git.ipfire.org Git - thirdparty/linux.git/commit

author	Michael Roth <michael.roth@amd.com>
	Fri, 9 Jan 2026 23:17:33 +0000 (17:17 -0600)
committer	Sean Christopherson <seanjc@google.com>
	Fri, 23 Jan 2026 17:14:16 +0000 (09:14 -0800)
commit	20c3c4108d58f87c711bf44cb0b498b3ac5af6bf
tree	b417b7e37d94ecc4b8d1346f4adafde902249c65	tree
parent	fa9893fadbc245e179cb17f3c371c67471b5a8a8	commit \| diff

KVM: SEV: Add KVM_SEV_SNP_ENABLE_REQ_CERTS command

Introduce a new command for KVM_MEMORY_ENCRYPT_OP ioctl that can be used
to enable fetching of endorsement key certificates from userspace via
the new KVM_EXIT_SNP_REQ_CERTS exit type. Also introduce a new
KVM_X86_SEV_SNP_REQ_CERTS KVM device attribute so that userspace can
query whether the kernel supports the new command/exit.

Suggested-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Tested-by: Liam Merwick <liam.merwick@oracle.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Link: https://patch.msgid.link/20260109231732.1160759-3-michael.roth@amd.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

Documentation/virt/kvm/x86/amd-memory-encryption.rst		diff \| blob \| blame \| history
arch/x86/include/uapi/asm/kvm.h		diff \| blob \| blame \| history
arch/x86/kvm/svm/sev.c		diff \| blob \| blame \| history