On Tue, Mar 17, 2026 at 12:38:35PM +0100, Tommaso Califano wrote:
From: Tommaso Califano <[email protected]>QEMU's AMD SEV support currently requires KVM on expensive AMD EPYC hardware, limiting development and testing of SEV-aware guest software to users with server-grade machines. This series introduces a TCG-emulated SEV guest mode that enables SEV validation without hardware dependencies, focusing on functional testing rather than reproducing the hardware’s cryptographic context. The emulation exposes SEV from the guest's perspective: - Exposed CPUID leaf 0x8000001F to indicate active support. - Active bit 0 in MSR 0xc0010131 to enable SEV on the guest. - C-bit manipulation in PTEs/CR3 for paging consistency with the host. - Complete SEV attestation workflow for injecting secrets into guest memory (including direct kernel boot support). The emulation uses a new QOM object "sev-emulated", derived from "sev-guest", to maximize reuse of the existing SEV infrastructure while maintaining a compiling dependency with KVM. Below are the pros and cons of this choice. In addition to inherited guest properties, two new ones are added (binary files; default all-zero): - tik: 16-byte Transport Integrity Key (TIK) for measurement HMAC. - tek: 16-byte Transport Encryption Key (TEK) for secret payload decryption. Code reuse benefits: - SEV detection via sev_enabled() and TYPE_SEV_COMMON object cast enables the required checks for emulation without adding new conditions to the codebase. - QAPI fields for query-sev/launch-measure inherited from SevCommonState and SevGuestState. - Identical QMP interface (query-sev, query-sev-launch-measure, sev-inject-launch-secret) as real SEV. - Shared state machine (sev_set_guest_state()); override backend vtable only (kvm_init → sev_emulated_init, launch_update_data, launch_finish, sev_launch_get_measure). Trade-offs: - KVM linkage: sev-guest is KVM-centric; even if KVM is not used at runtime, its code is required for compilation, so it is not possible to use emulation with --disable-kvm. Example usage: -cpu "EPYC-Milan" \ -accel tcg \ -object sev-emulated,id=sev0,cbitpos=47,reduced-phys-bits=1,\ tik=/path/to/tik.bin,tek=/path/to/tek.bin \ -machine memory-encryption=sev0 Build requirements: ../qemu/configure --enable-gcrypt --enable-crypto-afalg These provide libgcrypt support for crypto/hmac.h, crypto/cipher.h, and crypto/random.h, used for: - HMAC-SHA256 launch measurement (TIK key). - Secret payload decryption (TEK key). Note: --disable-kvm unsupported due to sev-guest inheritance (KVM code linked, no runtime dependency).
To give maintainers some more context: this is part of an ongoing work to enable SNP emulation in QEMU, which would be very useful for development purposes (eg coconut-SVSM). However, it should not be used in a production environment as it provides no security guarantees. Please consider this as an RFC. Luigi
