diff --git a/Cargo.lock b/Cargo.lock index 5c019a43..19c28f67 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -89,6 +89,43 @@ version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f" +[[package]] +name = "cpufeatures" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-bigint" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "740fe28e594155f10cfc383984cbefd529d7396050557148f79cb0f621204124" +dependencies = [ + "generic-array", + "rand_core", + "subtle", + "zeroize", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "const-oid" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f" + [[package]] name = "cpufeatures" version = "0.2.11" @@ -654,9 +691,9 @@ checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" [[package]] name = "primeorder" -version = "0.13.2" +version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c2fcef82c0ec6eefcc179b978446c399b3cdf73c392c35604e399eee6df1ee3" +checksum = "c7dbe9ed3b56368bd99483eb32fe9c17fdd3730aebadc906918ce78d54c7eeb4" dependencies = [ "elliptic-curve", ] diff --git a/README.md b/README.md index 43957a23..69cf8220 100644 --- a/README.md +++ b/README.md @@ -5,16 +5,42 @@ # sev -The `sev` crate provides an implementation of [AMD Secure Encrypted -Virtualization (SEV)](https://developer.amd.com/sev/) APIs. +The `sev` crate provides an implementation of the [AMD Secure Encrypted +Virtualization (SEV)](https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/55766_SEV-KM_API_Specification.pdf) APIs and the [SEV Secure Nested Paging +Firmware (SNP)] (https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56860.pdf) ABIs. + +### SEV APIs The Linux kernel exposes two technically distinct AMD SEV APIs: 1. An API for managing the SEV platform itself 2. An API for managing SEV-enabled KVM virtual machines -This crate implements both of those APIs and offers them to client -code through a flexible and type-safe high level interface. +This crate implements both of those APIs and offers them to client. +code through a flexible and type-safe high-level interface. + +### SNP ABIs + +Like SEV, the Linux kernel exposes another two different AMD SEV-SNP ABIs: + +1. An ABI for managing the SEV-SNP platform itself +2. An ABI for managing SEV-SNP enabled KVM virtual machines + +These new ABIs work only for **SEV-SNP** enabled hosts and guests. + +This crate implements APIs for both SEV and SEV-SNP management. + +### SEV and SEV-SNP enablement + +By default, both the SEV and SEV-SNP libraries are compiled. +Because many modules provide support to both legacy SEV and SEV-SNP, they have been split into individual sub-modules `sev.rs` and `snp.rs`, isolating generation specific behavior. +If desired, you may opt to exclude either of the sub-modules by disabling its feature in your project's `Cargo.toml` + +For example, to include the SEV APIs only: +`sev = { version = "1.2.1", default-features = false, features = ["sev"] }` + +To include the SEV-SNP APIs only: +`sev = { version = "1.2.1", default-features = false, features = ["snp"] }` ### Platform Management diff --git a/src/lib.rs b/src/lib.rs index 885e1e29..b227a257 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,15 +1,41 @@ // SPDX-License-Identifier: Apache-2.0 -//! The `sev` crate provides an implementation of [AMD Secure Encrypted -//! Virtualization (SEV)](https://developer.amd.com/sev/) APIs. +//! The `sev` crate provides an implementation of the [AMD Secure Encrypted +//! Virtualization (SEV)](https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/55766_SEV-KM_API_Specification.pdf) APIs and the [SEV Secure Nested Paging +//! Firmware (SNP)] (https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56860.pdf) ABIs. +//! +//! ## SEV APIs //! //! The Linux kernel exposes two technically distinct AMD SEV APIs: //! //! 1. An API for managing the SEV platform itself //! 2. An API for managing SEV-enabled KVM virtual machines //! -//! This crate implements both of those APIs and offers them to client -//! code through a flexible and type-safe high level interface. +//! This crate implements both of those APIs and offers them to client. +//! code through a flexible and type-safe high-level interface. +//! +//! ## SNP ABIs +//! +//! Like SEV, the Linux kernel exposes another two different AMD SEV-SNP ABIs: +//! +//! 1. An ABI for managing the SEV-SNP platform itself +//! 2. An ABI for managing SEV-SNP enabled KVM virtual machines +//! +//! These new ABIs work only for **SEV-SNP** enabled hosts and guests. +//! +//! This crate implements APIs for both SEV and SEV-SNP management. +//! +//! ## SEV and SEV-SNP enablement +//! +//! By default, both the SEV and SEV-SNP libraries are compiled. +//! Because many modules provide support to both legacy SEV and SEV-SNP, they have been split into individual sub-modules `sev.rs` and `snp.rs`, isolating generation specific behavior. +//! If desired, you may opt to exclude either of the sub-modules by disabling its feature in your project's `Cargo.toml` +//! +//! For example, to include the SEV APIs only: +//! `sev = { version = "1.2.1", default-features = false, features = ["sev"] }` +//! +//! To include the SEV-SNP APIs only: +//! `sev = { version = "1.2.1", default-features = false, features = ["snp"] }` //! //! ## Platform Management //!