[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3 06/14] hw/machine: introduce MachineMemoryEnc
From: |
Dr. David Alan Gilbert |
Subject: |
Re: [Qemu-devel] [PATCH v3 06/14] hw/machine: introduce MachineMemoryEncryptionOps for encrypted VMs |
Date: |
Wed, 7 Aug 2019 17:36:39 +0100 |
User-agent: |
Mutt/1.12.1 (2019-06-15) |
* Singh, Brijesh (address@hidden) wrote:
> When memory encryption is enabled in VM, the guest RAM will be encrypted
> with the guest-specific key, to protect the confidentiality of data while
> in transit we need to platform specific hooks to save or migrate the
> guest RAM. The MemoryEncryptionOps introduced in this patch will be later
> used by the migration.
>
> Signed-off-by: Brijesh Singh <address@hidden>
OK, I can imagine adding some Error ** parameters to those perhaps or
maybe some different length types; but for now that's a good start;
Reviewed-by: Dr. David Alan Gilbert <address@hidden>
> ---
> include/hw/boards.h | 24 ++++++++++++++++++++++++
> 1 file changed, 24 insertions(+)
>
> diff --git a/include/hw/boards.h b/include/hw/boards.h
> index c5446a39cf..ba80c236fe 100644
> --- a/include/hw/boards.h
> +++ b/include/hw/boards.h
> @@ -105,6 +105,29 @@ typedef struct {
> CPUArchId cpus[0];
> } CPUArchIdList;
>
> +/**
> + * The functions registers with MachineMemoryEncryptionOps will be used
> during
> + * the encrypted guest migration.
> + */
> +struct MachineMemoryEncryptionOps {
> + /* Initialize the platform specific state before starting the migration
> */
> + int (*save_setup)(const char *pdh, const char *plat_cert,
> + const char *amd_cert);
> +
> + /* Write the encrypted page and metadata associated with it */
> + int (*save_outgoing_page)(QEMUFile *f, uint8_t *ptr, uint32_t size,
> + uint64_t *bytes_sent);
> +
> + /* Load the incoming encrypted page into guest memory */
> + int (*load_incoming_page)(QEMUFile *f, uint8_t *ptr);
> +
> + /* Write the page encryption state bitmap */
> + int (*save_outgoing_bitmap)(QEMUFile *f);
> +
> + /* Load the incoming page encryption bitmap */
> + int (*load_incoming_bitmap)(QEMUFile *f);
> +};
> +
> /**
> * MachineClass:
> * @deprecation_reason: If set, the machine is marked as deprecated. The
> @@ -228,6 +251,7 @@ struct MachineClass {
> unsigned cpu_index);
> const CPUArchIdList *(*possible_cpu_arch_ids)(MachineState *machine);
> int64_t (*get_default_cpu_node_id)(const MachineState *ms, int idx);
> + struct MachineMemoryEncryptionOps *memory_encryption_ops;
> };
>
> /**
> --
> 2.17.1
>
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK
- Re: [Qemu-devel] [PATCH v3 03/14] migration.json: add AMD SEV specific migration parameters, (continued)
- [Qemu-devel] [PATCH v3 05/14] hw/machine: add helper to query the memory encryption state, Singh, Brijesh, 2019/08/06
- [Qemu-devel] [PATCH v3 02/14] doc: update AMD SEV to include Live migration flow, Singh, Brijesh, 2019/08/06
- [Qemu-devel] [PATCH v3 08/14] target/i386: sev: do not create launch context for an incoming guest, Singh, Brijesh, 2019/08/06
- [Qemu-devel] [PATCH v3 07/14] target/i386: sev: provide callback to setup outgoing context, Singh, Brijesh, 2019/08/06
- [Qemu-devel] [PATCH v3 06/14] hw/machine: introduce MachineMemoryEncryptionOps for encrypted VMs, Singh, Brijesh, 2019/08/06
- Re: [Qemu-devel] [PATCH v3 06/14] hw/machine: introduce MachineMemoryEncryptionOps for encrypted VMs,
Dr. David Alan Gilbert <=
- [Qemu-devel] [PATCH v3 10/14] target/i386: sev: add support to load incoming encrypted page, Singh, Brijesh, 2019/08/06
- [Qemu-devel] [PATCH v3 09/14] target/i386: sev: add support to encrypt the outgoing page, Singh, Brijesh, 2019/08/06
- [Qemu-devel] [PATCH v3 13/14] migration/ram: add support to send encrypted pages, Singh, Brijesh, 2019/08/06
- [Qemu-devel] [PATCH v3 11/14] migration: add support to migrate page encryption bitmap, Singh, Brijesh, 2019/08/06
- [Qemu-devel] [PATCH v3 14/14] target/i386: sev: remove migration blocker, Singh, Brijesh, 2019/08/06
- [Qemu-devel] [PATCH v3 12/14] kvm: add support to sync the page encryption state bitmap, Singh, Brijesh, 2019/08/06