Re: [Qemu-devel] [PATCH v3 06/14] hw/machine: introduce MachineMemoryEncryptionOps for encrypted VMs

Wed, 07 Aug 2019 09:37:04 -0700 

* Singh, Brijesh (brijesh.si...@amd.com) wrote:
> When memory encryption is enabled in VM, the guest RAM will be encrypted
> with the guest-specific key, to protect the confidentiality of data while
> in transit we need to platform specific hooks to save or migrate the
> guest RAM. The MemoryEncryptionOps introduced in this patch will be later
> used by the migration.
> 
> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>

OK, I can imagine adding some Error ** parameters to those perhaps or
maybe some different length types; but for now that's a good start;

Reviewed-by: Dr. David Alan Gilbert <dgilb...@redhat.com>

> ---
>  include/hw/boards.h | 24 ++++++++++++++++++++++++
>  1 file changed, 24 insertions(+)
> 
> diff --git a/include/hw/boards.h b/include/hw/boards.h
> index c5446a39cf..ba80c236fe 100644
> --- a/include/hw/boards.h
> +++ b/include/hw/boards.h
> @@ -105,6 +105,29 @@ typedef struct {
>      CPUArchId cpus[0];
>  } CPUArchIdList;
>  
> +/**
> + * The functions registers with MachineMemoryEncryptionOps will be used 
> during
> + * the encrypted guest migration.
> + */
> +struct MachineMemoryEncryptionOps {
> +    /* Initialize the platform specific state before starting the migration 
> */
> +    int (*save_setup)(const char *pdh, const char *plat_cert,
> +                      const char *amd_cert);
> +
> +    /* Write the encrypted page and metadata associated with it */
> +    int (*save_outgoing_page)(QEMUFile *f, uint8_t *ptr, uint32_t size,
> +                              uint64_t *bytes_sent);
> +
> +    /* Load the incoming encrypted page into guest memory */
> +    int (*load_incoming_page)(QEMUFile *f, uint8_t *ptr);
> +
> +    /* Write the page encryption state bitmap */
> +    int (*save_outgoing_bitmap)(QEMUFile *f);
> +
> +    /* Load the incoming page encryption bitmap */
> +    int (*load_incoming_bitmap)(QEMUFile *f);
> +};
> +
>  /**
>   * MachineClass:
>   * @deprecation_reason: If set, the machine is marked as deprecated. The
> @@ -228,6 +251,7 @@ struct MachineClass {
>                                                           unsigned cpu_index);
>      const CPUArchIdList *(*possible_cpu_arch_ids)(MachineState *machine);
>      int64_t (*get_default_cpu_node_id)(const MachineState *ms, int idx);
> +    struct MachineMemoryEncryptionOps *memory_encryption_ops;
>  };
>  
>  /**
> -- 
> 2.17.1
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Reply via email to