summaryrefslogtreecommitdiff
path: root/Documentation/x86/amd-memory-encryption.rst
diff options
context:
space:
mode:
authorJakub Kicinski <kuba@kernel.org>2023-02-02 14:49:55 -0800
committerJakub Kicinski <kuba@kernel.org>2023-02-02 14:49:55 -0800
commit82b4a9412b4de2f68679f1403f1d229390ace27e (patch)
tree920454da3f6d509be95ae3c5c72921bfddc39c20 /Documentation/x86/amd-memory-encryption.rst
parentb18ea3d9d214dfb23b0b6bd2acc121cb0d0fa2c5 (diff)
parentedb9b8f380c3413bf783475279b1a941c7e5cec1 (diff)
downloadlwn-82b4a9412b4de2f68679f1403f1d229390ace27e.tar.gz
lwn-82b4a9412b4de2f68679f1403f1d229390ace27e.zip
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
net/core/gro.c 7d2c89b32587 ("skb: Do mix page pool and page referenced frags in GRO") b1a78b9b9886 ("net: add support for ipv4 big tcp") https://lore.kernel.org/all/20230203094454.5766f160@canb.auug.org.au/ Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'Documentation/x86/amd-memory-encryption.rst')
-rw-r--r--Documentation/x86/amd-memory-encryption.rst36
1 files changed, 36 insertions, 0 deletions
diff --git a/Documentation/x86/amd-memory-encryption.rst b/Documentation/x86/amd-memory-encryption.rst
index a1940ebe7be5..934310ce7258 100644
--- a/Documentation/x86/amd-memory-encryption.rst
+++ b/Documentation/x86/amd-memory-encryption.rst
@@ -95,3 +95,39 @@ by supplying mem_encrypt=on on the kernel command line. However, if BIOS does
not enable SME, then Linux will not be able to activate memory encryption, even
if configured to do so by default or the mem_encrypt=on command line parameter
is specified.
+
+Secure Nested Paging (SNP)
+==========================
+
+SEV-SNP introduces new features (SEV_FEATURES[1:63]) which can be enabled
+by the hypervisor for security enhancements. Some of these features need
+guest side implementation to function correctly. The below table lists the
+expected guest behavior with various possible scenarios of guest/hypervisor
+SNP feature support.
+
++-----------------+---------------+---------------+------------------+
+| Feature Enabled | Guest needs | Guest has | Guest boot |
+| by the HV | implementation| implementation| behaviour |
++=================+===============+===============+==================+
+| No | No | No | Boot |
+| | | | |
++-----------------+---------------+---------------+------------------+
+| No | Yes | No | Boot |
+| | | | |
++-----------------+---------------+---------------+------------------+
+| No | Yes | Yes | Boot |
+| | | | |
++-----------------+---------------+---------------+------------------+
+| Yes | No | No | Boot with |
+| | | | feature enabled |
++-----------------+---------------+---------------+------------------+
+| Yes | Yes | No | Graceful boot |
+| | | | failure |
++-----------------+---------------+---------------+------------------+
+| Yes | Yes | Yes | Boot with |
+| | | | feature enabled |
++-----------------+---------------+---------------+------------------+
+
+More details in AMD64 APM[1] Vol 2: 15.34.10 SEV_STATUS MSR
+
+[1] https://www.amd.com/system/files/TechDocs/40332.pdf