AMD added a Secure Encrypted Virtualization (SEV) feature in EDKII, the first x86 technology designed to cryptographically isolate virtual machines (VMs) from the hypervisor. Recently, AMD added SEV-ES (Encrypted State) feature which added additional protection for the CPU register state. The new Zen CPU introduces the next generation of SEV called SEV-SNP (Secure Nested Paging). SEV-SNP builds upon existing SEV and SEV-ES functionality while adding new hardware-based memory protections. SEV-SNP adds a strong memory integrity protection to help prevent malicious hypervisor-based attacks like data replay, memory re-mapping, and more in order to create an isolated memory encryption environment. Also, SEV-SNP introduces several optional security enhancements designed to support additional VM use models offering string protections around the interrupt behavior, and offer increased protection against the side-channel attacks. This Bugzilla tracks the support for the SEV-SNP feature in the OVMF.
Patches on the list from Brijesh: * [edk2-devel] [RFC PATCH 00/19] Add AMD Secure Nested Paging (SEV-SNP) support msgid: <20210324153215.17971-1-brijesh.singh@amd.com> https://edk2.groups.io/g/devel/message/73216 https://listman.redhat.com/archives/edk2-devel-archive/2021-March/msg00963.html
* [edk2-devel] [PATCH RFC v2 00/28] Add AMD Secure Nested Paging (SEV-SNP) support https://edk2.groups.io/g/devel/message/74629 https://listman.redhat.com/archives/edk2-devel-archive/2021-April/msg01043.html msgid: <20210430115148.22267-1-brijesh.singh@amd.com>
The patch set mentioned in comment 1 and comment 2 has been split to multiple "waves". The first wave is: * [edk2-devel] [PATCH 00/13] Add GHCBv2 macro and helpers https://edk2.groups.io/g/devel/message/74823 https://listman.redhat.com/archives/edk2-devel-archive/2021-May/msg00142.html msgid: <20210507203838.23706-1-brijesh.singh@amd.com>
[edk2-devel] [PATCH v2 00/13] Add GHCBv2 macro and helpers https://edk2.groups.io/g/devel/message/75077 https://listman.redhat.com/archives/edk2-devel-archive/2021-May/msg00390.html msgid: <20210512234615.1726-1-brijesh.singh@amd.com>
[edk2-devel] [PATCH v3 00/13] Add GHCBv2 macro and helpers https://edk2.groups.io/g/devel/message/75389 https://listman.redhat.com/archives/edk2-devel-archive/2021-May/msg00718.html msgid: <20210519181949.6574-1-brijesh.singh@amd.com>
(In reply to Laszlo Ersek from comment #5) > [edk2-devel] [PATCH v3 00/13] Add GHCBv2 macro and helpers > > https://edk2.groups.io/g/devel/message/75389 > https://listman.redhat.com/archives/edk2-devel-archive/2021-May/msg00718.html > msgid: <20210519181949.6574-1-brijesh.singh@amd.com> This wave of patches has been merged as commit range dbc22a178546..adfa3327d4fc, via <https://github.com/tianocore/edk2/pull/1675>. The BZ should remain open for the next wave(s).
* [edk2-devel] [RESEND PATCH RFC v3 00/22] Add AMD Secure Nested Paging (SEV-SNP) support msgid: <20210526231118.12946-1-brijesh.singh@amd.com> https://edk2.groups.io/g/devel/message/75716 https://listman.redhat.com/archives/edk2-devel-archive/2021-May/msg01009.html
* [edk2-devel] [RFC PATCH v4 00/27] Add AMD Secure Nested Paging (SEV-SNP) support msgid: <20210628174223.1302-1-brijesh.singh@amd.com> https://edk2.groups.io/g/devel/message/77187 https://listman.redhat.com/archives/edk2-devel-archive/2021-June/msg01307.html * [edk2-devel] [RFC PATCH v5 00/28] Add AMD Secure Nested Paging (SEV-SNP) support msgid: <20210630125321.30278-1-brijesh.singh@amd.com> https://edk2.groups.io/g/devel/message/77335 https://listman.redhat.com/archives/edk2-devel-archive/2021-June/msg01455.html
Add initial patch https://github.com/tianocore/edk2/pull/1842 githash: dc485c556d5f5db21debe8de3a45a7564aacbe24..b461d67639f2deced77e9bb967d014b7cfcd75f8
Merge at https://github.com/tianocore/edk2/pull/2269