On Mon, 3 Feb 2020 08:19:20 -0500 Christian Borntraeger <borntraeger@xxxxxxxxxx> wrote: > Protected VMs (PVM) are KVM VMs, where KVM can't access the VM's state > like guest memory and guest registers anymore. Instead the PVMs are > mostly managed by a new entity called Ultravisor (UV), which provides > an API, so KVM and the PV can request management actions. > > PVMs are encrypted at rest and protected from hypervisor access while > running. They switch from a normal operation into protected mode, so > we can still use the standard boot process to load a encrypted blob > and then move it into protected mode. > > Rebooting is only possible by passing through the unprotected/normal > mode and switching to protected again. > > All patches are in the protvirtv2 branch of the korg s390 kvm git > (on top of Janoschs reset rework). > > Claudio presented the technology at his presentation at KVM Forum > 2019. Do you have a changelog from v1 somewhere? > > This contains a "pretty small" common code memory management change that > will allow paging, guest backing with files etc almost just like normal > VMs. Please note that the memory management part will still see some > changes to deal with a corner case for the adapter interrupt indicator > pages. So please focus on the non-mm parts (which hopefully has > everthing addressed in the next version). Claudio will work with Andrea > regarding this.
