]>
Commit | Line | Data |
---|---|---|
f91f9f25 DG |
1 | /* |
2 | * QEMU Confidential Guest support | |
3 | * This interface describes the common pieces between various | |
4 | * schemes for protecting guest memory or other state against a | |
5 | * compromised hypervisor. This includes memory encryption (AMD's | |
6 | * SEV and Intel's MKTME) or special protection modes (PEF on POWER, | |
7 | * or PV on s390x). | |
8 | * | |
9 | * Copyright Red Hat. | |
10 | * | |
11 | * Authors: | |
12 | * David Gibson <david@gibson.dropbear.id.au> | |
13 | * | |
14 | * This work is licensed under the terms of the GNU GPL, version 2 or | |
15 | * later. See the COPYING file in the top-level directory. | |
16 | * | |
17 | */ | |
18 | #ifndef QEMU_CONFIDENTIAL_GUEST_SUPPORT_H | |
19 | #define QEMU_CONFIDENTIAL_GUEST_SUPPORT_H | |
20 | ||
21 | #ifndef CONFIG_USER_ONLY | |
22 | ||
23 | #include "qom/object.h" | |
24 | ||
25 | #define TYPE_CONFIDENTIAL_GUEST_SUPPORT "confidential-guest-support" | |
26 | OBJECT_DECLARE_SIMPLE_TYPE(ConfidentialGuestSupport, CONFIDENTIAL_GUEST_SUPPORT) | |
27 | ||
28 | struct ConfidentialGuestSupport { | |
29 | Object parent; | |
abc27d42 DG |
30 | |
31 | /* | |
32 | * ready: flag set by CGS initialization code once it's ready to | |
33 | * start executing instructions in a potentially-secure | |
34 | * guest | |
35 | * | |
36 | * The definition here is a bit fuzzy, because this is essentially | |
37 | * part of a self-sanity-check, rather than a strict mechanism. | |
38 | * | |
39 | * It's not feasible to have a single point in the common machine | |
40 | * init path to configure confidential guest support, because | |
41 | * different mechanisms have different interdependencies requiring | |
42 | * initialization in different places, often in arch or machine | |
43 | * type specific code. It's also usually not possible to check | |
44 | * for invalid configurations until that initialization code. | |
45 | * That means it would be very easy to have a bug allowing CGS | |
46 | * init to be bypassed entirely in certain configurations. | |
47 | * | |
48 | * Silently ignoring a requested security feature would be bad, so | |
49 | * to avoid that we check late in init that this 'ready' flag is | |
50 | * set if CGS was requested. If the CGS init hasn't happened, and | |
51 | * so 'ready' is not set, we'll abort. | |
52 | */ | |
53 | bool ready; | |
f91f9f25 DG |
54 | }; |
55 | ||
56 | typedef struct ConfidentialGuestSupportClass { | |
57 | ObjectClass parent; | |
58 | } ConfidentialGuestSupportClass; | |
59 | ||
60 | #endif /* !CONFIG_USER_ONLY */ | |
61 | ||
62 | #endif /* QEMU_CONFIDENTIAL_GUEST_SUPPORT_H */ |