[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v3 06/14] hw/machine: introduce MachineMemoryEncrypt
From: |
Singh, Brijesh |
Subject: |
[Qemu-devel] [PATCH v3 06/14] hw/machine: introduce MachineMemoryEncryptionOps for encrypted VMs |
Date: |
Tue, 6 Aug 2019 16:54:51 +0000 |
When memory encryption is enabled in VM, the guest RAM will be encrypted
with the guest-specific key, to protect the confidentiality of data while
in transit we need to platform specific hooks to save or migrate the
guest RAM. The MemoryEncryptionOps introduced in this patch will be later
used by the migration.
Signed-off-by: Brijesh Singh <address@hidden>
---
include/hw/boards.h | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/include/hw/boards.h b/include/hw/boards.h
index c5446a39cf..ba80c236fe 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -105,6 +105,29 @@ typedef struct {
CPUArchId cpus[0];
} CPUArchIdList;
+/**
+ * The functions registers with MachineMemoryEncryptionOps will be used during
+ * the encrypted guest migration.
+ */
+struct MachineMemoryEncryptionOps {
+ /* Initialize the platform specific state before starting the migration */
+ int (*save_setup)(const char *pdh, const char *plat_cert,
+ const char *amd_cert);
+
+ /* Write the encrypted page and metadata associated with it */
+ int (*save_outgoing_page)(QEMUFile *f, uint8_t *ptr, uint32_t size,
+ uint64_t *bytes_sent);
+
+ /* Load the incoming encrypted page into guest memory */
+ int (*load_incoming_page)(QEMUFile *f, uint8_t *ptr);
+
+ /* Write the page encryption state bitmap */
+ int (*save_outgoing_bitmap)(QEMUFile *f);
+
+ /* Load the incoming page encryption bitmap */
+ int (*load_incoming_bitmap)(QEMUFile *f);
+};
+
/**
* MachineClass:
* @deprecation_reason: If set, the machine is marked as deprecated. The
@@ -228,6 +251,7 @@ struct MachineClass {
unsigned cpu_index);
const CPUArchIdList *(*possible_cpu_arch_ids)(MachineState *machine);
int64_t (*get_default_cpu_node_id)(const MachineState *ms, int idx);
+ struct MachineMemoryEncryptionOps *memory_encryption_ops;
};
/**
--
2.17.1
- Re: [Qemu-devel] [PATCH v3 03/14] migration.json: add AMD SEV specific migration parameters, (continued)
[Qemu-devel] [PATCH v3 05/14] hw/machine: add helper to query the memory encryption state, Singh, Brijesh, 2019/08/06
[Qemu-devel] [PATCH v3 02/14] doc: update AMD SEV to include Live migration flow, Singh, Brijesh, 2019/08/06
[Qemu-devel] [PATCH v3 08/14] target/i386: sev: do not create launch context for an incoming guest, Singh, Brijesh, 2019/08/06
[Qemu-devel] [PATCH v3 07/14] target/i386: sev: provide callback to setup outgoing context, Singh, Brijesh, 2019/08/06
[Qemu-devel] [PATCH v3 06/14] hw/machine: introduce MachineMemoryEncryptionOps for encrypted VMs,
Singh, Brijesh <=
[Qemu-devel] [PATCH v3 10/14] target/i386: sev: add support to load incoming encrypted page, Singh, Brijesh, 2019/08/06
[Qemu-devel] [PATCH v3 09/14] target/i386: sev: add support to encrypt the outgoing page, Singh, Brijesh, 2019/08/06
[Qemu-devel] [PATCH v3 13/14] migration/ram: add support to send encrypted pages, Singh, Brijesh, 2019/08/06
[Qemu-devel] [PATCH v3 11/14] migration: add support to migrate page encryption bitmap, Singh, Brijesh, 2019/08/06
[Qemu-devel] [PATCH v3 14/14] target/i386: sev: remove migration blocker, Singh, Brijesh, 2019/08/06