@@ -65,4 +65,14 @@ int kvm_sev_guest_measurement(uint8_t *measurement);
*/
int kvm_sev_dbg_decrypt(uint8_t *dest, const uint8_t *src, uint32_t len);
+/**
+ * kvm_sev_dbg_encrypt - encrypt the guest memory in SEV mode.
+ * @src - guest memory address
+ * @dest - host memory address where the encrypted data should be copied
+ * @length - length of memory region
+ *
+ * Returns: 0 on success and dest will contains the encrypted data
+ */
+int kvm_sev_dbg_encrypt(uint8_t *dest, const uint8_t *src, uint32_t len);
+
#endif
@@ -455,3 +455,26 @@ int kvm_sev_dbg_decrypt(uint8_t *dst, const uint8_t *src, uint32_t len)
DPRINTF("SEV: DBG_DECRYPT dst %p src %p sz %d\n", dst, src, len);
return 0;
}
+
+int kvm_sev_dbg_encrypt(uint8_t *dst, const uint8_t *src, uint32_t len)
+{
+ int ret;
+ struct kvm_sev_dbg_encrypt encrypt;
+ struct kvm_sev_issue_cmd input;
+
+ encrypt.src_addr = (unsigned long)src;
+ encrypt.dst_addr = (unsigned long)dst;
+ encrypt.length = len;
+
+ input.cmd = KVM_SEV_DBG_ENCRYPT;
+ input.opaque = (unsigned long)&encrypt;
+ ret = kvm_vm_ioctl(kvm_state, KVM_SEV_ISSUE_CMD, &input);
+ if (ret) {
+ fprintf(stderr, "SEV: dbg_encrypt failed ret=%d(%#010x)\n",
+ ret, input.ret_code);
+ return 1;
+ }
+
+ DPRINTF("SEV: DBG_ENCRYPT dst %p src %p sz %d\n", dst, src, len);
+ return 0;
+}
The SEV DEBUG_ENCRYPT command is used for injecting a code into SEV-enabled guest memory For more information see [1], section 7.2 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf The following KVM RFC patches defines and implements this command http://marc.info/?l=kvm&m=147190861124032&w=2 http://marc.info/?l=kvm&m=147190861124032&w=2 Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> --- include/sysemu/sev.h | 10 ++++++++++ sev.c | 23 +++++++++++++++++++++++ 2 files changed, 33 insertions(+)