[edk2-devel] [RFC PATCH 0/9] Firmware Support for Fast Live Migration for AMD SEV

Tobin Feldman-Fitzthum posted 9 patches 1 year ago
Failed in applying to current master (apply log)
OvmfPkg/OvmfPkg.dec                           |  13 +
OvmfPkg/AmdSev/AmdSevX64.dsc                  |   2 +
OvmfPkg/AmdSev/AmdSevX64.fdf                  |  16 +-
.../ConfidentialMigrationDxe.inf              |  38 +++
.../ConfidentialMigrationPei.inf              |  37 +++
OvmfPkg/PlatformPei/PlatformPei.inf           |   2 +
OvmfPkg/ResetVector/ResetVector.inf           |   1 +
.../ConfidentialMigration/VirtualMemory.h     | 177 ++++++++++++
.../ConfidentialMigrationDxe.c                | 272 ++++++++++++++++++
.../ConfidentialMigrationPei.c                |  31 ++
OvmfPkg/PlatformPei/Platform.c                |  10 +
.../MigrationEntryPoint.nasm                  |  51 ++++
OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm  |  13 +
OvmfPkg/ResetVector/ResetVector.nasmb         |   1 +
14 files changed, 660 insertions(+), 4 deletions(-)
create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf
create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf
create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/VirtualMemory.h
create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c
create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.c
create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/MigrationEntryPoint.nasm
[edk2-devel] [RFC PATCH 0/9] Firmware Support for Fast Live Migration for AMD SEV
Posted by Tobin Feldman-Fitzthum 1 year ago
With AMD SEV the hypervisor cannot decrypt or move guest memory pages. 
This makes migration tricky. While the AMD Secure Processor can
export/import pages wrapped with a transport key, the bandwidth is
limited. We look to provide similar support via firmware. In particular,
we implement a Migration Handler (MH) in OVMF. The MH runs in a separate
mirror VM that shares the memory of the guest. To migrate a guest, the
HV asks the MH on the source to export wrapped pages, which the MH
on the target will import. To start the MH on the source or the target
the HV boots the mirror VM to a custom entry vector implemented in these
patches.

This RFC does not include encryption support. The pages are passed
to/from the HV in plaintext. This RFC depends on mirror VM support
already upstreamed in KVM, AMD page encryption status tracking
(Ashish Kalra's v6 OVMF live migration patches), mirror VM support in
QEMU (Ashish's v1 QEMU RFC), page encryption status tracking support in
QEMU (Ashish QEMU guest live migration support v4), and MH support in
QEMU (coming soon). This RFC is aimed at SEV only. The general design
carries over to SEV-ES and SEV-SNP, but extra support is required.

Dov Murik (1):
  OvmfPkg/AmdSev: Build page table for migration handler

Tobin Feldman-Fitzthum (8):
  OvmfPkg/AmdSev: Base for Confidential Migration Handler
  OvmfPkg/PlatfomPei: Set Confidential Migration PCD
  OvmfPkg/AmdSev: Setup Migration Handler Mailbox
  OvmfPkg/AmdSev: MH support for mailbox protocol
  OvmfPkg/AmdSev: Don't overwrite mailbox or pagetables
  OvmfPkg/AmdSev: Don't overwrite MH stack
  OvmfPkg/AmdSev: Add Migration Handler entry point
  OvmfPkg/ResetVector: Expose Migration Handler Entry Addresses

 OvmfPkg/OvmfPkg.dec                           |  13 +
 OvmfPkg/AmdSev/AmdSevX64.dsc                  |   2 +
 OvmfPkg/AmdSev/AmdSevX64.fdf                  |  16 +-
 .../ConfidentialMigrationDxe.inf              |  38 +++
 .../ConfidentialMigrationPei.inf              |  37 +++
 OvmfPkg/PlatformPei/PlatformPei.inf           |   2 +
 OvmfPkg/ResetVector/ResetVector.inf           |   1 +
 .../ConfidentialMigration/VirtualMemory.h     | 177 ++++++++++++
 .../ConfidentialMigrationDxe.c                | 272 ++++++++++++++++++
 .../ConfidentialMigrationPei.c                |  31 ++
 OvmfPkg/PlatformPei/Platform.c                |  10 +
 .../MigrationEntryPoint.nasm                  |  51 ++++
 OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm  |  13 +
 OvmfPkg/ResetVector/ResetVector.nasmb         |   1 +
 14 files changed, 660 insertions(+), 4 deletions(-)
 create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf
 create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf
 create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/VirtualMemory.h
 create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c
 create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.c
 create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/MigrationEntryPoint.nasm

-- 
2.20.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#79517): https://edk2.groups.io/g/devel/message/79517
Mute This Topic: https://groups.io/mt/84982978/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-