Btw,
I don't see our SEV-specific chicken bit which disables SEV only.
Do we need it? If so, maybe something like
mem_encrypt=sme_only
or so.
Or is the mem_encrypt=off chicken bit enough?
What about the use case where you want SME but no encrypted guests?
A bunch of hmmm.
--
Regards/Gruss,
On 8/23/2017 10:30 AM, Borislav Petkov wrote:
On Mon, Jul 24, 2017 at 02:07:54PM -0500, Brijesh Singh wrote:
From: Tom Lendacky
Early in the boot process, add checks to determine if the kernel is
running with Secure Encrypted Virtualization (SEV) active.
Checking for SEV requires checking tha
On Mon, Jul 24, 2017 at 02:07:54PM -0500, Brijesh Singh wrote:
> From: Tom Lendacky
>
> Early in the boot process, add checks to determine if the kernel is
> running with Secure Encrypted Virtualization (SEV) active.
>
> Checking for SEV requires checking that the kernel is running under a
> hyp
From: Tom Lendacky
Early in the boot process, add checks to determine if the kernel is
running with Secure Encrypted Virtualization (SEV) active.
Checking for SEV requires checking that the kernel is running under a
hypervisor (CPUID 0x0001, bit 31), that the SEV feature is available
(CPUID
4 matches
Mail list logo