From: Konrad Rzeszutek Wilk <firstname.lastname@example.org> To: "Singh, Brijesh" <email@example.com> Cc: "firstname.lastname@example.org" <email@example.com> Subject: Re: [PATCH v3 00/11] Add AMD SEV guest live migration support Date: Fri, 12 Jul 2019 11:52:15 -0400 Message-ID: <20190712155215.GA12840@char.us.oracle.com> (raw) In-Reply-To: <firstname.lastname@example.org> On Wed, Jul 10, 2019 at 08:12:59PM +0000, Singh, Brijesh wrote: > The series add support for AMD SEV guest live migration commands. To protect the > confidentiality of an SEV protected guest memory while in transit we need to > use the SEV commands defined in SEV API spec . > > SEV guest VMs have the concept of private and shared memory. Private memory > is encrypted with the guest-specific key, while shared memory may be encrypted > with hypervisor key. The commands provided by the SEV FW are meant to be used > for the private memory only. The patch series introduces a new hypercall. > The guest OS can use this hypercall to notify the page encryption status. > If the page is encrypted with guest specific-key then we use SEV command during > the migration. If page is not encrypted then fallback to default. > I am bit lost. Why can't the hypervisor keep track of hypervisor key pages and treat all other pages as owned by the guest and hence using the guest-specific key?
next prev parent reply index Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-07-10 20:12 Singh, Brijesh 2019-07-10 20:13 ` [PATCH v3 01/11] KVM: SVM: Add KVM_SEV SEND_START command Singh, Brijesh 2019-07-10 20:13 ` [PATCH v3 02/11] KVM: SVM: Add KVM_SEND_UPDATE_DATA command Singh, Brijesh 2019-07-10 20:13 ` [PATCH v3 03/11] KVM: SVM: Add KVM_SEV_SEND_FINISH command Singh, Brijesh 2019-07-10 20:13 ` [PATCH v3 04/11] KVM: SVM: Add support for KVM_SEV_RECEIVE_START command Singh, Brijesh 2019-07-10 20:13 ` [PATCH v3 05/11] KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command Singh, Brijesh 2019-07-10 20:13 ` [PATCH v3 06/11] KVM: SVM: Add KVM_SEV_RECEIVE_FINISH command Singh, Brijesh 2019-07-10 20:13 ` [PATCH v3 07/11] KVM: x86: Add AMD SEV specific Hypercall3 Singh, Brijesh 2019-07-10 20:13 ` [PATCH v3 08/11] KVM: X86: Introduce KVM_HC_PAGE_ENC_STATUS hypercall Singh, Brijesh 2019-07-10 20:13 ` [PATCH v3 09/11] KVM: x86: Introduce KVM_GET_PAGE_ENC_BITMAP ioctl Singh, Brijesh 2019-07-10 20:13 ` [PATCH v3 10/11] mm: x86: Invoke hypercall when page encryption status is changed Singh, Brijesh 2019-07-10 20:13 ` [PATCH v3 11/11] KVM: x86: Introduce KVM_SET_PAGE_ENC_BITMAP ioctl Singh, Brijesh 2019-07-12 15:52 ` Konrad Rzeszutek Wilk [this message] 2019-07-12 16:31 ` [PATCH v3 00/11] Add AMD SEV guest live migration support Singh, Brijesh
Reply instructions: You may reply publically to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190712155215.GA12840@char.us.oracle.com \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
KVM Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/kvm/0 kvm/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 kvm kvm/ https://lore.kernel.org/kvm \ firstname.lastname@example.org email@example.com public-inbox-index kvm Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/org.kernel.vger.kvm AGPL code for this site: git clone https://public-inbox.org/ public-inbox