-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to use the RMP instruction (Use VMPL) #208
Comments
RMPADJUST can only be executed in guest context.
RMPADJUST can be used to change the VMPL permissions associated with a page. The VMPL permissions that can be changed must be for a less-privileged VMPL level. That is, if you are running at VMPL0, you can adjust the VMPL permissions for VMPL1, 2 and 3. If running at VMPL1, you can adjust the VMPL permissions for VMPL2 and 3, etc. You must then have a vCPU that is running at the VMPL permission that you are targeting in order to leverage VMPL functionality. The support for multiple VMPL levels within the guest Linux OS does not exist and is something that you would need to develop. |
Thank you for your reply. RMPADJUST requires a guest virtual address, RMP page size, and VMPL permission information as parameters. |
I have prepared a SEV-SNP enabled VM. (both host and guest are Ubuntu 20.04)
I want to increase the VMPL permissions of a specific application running on the guest VM.
I looked at the documentation and understood that I can specify VMPL through RMP access control.
It seems that I can specify VMPL permissions via the RMPADJUST instruction.
However, when I tried to use the RMP command on the hypervisor, it failed. (I also tried it in the guest and it failed)
How can I perform the RMP instructions?
(How can I leverage the VMPL functionality?)
The text was updated successfully, but these errors were encountered: