This series aims to allow more flexibility in specifying SEV-SNP policy bits by improving discoverability of supported policy bits from userspace and enabling support for newer policy bits. - The first patch adds a new KVM_X86_GRP_SEV attribute group, KVM_X86_SNP_POLICY_BITS, that can be used to return the supported SEV-SNP policy bits. The initial support for this attribute will return the current KVM supported policy bitmask. - The next 3 patches provide for adding to the known SEV-SNP policy bits. Since some policy bits are dependent on specific levels of SEV firmware support, the CCP driver is updated to provide an API to return the supported policy bits. The supported policy bits bitmask used by KVM is generated by taking the policy bitmask returned by the CCP driver and ANDing it with the KVM supported policy bits. KVM supported policy bits are policy bits that do not require any specific implementation support from KVM to allow. This series has a prereq against the ciphertext hiding patches that were recently accepted into the cryptodev tree. The series is based off of: git://git.kernel.org/pub/scm/virt/kvm/kvm.git next with the added the ciphertext hiding patches Tom Lendacky (4): KVM: SEV: Publish supported SEV-SNP policy bits KVM: SEV: Consolidate the SEV policy bits in a single header file crypto: ccp - Add an API to return the supported SEV-SNP policy bits KVM: SEV: Add known supported SEV-SNP policy bits arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/svm/sev.c | 45 +++++++++++++++++++++------------ arch/x86/kvm/svm/svm.h | 3 --- drivers/crypto/ccp/sev-dev.c | 37 +++++++++++++++++++++++++++ include/linux/psp-sev.h | 39 ++++++++++++++++++++++++++++ 5 files changed, 106 insertions(+), 19 deletions(-) base-commit: 82a56258ec2d48f9bb1e9ce8f26b14c161dfe4fb -- 2.46.2
