aboutsummaryrefslogtreecommitdiff
path: root/hw/i386
diff options
context:
space:
mode:
authorDavid Gibson <david@gibson.dropbear.id.au>2020-05-05 17:00:30 +1000
committerDavid Gibson <david@gibson.dropbear.id.au>2021-02-08 16:57:37 +1100
commitf91f9f254ba10e94468663b23d0b780c240df268 (patch)
treed422eda1ea88ee2fe8dcb2d20cadeddc3d075a8e /hw/i386
parenta8dc82ce828579b92cf602cdc307a6c5b144069c (diff)
confidential guest support: Introduce new confidential guest support class
Several architectures have mechanisms which are designed to protect guest memory from interference or eavesdropping by a compromised hypervisor. AMD SEV does this with in-chip memory encryption and Intel's TDX can do similar things. POWER's Protected Execution Framework (PEF) accomplishes a similar goal using an ultravisor and new memory protection features, instead of encryption. To (partially) unify handling for these, this introduces a new ConfidentialGuestSupport QOM base class. "Confidential" is kind of vague, but "confidential computing" seems to be the buzzword about these schemes, and "secure" or "protected" are often used in connection to unrelated things (such as hypervisor-from-guest or guest-from-guest security). The "support" in the name is significant because in at least some of the cases it requires the guest to take specific actions in order to protect itself from hypervisor eavesdropping. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'hw/i386')
0 files changed, 0 insertions, 0 deletions