM.
>Below are the pros and cons of this choice.
>
>In addition to inherited guest properties, two new ones are added (binary
>files; default all-zero):
> - tik: 16-byte Transport Integrity Key (TIK) for measurement HMAC.
> - tek: 16-byte Transport Encryption Key (TEK) for secret payload
>   decryption.
>
>Code reuse benefits:
> - SEV detection via sev_enabled() and TYPE_SEV_COMMON object cast enables
>   the required checks for emulation without adding new conditions to the
>   codebase.
> - QAPI fields for query-sev/launch-measure inherited from SevCommonState
>   and SevGuestState.
> - Identical QMP interface (query-sev, query-sev-launch-measure,
>   sev-inject-launch-secret) as real SEV.
> - Shared state machine (sev_set_guest_state()); override backend vtable
>   only (kvm_init → sev_emulated_init, launch_update_data, launch_finish,
>   sev_launch_get_measure).
>
>Trade-offs:
> - KVM linkage: sev-guest is KVM-centric; even if KVM is not used at
>   runtime, its code is required for compilation, so it is not possible to
>   use emulation with --disable-kvm.
>
>Example usage:
>
>	-cpu "EPYC-Milan" \
>	-accel tcg \
>	-object sev-emulated,id=sev0,cbitpos=47,reduced-phys-bits=1,\
>		tik=/path/to/tik.bin,tek=/path/to/tek.bin \
>	-machine memory-encryption=sev0
>
>Build requirements:
>
>	../qemu/configure --enable-gcrypt --enable-crypto-afalg
>
>These provide libgcrypt support for crypto/hmac.h, crypto/cipher.h, and
>crypto/random.h, used for:
> - HMAC-SHA256 launch measurement (TIK key).
> - Secret payload decryption (TEK key).
>Note: --disable-kvm unsupported due to sev-guest inheritance (KVM code
>linked, no runtime dependency).
>
>

To give maintainers some more context: this is part of an ongoing work to
enable SNP emulation in QEMU, which would be very useful for development
purposes (eg coconut-SVSM). However, it should not be used in a production
environment as it provides no security guarantees.

Please consider this as an RFC.

Luigi

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.