From e408203bab17e32f8d42ae9ad61e94a73bfaec67 Mon Sep 17 00:00:00 2001

From: Connor Kuehl <ckuehl@redhat.com>

Date: Tue, 22 Jun 2021 20:00:22 -0400

Subject: [PATCH 10/12] docs/interop/firmware.json: Add SEV-ES support

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

RH-Author: Miroslav Rezanina <mrezanin@redhat.com>

RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9

RH-Commit: [8/8] b49ebbaf40b56d95c67475a0373d6906a3e4f0e3 (mrezanin/centos-src-qemu-kvm)

RH-Bugzilla: 1957194

RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>

RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>

From: Tom Lendacky <thomas.lendacky@amd.com>

Create an enum definition, '@amd-sev-es', for SEV-ES and add documention

for the new enum. Add an example that shows some of the requirements for

SEV-ES, including not having SMM support and the requirement for an

X64-only build.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

Reviewed-by: Connor Kuehl <ckuehl@redhat.com>

Message-Id: <b941a7ee105dfeb67607cf2d24dafcb82658b212.1619208498.git.thomas.lendacky@amd.com>

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>

(cherry picked from commit d44df1d73ce04d7f4b8f94cba5f715e2dadc998b)

Signed-off-by: Connor Kuehl <ckuehl@redhat.com>

Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>

---

 docs/interop/firmware.json | 47 +++++++++++++++++++++++++++++++++++++-

 1 file changed, 46 insertions(+), 1 deletion(-)

diff --git a/docs/interop/firmware.json b/docs/interop/firmware.json

index 9d94ccafa9..8d8b0be030 100644

--- a/docs/interop/firmware.json

+++ b/docs/interop/firmware.json

@@ -115,6 +115,12 @@

 #           this feature are documented in

 #           "docs/amd-memory-encryption.txt".

 #

+# @amd-sev-es: The firmware supports running under AMD Secure Encrypted

+#              Virtualization - Encrypted State, as specified in the AMD64

+#              Architecture Programmer's Manual. QEMU command line options

+#              related to this feature are documented in

+#              "docs/amd-memory-encryption.txt".

+#

 # @enrolled-keys: The variable store (NVRAM) template associated with

 #                 the firmware binary has the UEFI Secure Boot

 #                 operational mode turned on, with certificates

@@ -179,7 +185,7 @@

 # Since: 3.0

 ##

 { 'enum' : 'FirmwareFeature',

-  'data' : [ 'acpi-s3', 'acpi-s4', 'amd-sev', 'enrolled-keys',

+  'data' : [ 'acpi-s3', 'acpi-s4', 'amd-sev', 'amd-sev-es', 'enrolled-keys',

              'requires-smm', 'secure-boot', 'verbose-dynamic',

              'verbose-static' ] }

@@ -504,6 +510,45 @@

 # }

 #

 # {

+#     "description": "OVMF with SEV-ES support",

+#     "interface-types": [

+#         "uefi"

+#     ],

+#     "mapping": {

+#         "device": "flash",

+#         "executable": {

+#             "filename": "/usr/share/OVMF/OVMF_CODE.fd",

+#             "format": "raw"

+#         },

+#         "nvram-template": {

+#             "filename": "/usr/share/OVMF/OVMF_VARS.fd",

+#             "format": "raw"

+#         }

+#     },

+#     "targets": [

+#         {

+#             "architecture": "x86_64",

+#             "machines": [

+#                 "pc-q35-*"

+#             ]

+#         }

+#     ],

+#     "features": [

+#         "acpi-s3",

+#         "amd-sev",

+#         "amd-sev-es",

+#         "verbose-dynamic"

+#     ],

+#     "tags": [

+#         "-a X64",

+#         "-p OvmfPkg/OvmfPkgX64.dsc",

+#         "-t GCC48",

+#         "-b DEBUG",

+#         "-D FD_SIZE_4MB"

+#     ]

+# }

+#

+# {

 #     "description": "UEFI firmware for ARM64 virtual machines",

 #     "interface-types": [

 #         "uefi"

-- 

2.27.0