On Mon, 3 Feb 2020 14:32:52 +0100 Christian Borntraeger <borntraeger@xxxxxxxxxx> wrote: > On 03.02.20 14:23, Cornelia Huck wrote: > > On Mon, 3 Feb 2020 08:19:20 -0500 > > Christian Borntraeger <borntraeger@xxxxxxxxxx> wrote: > > > >> Protected VMs (PVM) are KVM VMs, where KVM can't access the VM's state > >> like guest memory and guest registers anymore. Instead the PVMs are > >> mostly managed by a new entity called Ultravisor (UV), which provides > >> an API, so KVM and the PV can request management actions. > >> > >> PVMs are encrypted at rest and protected from hypervisor access while > >> running. They switch from a normal operation into protected mode, so > >> we can still use the standard boot process to load a encrypted blob > >> and then move it into protected mode. > >> > >> Rebooting is only possible by passing through the unprotected/normal > >> mode and switching to protected again. > >> > >> All patches are in the protvirtv2 branch of the korg s390 kvm git > >> (on top of Janoschs reset rework). > >> > >> Claudio presented the technology at his presentation at KVM Forum > >> 2019. > > > > Do you have a changelog from v1 somewhere? > > Probably too many things have changed. > > There is still the old branch protvirt that rebases almost fine on top of v5.5 > so here are the differences that I can see > - docs as rst instead of txt > - memory management now with paging > - MEMOP interface now different (new code points instead of abusing the old ones) > - prefix page handling with intercept 112 (prefix not secure) > - interrupt refreshing exits reworked according to review > - fencing in several ioctls > - based on reset rework > - fixes fixes and fixes And also some fixes? :) Ok, I think I'll be able to make my way through this.
