qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 3/3] docs/interop/firmware.json: Add SEV-ES support

From: Laszlo Ersek
Subject: Re: [PATCH v2 3/3] docs/interop/firmware.json: Add SEV-ES support
Date: Mon, 26 Apr 2021 14:39:42 +0200 
On 04/23/21 22:08, Tom Lendacky wrote:
> From: Tom Lendacky <thomas.lendacky@amd.com>
> 
> Create an enum definition, '@amd-sev-es', for SEV-ES and add documention
> for the new enum. Add an example that shows some of the requirements for
> SEV-ES, including not having SMM support and the requirement for an
> X64-only build.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
>  docs/interop/firmware.json | 47 +++++++++++++++++++++++++++++++++++++-
>  1 file changed, 46 insertions(+), 1 deletion(-)
> 
> diff --git a/docs/interop/firmware.json b/docs/interop/firmware.json
> index 9d94ccafa9..8d8b0be030 100644
> --- a/docs/interop/firmware.json
> +++ b/docs/interop/firmware.json
> @@ -115,6 +115,12 @@
>  #           this feature are documented in
>  #           "docs/amd-memory-encryption.txt".
>  #
> +# @amd-sev-es: The firmware supports running under AMD Secure Encrypted
> +#              Virtualization - Encrypted State, as specified in the AMD64
> +#              Architecture Programmer's Manual. QEMU command line options
> +#              related to this feature are documented in
> +#              "docs/amd-memory-encryption.txt".
> +#
>  # @enrolled-keys: The variable store (NVRAM) template associated with
>  #                 the firmware binary has the UEFI Secure Boot
>  #                 operational mode turned on, with certificates
> @@ -179,7 +185,7 @@
>  # Since: 3.0
>  ##
>  { 'enum' : 'FirmwareFeature',
> -  'data' : [ 'acpi-s3', 'acpi-s4', 'amd-sev', 'enrolled-keys',
> +  'data' : [ 'acpi-s3', 'acpi-s4', 'amd-sev', 'amd-sev-es', 'enrolled-keys',
>               'requires-smm', 'secure-boot', 'verbose-dynamic',
>               'verbose-static' ] }
>  
> @@ -504,6 +510,45 @@
>  # }
>  #
>  # {
> +#     "description": "OVMF with SEV-ES support",
> +#     "interface-types": [
> +#         "uefi"
> +#     ],
> +#     "mapping": {
> +#         "device": "flash",
> +#         "executable": {
> +#             "filename": "/usr/share/OVMF/OVMF_CODE.fd",
> +#             "format": "raw"
> +#         },
> +#         "nvram-template": {
> +#             "filename": "/usr/share/OVMF/OVMF_VARS.fd",
> +#             "format": "raw"
> +#         }
> +#     },
> +#     "targets": [
> +#         {
> +#             "architecture": "x86_64",
> +#             "machines": [
> +#                 "pc-q35-*"
> +#             ]
> +#         }
> +#     ],
> +#     "features": [
> +#         "acpi-s3",
> +#         "amd-sev",
> +#         "amd-sev-es",
> +#         "verbose-dynamic"
> +#     ],
> +#     "tags": [
> +#         "-a X64",
> +#         "-p OvmfPkg/OvmfPkgX64.dsc",
> +#         "-t GCC48",
> +#         "-b DEBUG",
> +#         "-D FD_SIZE_4MB"
> +#     ]
> +# }
> +#
> +# {
>  #     "description": "UEFI firmware for ARM64 virtual machines",
>  #     "interface-types": [
>  #         "uefi"
> 

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

Thanks!
Laszlo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]