📃
Confidential Computing 101
HomeTechnologyTry CC!
  • Welcome
  • Confidential Computing
    • What is Confidential Computing
    • What problems Confidential Computing solves
      • Bare Metal
      • Docker
      • Kubernetes
      • Knative
    • Why Confidential Computing
    • How Confidential Computing works
      • Memory Encryption
      • Workload Attestation
      • Confidential Boot
      • Sealing / Binding
      • Secret Provisioning
    • Technology Overview
    • Cloud Service Providers
  • Technology in depth
    • Intel SGX
      • Getting Started
        • Bare Metal Server Installation
        • Enclave Development Environment
        • Intel SGX SDK Setup
      • Technology
        • 🎭Features
        • 💂Threat Model
        • 🆚Versions
        • 🟦Concepts
          • 🏦Memory Encryption
          • 👮Local and Remote Attestation
          • 🖼️DCAP-Attestation Framework
          • 🔑Secret Key Provisioning
      • enclaive Development Kit
        • 🏢Architecture
        • 🌪️Workflow
        • 🌍Tutorials
          • Azure DCdsv3, DCsv2, or DCsv3 Setup
          • Redis in cK8s
          • MongoDB in cK8s
          • K8s + HashiCorp Vault on Azure DCsv3
      • Vault Remote Attestation Plug-In
        • 🏃‍♂️Initialization
        • 👮Attestation
        • ⚙️Configuration
    • Intel TDX
      • Getting Started
        • Azure
        • AWS
        • GCP
      • Technology
        • History
          • VT
          • TME/MKTME
          • SGX
        • Features
        • Threat Model
        • Concepts
          • Architecture
            • TDX Module
          • Memory Encryption
            • Confidentiality and Integrity
            • Keys and Key Management
          • TD Partitioning
          • DCAP-Attestation
            • Overview
            • Platform Registration
            • Attestation Report
    • AMD SEV
      • Getting Started
        • Azure
        • AWS
        • GCP
      • Technology
        • History
        • Threat Model
        • SME Concepts
          • Use Models
        • SEV-SNP Concepts
          • Features
            • Integrity Threats
            • Reverse Map Table
            • Page Validation
            • Page States
            • Virtual Machine Privilege Levels
            • Interrupt/Exception Protection
            • Trusted Platform Information
            • TCB Versioning
            • VM Launch & Attestation
            • VM Migration
            • Side Channels
          • Use Cases
          • Architecture
            • Encrypted Memory
            • Key Management
          • Software Implications
    • ARM CC
      • Technology
        • Introduction
        • Threat Model
        • Design
        • Comparison
    • Attestation Methods
      • Raw Attestation
      • Raw Attestation with Secure-Boot
      • Raw Attestation with a vTPM
        • AMD Secure VM Service Module and vTPMs
      • Raw Attestation with paravirtualized TPM
  • Resources
    • Youtube
    • Github
    • Products
Powered by GitBook
On this page

Was this helpful?

  1. Technology in depth
  2. AMD SEV
  3. Technology
  4. SEV-SNP Concepts
  5. Features

Page States

Last updated 11 months ago

Was this helpful?

As illustrated, the Reverse Map Table (RMP) in SEV-SNP plays a crucial role in tracking the state of each memory page, governing its permissible uses, the entities authorized to read or write it, and potential state transitions. The various page states determine the level of access and control granted to different entities. For instance:

  1. Hypervisor state: Pages in this state can be read and written by the hypervisor or SEV-SNP VMs accessing the memory with C=0 (shared pages).

  2. Guest-Valid state: Pages in this state can be read and written by SEV-SNP VMs but are protected from being written by the hypervisor.

  3. Guest-Invalid state: Pages in this state are yet to be validated by the guest, and access to them is restricted.

The SEV-SNP architecture defines a total of eight main page states, as listed in Table 3. Page state transitions are depicted in figure above and can occur through three mechanisms: the new CPU RMPUPDATE instruction (red), the new PVALIDATE instruction (blue), or via the VM management API in the AMD-SP (green).

Similar to previous SEV technologies, SEV-SNP incorporates a VM management API in the AMD-SP. The hypervisor employs this interface to facilitate VM lifecycle tasks and page management. To maintain security, any pages that the AMD-SP will manipulate must first be placed into special states called Immutable states before initiating the necessary API call. Pages in the Immutable states are protected from being written by any software on the CPU (hypervisor or guest) and cannot have their RMP entry modified by any entity other than the AMD-SP. After processing a page in one of these Immutable states, the AMD-SP can transition it to a different state as dictated by the specific API call.

One such example of Immutable pages is 'Metadata' pages. These pages are writable only by the AMD-SP and serve to store metadata entries associated with guest pages that have been swapped to disk. When a page is swapped to disk, the AMD-SP creates a metadata entry containing an authentication tag (from AES-GCM) and relevant data from the page's RMP entry, such as the GPA where it was located. As the Metadata page itself is not writable by the hypervisor, the integrity of this information is guaranteed. When a page is swapped back into memory, the AMD-SP verifies that the contents remain unchanged and ensures that the page is reintegrated into the guest address space at the same location as before. Metadata pages themselves can also be swapped to disk in a similar manner, enabling the entire guest to be saved to disk if needed.

Page State Transition
Drawing