From patchwork Wed Feb 28 21:10:00 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Brijesh Singh <brijesh.singh@amd.com>
X-Patchwork-Id: 879395
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=nongnu.org
	(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;
	envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=amd.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=amdcloud.onmicrosoft.com
	header.i=@amdcloud.onmicrosoft.com header.b="Xg37TZkm";
	dkim-atps=neutral
Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3zs7Y56TvKz9s15
	for <incoming@patchwork.ozlabs.org>;
	Thu,  1 Mar 2018 08:11:53 +1100 (AEDT)
Received: from localhost ([::1]:46939 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1er90x-0001Cq-Ud
	for incoming@patchwork.ozlabs.org; Wed, 28 Feb 2018 16:11:52 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:52817)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <brijesh.singh@amd.com>) id 1er906-00016e-BO
	for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:11:00 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <brijesh.singh@amd.com>) id 1er902-0005NV-7r
	for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:10:58 -0500
Received: from mail-dm3nam03on0063.outbound.protection.outlook.com
	([104.47.41.63]:8633
	helo=NAM03-DM3-obe.outbound.protection.outlook.com)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <brijesh.singh@amd.com>)
	id 1er901-0005LV-Pr
	for qemu-devel@nongnu.org; Wed, 28 Feb 2018 16:10:54 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
	bh=oljeL8Bc4d6Gn4DH55/LRxI393ZbpciF96TQhwHyQvk=;
	b=Xg37TZkmD3IyeEreUYIo6lGnsY5v4ImBAVGr1vSfsTr3KZCYms3WXntFWlHX7RUu3o9q5TMYbHK4fz/3WsNE1CNydC/xFbmW+4mmlpWMBRY6S/M+zIAyeCbikBagbzCZg39HvUmZSWJfDX9yRVa1dM9xYXguBttvUt2AnVZaSX0=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
Received: from wsp141597wss.amd.com (165.204.78.1) by
	DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15;
	Wed, 28 Feb 2018 21:10:50 +0000
From: Brijesh Singh <brijesh.singh@amd.com>
To: qemu-devel@nongnu.org
Date: Wed, 28 Feb 2018 15:10:00 -0600
Message-ID: <20180228211028.83970-1-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.14.3
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: DM5PR10CA0008.namprd10.prod.outlook.com
	(2603:10b6:4:2::18)
	To DM2PR12MB0155.namprd12.prod.outlook.com
	(2a01:111:e400:50ce::18)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: b7f3b393-761f-45fa-81ff-08d57eefbf3b
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020);
	SRVR:DM2PR12MB0155;
X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155;
	3:UY0IkSUGQuztxqli2SEX6CRn8cWBheKIApmHWiyk35ZFBNBHd1OzGOtoWGab7oXUq6M0zemMXpJ7qDtfzuXKjeqFjYOIcc52xDUF3V5KifN6Jzv4aHcY7XK6vmeR03TH9cA8zi/IAUYFHBKEMVLwKrpf6UmfBKZd2rbOfYBuqmp/GJQmZcQ8sOFfEtsRcLzVcw29EyqQpIemQus3JDnMY7gSS3C27lwIysyLuUupeCaH7WoBngsuMj3JTRGwn5OM;
	25:sZWPqCUuj8J3aC6ecoLo3HOwDNAnYdSygYdaZUBsIYl6MNgtP5YigO26DcbnLG/H0pY4c5xxb3x3PYKRbjaYqh9B/e18lJVrf/JVcLjbabaoYVSmBLsBXv23BXejTJio1RuvoeWzm0qKbjYaZQAvR9rpKMnc8EX+EuAk9LsczM9p0vjLuIS6aaF+qggpOneclhbeBStwXpPPIyNz0XnC87Ie4KzL6XTsouwdJT/YehqIH13BwI5eVTYhQ9eHi+u2ZUIqn+3LHsk2QoEp3UEiyPCaaNhTYC7ZKKPIjM7RCr6ND/Efxb0Yb9lbs8LVyAgCzxgp3bb//AhLAc9vREfa0A==;
	31:PPcHWJFGg73eJLRhsZjAZQgblaY4gPDLiWpm/vLUI+iOABXn8C0aEuTh3uu5/MqTH6f4tWIpk6RoV1IYjbzHIdyZTtembMBOk4dwYFnXpE8jvcShZjxRo9Kx/39p3D+7B7EZWM0TXluFUrg0hCtMkpSlIry13r0Xvt7fDQF7J91VdrJuHE5RRggNGnsXx6tuzgmPA6ZMfVZoHvMd9yLa/O3vl7stM4FwPpXUDmWvOmY=
X-MS-TrafficTypeDiagnostic: DM2PR12MB0155:
X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155;
	20:8uCK2aVzko3MQsc59pJWtdQ8Pp65WeyJkw/8q2o/mV6igWyDjJ5IoSw18LlFn7SJvqidmQIO7v4TwxNfTVjCQlMc1XL9PadSbNSULP2if4kMRm2xLLtQRK3sLezWQ5iho8JPel3pKtFgW2JyRGrS475hZKihR3eETmJPF7E+FjpMmXFPCm798kNXxK3+X0SOC0/tRPaG+MIN5fMGejcDRgeO7JP8xWYyYnyCk6K+fdoy8W1dqQ4/n5B5oF9Rpt3UJxtz11GkdNLt/Sq+Ra4GA8g4IkCPGkgfjINp6xpVJxhzxR5XqwplGx8iV5a6Q8lk8YLbenPGxOniY7PB824tJcGs2WkoVxQZJutQy8+YS9gfT/mFO5E1FKXjoQOhGWXXo7ZWRYEVg9ybaXokjqL4d0Ed+AEe/SplLwJ+NuIcgsYEJ9Gt4rQTut/FwzGn8jyrD2xnyfldc97BhJQztEBr+2bevgO/o86SaQefC3yuSnjJXChxQOtwBv6zyo1IeRqk;
	4:q+vnQSfrUw9YCkwQhenQTSAI0fks+vqoADU3QAMgjNQVroeNUHIGYXjPeMAvtSL10W5Y2L6NGtaYELgpyV9u8HAvqZhW5Jmmf5sKRwZjSArrIK0npQmMMbKT0r1l8bwtxr+5rQ00NJ/WA3SjLQJWqpRUDt3ojvyHl1cRoV3xwMzYIc8y2lwMkbmPj06fQCOplmgoHvgUoctq4vcF5KZtP+tpxtIv6TPEsfr66lOYDoJ9y1NRVAKqViaJsVhG9BHUp7XFMTUYmHO2avF9X9Fe0L7bZss9ifLYD2zRZ/bFcu/kZUbXkUIfGBRs604xkbsL3KQ7K6mAiQ6JVrnzu1D8VVfduqyq4s91Aw1SzR5NRdYN/aobkXlXbPuugRchrF8vAUIaboxLZas8OonXLe0tp83+dTNyoyW6hDsK/O5MOKU=
X-Microsoft-Antispam-PRVS: 
 <DM2PR12MB01559FE2C1D8F1B84D3C8B18E5C70@DM2PR12MB0155.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: 
 UriScan:(166708455590820)(767451399110)(254730959083279)(91638250987450);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3231220)(944501219)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041288)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011);
	SRVR:DM2PR12MB0155; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0155;
X-Forefront-PRVS: 0597911EE1
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(39860400002)(39380400002)(396003)(346002)(366004)(376002)(189003)(199004)(6486002)(6116002)(1076002)(2351001)(36756003)(16526019)(54906003)(53416004)(26005)(53936002)(66066001)(186003)(47776003)(6306002)(59450400001)(2361001)(966005)(478600001)(8666007)(316002)(81166006)(50226002)(8676002)(8936002)(386003)(106356001)(2870700001)(97736004)(5660300001)(6666003)(23676004)(305945005)(4326008)(7736002)(39060400002)(1720100001)(8656006)(105586002)(68736007)(50466002)(7696005)(25786009)(52116002)(3846002)(2906002)(86362001)(81156014)(7416002)(6916009);
	DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0155;
	H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1;
	A:1; LANG:en;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0155;
	23:8oU4c+ocCB+1HbM5tBXKHFEG8eicefgxdgzLmhRtO?=
	t7W711ixE7dMcAHnGlHIvyJtnr0DcaLJ47H238gCWKxs7MWGqKdDJbfEjrjI4U6UkK8JjL4ofyLQn7zh1tV7yoZnOs2p11MyWPfLUddmoKAoPWw5Oq+Tqy7Lrc+Th9FdERm9YpY8amWwd6c3xC/xMYOGOCukDn7kgdrejO7O3+CHSLPZ4wjAa2V9xf03ugiTD9e1+r60hCg4tmBtKkqLUk+ZCKnT3xJSUDoQka6oXWfR3DHTam6D5ihWBXXEx46UJ4dBQEehYCk0qJi43TWex6NCsL9hf9tXYU89x6e/bVDtn7kONqpCNXFhqQHat1uf7Wg4G1qLScg5e7W7dfVy0g3iBoM0PawHaolsPGLjjngGsqL4XNcH590hX4k/sLAAxkZTi9p1UrpBrEU0sUMX8UUHDiJKEJwhEDRgizdxcD12c5+8/iAaLQn5voqHC1LAIENr2d1IKmJ4kuREh8ddKe9+W/1LIaKnIdTrdlnVT9uo+u2tT/Cvz6Rf3cUX4LfKa+RK7/lOLAjC3VjK7Qhm/hYQxkK0a+PVcJqJW2qfLbfsW8ejz8YkhC1kmzT+rSo9mwc2zp2x08FIYG7qdAERM4pVxlN0xn4j6wWgnEpocy+29IlVszPTbuqna53IsqnKkT0vlEsGz4Q0/8KJscQJ84pDnqX3JF6KiCkR4AaFU+Yfp+bRfcPm+kblhPdK2EAFYDfhKod5elOKWhB6N7YoV7RjJVZxIZ5aHQFSGeqTZT7SjmJyGZlc+vcDSx2zbMX59xWJXqyV1Yo2D2t5Mpr92zn9M1xmDl1tr8Lj6dpNQXLmyGNV2QWbp+CXFTJa0RS8AqgBt9rhsdd6Z21OfjK3s9UFsQFfeicacUZMShMqotO9RlSnHswmETxTGnzbLjZQO14vepgSrShj1Rl2chbt/1a89WrsH3zbcZwBk4Qlru+WXxFGhS5Ma9FC2cAbShmxCzvzqdtGlLVG4nmfd2Arg3OivmCM0fdnrKs543O/oLJvzDgys9Lu1iqeLFkbQH63IMwL89XjR6Dimfr0TYZQQ2AoYRgPFyRxeSGE3m5QQW7ZmigQe83OEqHtNZhjgukoEbtLNI+dYpbJaZxrxIVDpRsazyW3/mTecJX+Jkfk9KZ6nJxi4iEENmY6J686x+bZuV4dS1Hy2sZXXlyfy04j0RfiVPm0IOSNYJaoonwWEf+CQGrw/6wSnpCKdStE4OhFN4jYAKE6JlTnx+j6TR9hnOh0nQjAph48tjZ9I7JNFINxg==
X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155;
	6:dIHbGKjpFWmoA3jSeFOZzQLGCNSNSteLly/qKNwrMVR3sJAaL+kr0BAfz38lPn7pqu/aam++Q6xXQIk+ulJMB1syvH9ySnjIoy/5Ym3yzAORhtnk2BDbOWsDJH649JoppLe8U6zDzk1qzoaNVOd9Z2b8zKASradEq2GOI8LdcRKvqe4tHUE00kjYzmvrqVH6ChQIgxPCyXgLdwazyOIWd20iIk6nrd9YdRdQSWqvqt37aUQ9kZJfzskjlBuDzCnGXrFUGYMHA/yiNNsldc1XsHbcMyhkbfV91wbZ8ha/TiS5Np5gH2I7jPNYTmNFmTk38CSbB5ndp5jx6j13B4zp1mV6UWC0SG/x/8/6UyWYOZ4=;
	5:v5vAi/iz+6/7hSK/8fVw0l3LFCcZHobQWMZC2o0JJ+mc8GECopgfTIpnsbY1s7n1yCKBHHpEW+rQXjIeSnV3k0DNrEG6UyXosBMxbhcygPMx6p5PIS+xwmfnHs7+loE6LFzO60E9I/WebftzNArSg8YKvJBv+t4N/H1z5N2WrwU=;
	24:SC/gufbmSRqLaaEKlISKTEkLDemrUaYMtFXc4BehhVsOckeJfXC3ReJMWKTvPcQjZDRs9uNC7CNdu0xiWestoKfQvjxEb1pGGKGCE4uIp+E=;
	7:JmI05DPScC0Emcrk7bW5qou4kFJbbhYDpgWUCSX8JwEVAiaNUUE8PhseqQHCptzRhDp6Oe8D7RBq2eGWeMAYgT3Y4kDM/LPe4jePK7hyVZYOwhNarQdmNfMdqajSGapPlaI3jM6gDv5chF0fmqMAMA1NpSr0JUfh6pBJlz70nQj+Jz5YcqZN0Ejv00dUE7/rd3AFIo4LGBVTMOlfq8RxVprgN9udV1nwvRbd0yOkTBtaP3ni3AYtcBjw2G+sCfZx
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155;
	20:N4thecjmt8zo8OuX5m29dxTDC6QZfLx4Z8tFeRl2lYBEgA+a7Tr+JIn+BdcJwWzs3k2+Lg1wEc52KyU3CT2rma1b3x+0xCFRDzGcTlRY7pCRXpJLulLBc6gPQtqFBlVCPiMXOkBZJWZ5PWQ/ifK78Q8eGL5mkQ3k822NbjcRpt2KMWABuldPVVJ+45RdZTNWt7mZiLc6f9XVqeAG6vgKAYRJCJ+FoqBi82q/I50GTA7/JvTNt7uysaYDkOyofFQ5
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2018 21:10:50.6237
	(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 b7f3b393-761f-45fa-81ff-08d57eefbf3b
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155
X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy]
X-Received-From: 104.47.41.63
Subject: [Qemu-devel] [PATCH v10 00/29] x86: Secure Encrypted Virtualization
	(AMD)
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Peter Maydell <peter.maydell@linaro.org>,
	Brijesh Singh <brijesh.singh@amd.com>, kvm@vger.kernel.org,
	"Michael S. Tsirkin" <mst@redhat.com>,
	Stefan Hajnoczi <stefanha@gmail.com>, Alexander Graf <agraf@suse.de>,
	"Edgar E. Iglesias" <edgar.iglesias@xilinx.com>,
	Markus Armbruster <armbru@redhat.com>, Bruce Rogers <brogers@suse.com>,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Marcel Apfelbaum <marcel@redhat.com>, Borislav Petkov <bp@suse.de>,
	Thomas Lendacky <Thomas.Lendacky@amd.com>,
	Eduardo Habkost <ehabkost@redhat.com>,
	Richard Henderson <richard.henderson@linaro.org>,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
	Alistair Francis <alistair.francis@xilinx.com>,
	Cornelia Huck <cornelia.huck@de.ibm.com>,
	Peter Crosthwaite <crosthwaite.peter@gmail.com>,
	Paolo Bonzini <pbonzini@redhat.com>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

This patch series provides support for AMD's new Secure Encrypted 
Virtualization (SEV) feature.

SEV is an extension to the AMD-V architecture which supports running
multiple VMs under the control of a hypervisor. The SEV feature allows
the memory contents of a virtual machine (VM) to be transparently encrypted
with a key unique to the guest VM. The memory controller contains a
high performance encryption engine which can be programmed with multiple
keys for use by a different VMs in the system. The programming and
management of these keys is handled by the AMD Secure Processor firmware
which exposes a commands for these tasks.

The KVM SEV patch series introduced a new ioctl (KVM_MEMORY_ENCRYPTION_OP)
which is used by qemu to issue the SEV commands to assist performing
common hypervisor activities such as a launching, running, snapshooting,
migration and debugging guests.

The following links provide additional details:

AMD Memory Encryption whitepaper:
 
http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf

AMD64 Architecture Programmer's Manual:
http://support.amd.com/TechDocs/24593.pdf
SME is section 7.10
SEV is section 15.34

Secure Encrypted Virutualization Key Management:
http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf

KVM Forum slides:
http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf

Video of the KVM Forum Talk:
https://www.youtube.com/watch?v=RcvQ1xN55Ew
---

The complete patch series is available :
https://github.com/codomania/qemu/tree/v10

Using these patches we have succesfully booted and tested a guest both with and
without SEV enabled.

TODO:

* Add SEV guest migration support
* Add SEV guest snapshot and restore support

Changes since v9:
- move sev specific header definition in target/i386/sev_i386.h
- add new QMP query-sev-capabilities - the command will be used by libvirt
  to query the SEV capabilities information.
- move sev specific QMP command implementation in target/i386/monitor.c. The
  sev commands are disabled for non x86 architecture
- update 'info sev' command to display human readiable format for policy
- use g_new0 to allocate to structure memory
- update qemu-options.hx to include cbitspos and reduced-phys-bit field

Changes since v8:
- update 'query-sev' command to use enum type for SEV state.
- populate memory encryption cpuid when only SEV is enabled.


Changes since v7:
- move sev.c from accel/kvm to target/i386
- update query-sev-launch-measure to return error when measurement is not available
- update flatview_read to use slow path when attrs.debug=1 is set
- fix the buffer overflow
- use '-' when adding new member in SevInfo QMP structure

Changes since v6:
- add support to specify cbitpos in sev-guest object
- add 'info sev' HMP command
- add 'query-sev' and 'query-launch-measure' QMP commands
- rework the logic to query the memory encryption mask when walking
  guest pagetable for debug

Changes since v5:
- drop MEMTXTATTRS_DEBUG macro, caller now specify attrs.debug=1 when needed.
- drop DPRINTF and use trace points to output the debug messages

Changes since v4:
- extend sev-guest object to add new properties 'dh-cert-file', 'session-file' etc.
- emit SEV_MEASUREMENT event when measurement is available
- add migration blocker
- add memory encryption cpuid support
- rebase the series with recent qemu tree

Changes since v3:
- update to newer SEV spec (0.12 -> 0.14)
- update to newer KVM RFC and use KVM_MEMORY_ENCRYPTION_OP ioctl instead
of KVM_ISSUE_SEV.
- add support to encrypt plfash

Changes since v2:
- rename ram_ops to ram_debug_ops
- use '-' rather than '_' when adding new member in KvmInfo struct
- update sev object to use link properties when referencing other objects
- use ldq_phys_debug in tlb_info_64 and mem_info_64.
- remove sev-guest-policy object, we will revisit it after basic SEV
guest support is merged.
- remove kernel API from doc and add SEV guest LAUNCH model. The doc will
be updated as we integerate the remaining SEV APIs.

Changes since v1:
- Added Documentation
- Added security-policy object.
- Drop sev config parsing support and create new objects to get/set SEV
specific parameters
- Added sev-guest-info object.
- Added sev-launch-info object.
- Added kvm_memory_encrytion_* APIs. The idea behind this was to allow adding
a non SEV memory encrytion object without modifying interfaces.
- Drop patch to load OS image at fixed location.
- updated LAUNCH_FINISH command structure. Now the structure contains
just 'measurement' field. Other fields are not used and will also be removed
from newer SEV firmware API spec.

Brijesh Singh (28):
  memattrs: add debug attribute
  exec: add ram_debug_ops support
  exec: add debug version of physical memory read and write API
  monitor/i386: use debug APIs when accessing guest memory
  machine: add -memory-encryption property
  kvm: update kvm.h to include memory encryption ioctls
  docs: add AMD Secure Encrypted Virtualization (SEV)
  target/i386: add Secure Encrypted Virtulization (SEV) object
  qmp: add query-sev command
  include: add psp-sev.h header file
  sev/i386: add command to initialize the memory encryption context
  sev/i386: register the guest memory range which may contain encrypted
    data
  kvm: introduce memory encryption APIs
  hmp: add 'info sev' command
  sev/i386: add command to create launch memory encryption context
  sev/i386: add command to encrypt guest memory region
  target/i386: encrypt bios rom
  sev/i386: add support to LAUNCH_MEASURE command
  sev/i386: finalize the SEV guest launch flow
  hw/i386: set ram_debug_ops when memory encryption is enabled
  sev/i386: add debug encrypt and decrypt commands
  target/i386: clear C-bit when walking SEV guest page table
  qmp: add query-sev-launch-measure command
  sev/i386: add migration blocker
  cpu/i386: populate CPUID 0x8000_001F when SEV is active
  qmp: add query-sev-capabilities command
  sev/i386: add sev_get_capabilities()
  tests/qmp-test: blacklist sev specific qmp commands

 accel/kvm/kvm-all.c            |  48 +++
 accel/stubs/kvm-stub.c         |  14 +
 cpus.c                         |   2 +-
 disas.c                        |   2 +-
 docs/amd-memory-encryption.txt | 109 ++++++
 exec.c                         |  83 +++-
 hmp-commands-info.hx           |  16 +
 hmp.h                          |   1 +
 hw/core/machine.c              |  22 ++
 hw/i386/pc.c                   |   9 +
 hw/i386/pc_sysfw.c             |  19 +
 include/exec/cpu-common.h      |  15 +
 include/exec/memattrs.h        |   2 +
 include/exec/memory.h          |  30 +-
 include/hw/boards.h            |   1 +
 include/sysemu/kvm.h           |  25 ++
 include/sysemu/sev.h           |  22 ++
 linux-headers/linux/kvm.h      |  90 +++++
 linux-headers/linux/psp-sev.h  | 142 +++++++
 monitor.c                      |  27 +-
 qapi-schema.json               | 132 +++++++
 qemu-options.hx                |  49 ++-
 stubs/Makefile.objs            |   1 +
 stubs/sev.c                    |  30 ++
 target/i386/Makefile.objs      |   4 +-
 target/i386/cpu.c              |  13 +
 target/i386/helper.c           |  31 +-
 target/i386/monitor.c          | 193 ++++++---
 target/i386/sev-stub.c         |  51 +++
 target/i386/sev.c              | 860 +++++++++++++++++++++++++++++++++++++++++
 target/i386/sev_i386.h         |  93 +++++
 target/i386/trace-events       |  11 +
 tests/qmp-test.c               |   5 +
 33 files changed, 2067 insertions(+), 85 deletions(-)
 create mode 100644 docs/amd-memory-encryption.txt
 create mode 100644 include/sysemu/sev.h
 create mode 100644 linux-headers/linux/psp-sev.h
 create mode 100644 stubs/sev.c
 create mode 100644 target/i386/sev-stub.c
 create mode 100644 target/i386/sev.c
 create mode 100644 target/i386/sev_i386.h