* Singh, Brijesh (brijesh.si...@amd.com) wrote: > AMD SEV encrypts the memory of VMs and because this encryption is done using > an address tweak, the hypervisor will not be able to simply copy ciphertext > between machines to migrate a VM. Instead the AMD SEV Key Management API > provides a set of functions which the hypervisor can use to package a > guest encrypted pages for migration, while maintaining the confidentiality > provided by AMD SEV. > > The patch series add the support required in Qemu to perform the SEV > guest live migration. Before initiating the live migration a user > should use newly added 'migrate-set-sev-info' command to pass the > target machines certificate chain. See the docs/amd-memory-encryption.txt > for further details.
Note the two patchew errors: a) Mostly formatting; 80 char lines, /* comments etc - you should check your patches using scripts/checkpatch.pl to get rid of that lot. b) There are some build errors on non-x86 softmmu builds. Dave > The patch series depends on kernel patches available here: > https://marc.info/?l=kvm&m=156278967226011&w=2 > > The complete tree with patch is available at: > https://github.com/codomania/qemu/tree/sev-migration-v2 > > Changes since v1: > - use the dirty log sync APIs to also sync the page encryption bitmap > when SEV is active. > > Brijesh Singh (13): > linux-headers: update kernel header to include SEV migration commands > kvm: introduce high-level API to support encrypted page migration > migration/ram: add support to send encrypted pages > kvm: add support to sync the page encryption state bitmap > doc: update AMD SEV API spec web link > doc: update AMD SEV to include Live migration flow > target/i386: sev: do not create launch context for an incoming guest > misc.json: add migrate-set-sev-info command > target/i386: sev: add support to encrypt the outgoing page > target/i386: sev: add support to load incoming encrypted page > kvm: introduce high-level API to migrate the page encryption bitmap > migration: add support to migrate page encryption bitmap > target/i386: sev: remove migration blocker > > accel/kvm/kvm-all.c | 108 ++++++++ > accel/kvm/sev-stub.c | 22 ++ > accel/stubs/kvm-stub.c | 22 ++ > docs/amd-memory-encryption.txt | 44 +++- > include/exec/ram_addr.h | 161 +++++++++++- > include/exec/ramlist.h | 3 +- > include/sysemu/kvm.h | 25 ++ > include/sysemu/sev.h | 6 + > linux-headers/linux/kvm.h | 53 ++++ > migration/ram.c | 91 ++++++- > qapi/misc-target.json | 18 ++ > target/i386/monitor.c | 10 + > target/i386/sev-stub.c | 5 + > target/i386/sev.c | 455 +++++++++++++++++++++++++++++++-- > target/i386/sev_i386.h | 11 +- > target/i386/trace-events | 8 + > 16 files changed, 1016 insertions(+), 26 deletions(-) > > -- > 2.17.1 > -- Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK