Implement AMD SEV support in vmd(8).
authorbluhm <bluhm@openbsd.org>
Wed, 11 Sep 2024 15:42:52 +0000 (15:42 +0000)
committerbluhm <bluhm@openbsd.org>
Wed, 11 Sep 2024 15:42:52 +0000 (15:42 +0000)
commitf4b47ae8c166ad93c181c94348498561bc3a6653
tree9ace8fdde8d23ba53656658b6564f7528911854f
parent9b9a8f8cbc4da3f90ccddc3abc242cc5b92a3146
Implement AMD SEV support in vmd(8).

To launch a guest with AMD SEV enabled, vmd needs to do a few things:
- retrieve ASID used by guest on VM creation
- provide ASID to psp(4)
- let psp(4) encrypt memory used intially by guest
- run guest
- release resources held by psp(4) on guest shutdown
To enable SEV for a guest use the parameter "sev" in the guest's vm
section in vm.conf.

from hshoexer@; OK mlarkin@
12 files changed:
usr.sbin/vmd/Makefile
usr.sbin/vmd/arm64_vm.c
usr.sbin/vmd/loadfile_elf.c
usr.sbin/vmd/parse.y
usr.sbin/vmd/psp.c [new file with mode: 0644]
usr.sbin/vmd/sev.c [new file with mode: 0644]
usr.sbin/vmd/vm.c
usr.sbin/vmd/vm.conf.5
usr.sbin/vmd/vmd.c
usr.sbin/vmd/vmd.h
usr.sbin/vmd/vmm.c
usr.sbin/vmd/x86_vm.c