20-24 September 2021
US/Pacific timezone

Live Migration of Confidential VMs

21 Sep 2021, 07:30
30m
Microconference2/Virtual-Room (LPC Virtual)

Microconference2/Virtual-Room

LPC Virtual

150
Confidential Computing MC Confidential Computing MC

Speaker

Ashish Kalra

Description

Discussion on Live Migration of AMD SEV encrypted VMs.

Link to the latest posted (KVM) patch for SEV live migration :
https://lore.kernel.org/lkml/cover.1623174621.git.ashish.kalra@amd.com/

Discussions on Guest APIs, specifically if the APIs can cover both
AMD SEV and Intel TDX platforms and exploring common interfaces
which can be re-used for both the above platforms, for example,
exploring a common hypercall API interface, with reference
to the posted KVM patch-set.

Link to related discussion on the same topic:
https://lore.kernel.org/lkml/YJv5bjd0xThIahaa@google.com/

SEV Live Migration Acceleration uses an alternative migration
approach relying on a Migration Helper (MH) running in guest
context. The fast migration for encrypted virtual
machines typically use a Migration Handler that lives in OVMF.

As part of this microconference, we can have additional
discussions on the design and development of the MH, especially,
the suggested approach to use KVM/Qemu Mirror VM concept to
run the MH in a Mirror VM/vCPU which runs in parallel to the
primary encrypted VM in the same Qemu process context.

Links to posting for the above on KVM and Qemu development
lists : https://lore.kernel.org/lkml/SN6PR12MB276727DE9AFD387B11C404418E3E9@SN6PR12MB2767.namprd12.prod.outlook.com/

I agree to abide by the anti-harassment policy I agree

Primary author

Ashish Kalra

Presentation Materials