On 03.02.20 14:23, Cornelia Huck wrote: > On Mon, 3 Feb 2020 08:19:20 -0500 > Christian Borntraeger <borntraeger@xxxxxxxxxx> wrote: > >> Protected VMs (PVM) are KVM VMs, where KVM can't access the VM's state >> like guest memory and guest registers anymore. Instead the PVMs are >> mostly managed by a new entity called Ultravisor (UV), which provides >> an API, so KVM and the PV can request management actions. >> >> PVMs are encrypted at rest and protected from hypervisor access while >> running. They switch from a normal operation into protected mode, so >> we can still use the standard boot process to load a encrypted blob >> and then move it into protected mode. >> >> Rebooting is only possible by passing through the unprotected/normal >> mode and switching to protected again. >> >> All patches are in the protvirtv2 branch of the korg s390 kvm git >> (on top of Janoschs reset rework). >> >> Claudio presented the technology at his presentation at KVM Forum >> 2019. > > Do you have a changelog from v1 somewhere? Probably too many things have changed. There is still the old branch protvirt that rebases almost fine on top of v5.5 so here are the differences that I can see - docs as rst instead of txt - memory management now with paging - MEMOP interface now different (new code points instead of abusing the old ones) - prefix page handling with intercept 112 (prefix not secure) - interrupt refreshing exits reworked according to review - fencing in several ioctls - based on reset rework - fixes fixes and fixes > >> >> This contains a "pretty small" common code memory management change that >> will allow paging, guest backing with files etc almost just like normal >> VMs. Please note that the memory management part will still see some >> changes to deal with a corner case for the adapter interrupt indicator >> pages. So please focus on the non-mm parts (which hopefully has >> everthing addressed in the next version). Claudio will work with Andrea >> regarding this. >
