[v9] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support

[PATCH RFC v9 23/51] KVM: SEV: Select CONFIG_KVM_PROTECTED_VM when CONFIG_KVM_AMD_SEV=y

Posted by Michael Roth 2 years, 8 months ago

AMD SEV relies on the restricted/protected memory support to run guests
in some cases (such as SEV lazy-pinning), so make sure to enable that
support with the CONFIG_KVM_PROTECTED_VM build option.

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 arch/x86/kvm/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
index 718010600956..638679a4e5dc 100644
--- a/arch/x86/kvm/Kconfig
+++ b/arch/x86/kvm/Kconfig
@@ -126,6 +126,7 @@ config KVM_AMD_SEV
 	bool "AMD Secure Encrypted Virtualization (SEV) support"
 	depends on KVM_AMD && X86_64
 	depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)
+	select KVM_PROTECTED_VM
 	help
 	  Provides support for launching Encrypted VMs (SEV) and Encrypted VMs
 	  with Encrypted State (SEV-ES) on AMD processors.
-- 
2.25.1

[PATCH RFC v9 01/51] KVM: x86: Add gmem hook for initializing private memory
[PATCH RFC v9 02/51] KVM: x86: Add gmem hook for invalidating private memory
[PATCH RFC v9 03/51] KVM: x86: Use full 64-bit error code for kvm_mmu_do_page_fault
[PATCH RFC v9 04/51] KVM: x86: Determine shared/private faults using a configurable mask
[PATCH RFC v9 05/51] x86/coco: move CONFIG_HAS_CC_PLATFORM check down into coco/Makefile
[PATCH RFC v9 06/51] x86/cpufeatures: Add SEV-SNP CPU feature
[PATCH RFC v9 07/51] x86/sev: Add the host SEV-SNP initialization support
[PATCH RFC v9 08/51] x86/speculation: Do not enable Automatic IBRS if SEV SNP is enabled
[PATCH RFC v9 09/51] x86/sev: Add RMP entry lookup helpers
[PATCH RFC v9 10/51] x86/fault: Add helper for dumping RMP entries
[PATCH RFC v9 11/51] x86/traps: Define RMP violation #PF error code
[PATCH RFC v9 12/51] x86/fault: Report RMP page faults for kernel addresses
[PATCH RFC v9 13/51] x86/fault: Handle RMP page faults for user addresses
[PATCH RFC v9 14/51] x86/sev: Add helper functions for RMPUPDATE and PSMASH instruction
[PATCH RFC v9 15/51] x86/sev: Invalidate pages from the direct map when adding them to the RMP table
[PATCH RFC v9 16/51] crypto: ccp: Define the SEV-SNP commands
[PATCH RFC v9 17/51] crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP
[PATCH RFC v9 18/51] crypto: ccp: Provide API to issue SEV and SNP commands
[PATCH RFC v9 19/51] x86/sev: Introduce snp leaked pages list
[PATCH RFC v9 20/51] crypto: ccp: Handle the legacy TMR allocation when SNP is enabled
[PATCH RFC v9 21/51] crypto: ccp: Handle the legacy SEV command when SNP is enabled
[PATCH RFC v9 22/51] crypto: ccp: Add the SNP_PLATFORM_STATUS command
[PATCH RFC v9 23/51] KVM: SEV: Select CONFIG_KVM_PROTECTED_VM when CONFIG_KVM_AMD_SEV=y
[PATCH RFC v9 24/51] KVM: SVM: Add support to handle AP reset MSR protocol
[PATCH RFC v9 25/51] KVM: SVM: Add GHCB handling for Hypervisor Feature Support requests
[PATCH RFC v9 26/51] KVM: SVM: Make AVIC backing, VMSA and VMCB memory allocation SNP safe
[PATCH RFC v9 27/51] KVM: SVM: Add initial SEV-SNP support
[PATCH RFC v9 28/51] KVM: SVM: Add KVM_SNP_INIT command
[PATCH RFC v9 29/51] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_START command
[PATCH RFC v9 30/51] KVM: Add HVA range operator
[PATCH RFC v9 31/51] KVM: Split out memory attribute xarray updates to helper function
[PATCH RFC v9 32/51] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_UPDATE command
[PATCH RFC v9 33/51] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_FINISH command
[PATCH RFC v9 34/51] KVM: SVM: Add support to handle GHCB GPA register VMGEXIT
[PATCH RFC v9 35/51] KVM: SVM: Add KVM_EXIT_VMGEXIT
[PATCH RFC v9 36/51] KVM: SVM: Add support to handle MSR based Page State Change VMGEXIT
[PATCH RFC v9 37/51] KVM: SVM: Add support to handle Page State Change VMGEXIT
[PATCH RFC v9 38/51] KVM: x86: Export the kvm_zap_gfn_range() for the SNP use
[PATCH RFC v9 39/51] KVM: x86: Define RMP page fault error bits for #NPF
[PATCH RFC v9 40/51] KVM: SVM: Add support to handle RMP nested page faults
[PATCH RFC v9 41/51] KVM: SVM: Use a VMSA physical address variable for populating VMCB
[PATCH RFC v9 42/51] KVM: SVM: Support SEV-SNP AP Creation NAE event
[PATCH RFC v9 43/51] KVM: SEV: Configure MMU to check for private fault flags
[PATCH RFC v9 44/51] KVM: SEV: Implement gmem hook for initializing private pages
[PATCH RFC v9 45/51] KVM: SEV: Implement gmem hook for invalidating private pages
[PATCH RFC v9 46/51] KVM: SVM: Add module parameter to enable the SEV-SNP
[PATCH RFC v9 47/51] iommu/amd: Add IOMMU_SNP_SHUTDOWN support
[PATCH RFC v9 48/51] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command
[PATCH RFC v9 49/51] x86/sev: Add KVM commands for per-instance certs
[PATCH RFC v9 50/51] KVM: SVM: Provide support for SNP_GUEST_REQUEST NAE event
[PATCH RFC v9 51/51] crypto: ccp: Add debug support for decrypting pages