[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v2 00/13] Add SEV guest live migration support
From: |
Singh, Brijesh |
Subject: |
[Qemu-devel] [PATCH v2 00/13] Add SEV guest live migration support |
Date: |
Wed, 10 Jul 2019 20:22:58 +0000 |
AMD SEV encrypts the memory of VMs and because this encryption is done using
an address tweak, the hypervisor will not be able to simply copy ciphertext
between machines to migrate a VM. Instead the AMD SEV Key Management API
provides a set of functions which the hypervisor can use to package a
guest encrypted pages for migration, while maintaining the confidentiality
provided by AMD SEV.
The patch series add the support required in Qemu to perform the SEV
guest live migration. Before initiating the live migration a user
should use newly added 'migrate-set-sev-info' command to pass the
target machines certificate chain. See the docs/amd-memory-encryption.txt
for further details.
The patch series depends on kernel patches available here:
https://marc.info/?l=kvm&m=156278967226011&w=2
The complete tree with patch is available at:
https://github.com/codomania/qemu/tree/sev-migration-v2
Changes since v1:
- use the dirty log sync APIs to also sync the page encryption bitmap
when SEV is active.
Brijesh Singh (13):
linux-headers: update kernel header to include SEV migration commands
kvm: introduce high-level API to support encrypted page migration
migration/ram: add support to send encrypted pages
kvm: add support to sync the page encryption state bitmap
doc: update AMD SEV API spec web link
doc: update AMD SEV to include Live migration flow
target/i386: sev: do not create launch context for an incoming guest
misc.json: add migrate-set-sev-info command
target/i386: sev: add support to encrypt the outgoing page
target/i386: sev: add support to load incoming encrypted page
kvm: introduce high-level API to migrate the page encryption bitmap
migration: add support to migrate page encryption bitmap
target/i386: sev: remove migration blocker
accel/kvm/kvm-all.c | 108 ++++++++
accel/kvm/sev-stub.c | 22 ++
accel/stubs/kvm-stub.c | 22 ++
docs/amd-memory-encryption.txt | 44 +++-
include/exec/ram_addr.h | 161 +++++++++++-
include/exec/ramlist.h | 3 +-
include/sysemu/kvm.h | 25 ++
include/sysemu/sev.h | 6 +
linux-headers/linux/kvm.h | 53 ++++
migration/ram.c | 91 ++++++-
qapi/misc-target.json | 18 ++
target/i386/monitor.c | 10 +
target/i386/sev-stub.c | 5 +
target/i386/sev.c | 455 +++++++++++++++++++++++++++++++--
target/i386/sev_i386.h | 11 +-
target/i386/trace-events | 8 +
16 files changed, 1016 insertions(+), 26 deletions(-)
--
2.17.1
- [Qemu-devel] [PATCH v2 00/13] Add SEV guest live migration support,
Singh, Brijesh <=
[Qemu-devel] [PATCH v2 05/13] doc: update AMD SEV API spec web link, Singh, Brijesh, 2019/07/10