sev crate provides an implementation of AMD Secure Encrypted
Virtualization (SEV) APIs.
The Linux kernel exposes two technically distinct AMD SEV APIs:
- An API for managing the SEV platform itself
- An API for managing SEV-enabled KVM virtual machines
This crate implements both of those APIs and offers them to client code through a flexible and type-safe high level interface.
Refer to the
firmware module for more information.
Refer to the
launch module for more information.
Note that the Linux kernel provides access to these APIs through a set
ioctls that are meant to be called on device nodes (
/dev/sev, to be specific). As a result, these
ioctls form the substrate
sev crate. Binaries that result from consumers of this crate are
expected to run as a process with the necessary privileges to interact
with the device nodes.
- Utilities for adhering to a cached SEV chain convention.
- SEV and SEV-SNP certificates interface.
- Error module.
- Modules for interfacing with SEV firmware. Rust-friendly API wrappers to communicate with the FFI functions.
- Everything one needs to launch an AMD SEV encrypted virtual machine.
- Types and abstractions regarding Virtual Machine Save Areas (VMSAs).
- A description of the SEV platform’s build information.
- Information about the SEV platform version.
- A representation for EPYC generational product lines.