|
From: | Brijesh Singh |
Subject: | Re: [RFC PATCH 3/6] i386/sev: initialize SNP context |
Date: | Thu, 15 Jul 2021 08:24:25 -0500 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 |
On 7/15/21 4:32 AM, Dov Murik wrote:
Just making sure I understand: * sev_enabled() returns true for SEV or newer (SEV or SEV-ES or SEV-SNP). * sev_es_enabled() returns true for SEV-ES or newer (SEV-ES or SEV-SNP). * sev_snp_enabled() returns true for SEV-SNP or newer (currently only SEV-SNP). Is that indeed the intention?
Yes. The SEV-SNP support requires the SEV and SEV-ES to be enabled. See the text from the APM vol2 section 15.36.
The SEV-SNP features enable additional protection for encrypted VMs designed to achieve stronger isolation from the hypervisor. SEV-SNP is used with the SEV and SEV-ES features described in Section 15.34 and Section 15.35 respectively and requires the enablement and use of these features. thanks
[Prev in Thread] | Current Thread | [Next in Thread] |