Crate sev[][src]

Expand description

The sev crate provides an implementation of AMD Secure Encrypted Virtualization (SEV) APIs.

The Linux kernel exposes two technically distinct AMD SEV APIs:

  1. An API for managing the SEV platform itself
  2. An API for managing SEV-enabled KVM virtual machines

This crate implements both of those APIs and offers them to client code through a flexible and type-safe high level interface.

Platform Management

Refer to the firmware module for more information.

Guest Management

Refer to the launch module for more information.

Remarks

Note that the Linux kernel provides access to these APIs through a set of ioctls that are meant to be called on device nodes (/dev/kvm and /dev/sev, to be specific). As a result, these ioctls form the substrate of the sev crate. Binaries that result from consumers of this crate are expected to run as a process with the necessary privileges to interact with the device nodes.

Modules

Utilities for adhering to a cached SEV chain convention.

Everything needed for working with AMD SEV certificate chains.

Operations for managing the SEV platform.

Everything one needs to launch an AMD SEV encrypted virtual machine.

Structs

A description of the SEV platform’s build information.

A description of the SEV-SNP platform’s build information.

Information about the SEV platform version.

Enums

A representation for EPYC generational product lines.