git.ipfire.org Git - thirdparty/linux.git/commit

author	Tom Lendacky <thomas.lendacky@amd.com>
	Mon, 27 Oct 2025 19:33:52 +0000 (14:33 -0500)
committer	Sean Christopherson <seanjc@google.com>
	Fri, 14 Nov 2025 18:30:12 +0000 (10:30 -0800)
commit	275d6d1189e6d5f8e7c1da43ffd4b09d7089f174
tree	155cb15af4b8265e63a4956bff1969ccb4f107f8	tree \| snapshot
parent	7a61d61396b97fd6bb9b9bde321c68513034ad11	commit \| diff

KVM: SEV: Add known supported SEV-SNP policy bits

Add to the known supported SEV-SNP policy bits that don't require any
implementation support from KVM in order to successfully use them.

At this time, this includes:
  - CXL_ALLOW
  - MEM_AES_256_XTS
  - RAPL_DIS
  - CIPHERTEXT_HIDING_DRAM
  - PAGE_SWAP_DISABLE

Arguably, RAPL_DIS and CIPHERTEXT_HIDING_DRAM require KVM and the CCP
driver to enable these features in order for the setting of the policy
bits to be successfully handled. But, a guest owner may not wish their
guest to run on a system that doesn't provide support for those features,
so allowing the specification of these bits accomplishes that. Whether
or not the bit is supported by SEV firmware, a system that doesn't support
these features will either fail during the KVM validation of supported
policy bits before issuing the LAUNCH_START or fail during the
LAUNCH_START.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://patch.msgid.link/ec040de9864099cf592a97c201dc4cc110b2b0cf.1761593632.git.thomas.lendacky@amd.com
Signed-off-by: Sean Christopherson <seanjc@google.com>