Hello, I have the following questions regarding the KVM architecture. I looked at the slides available at linux-kvm.org, but didn't find definitive answers. I'm also interested to learn if given feature is or is not planned for the near future. The questions follow: 1) Do you have any support for para-virtualized VMs? In particular, is it possible to move the qemu from the host to one of the VMs? Perhaps to have a separate copy of qemu for each VM? (ala Xen's stub-domains) 2) Is it possible to have driver domains in KVM? E.g. I would like to assign my NIC to one VM (a "network domain") and then I would like other domains to use this network domain for networking. In case of Xen, this is done by moving the network backend (which is not qemu BTW) into the network domain, and configuring the network frontends in other VMs to talk to this network domain's backend, rather then to Dom0's backend (in fact you can get rid of all the networking in Dom0). 3) Do you have any support for TXT-based trusted boot? I guess you indirectly have via tboot. However, how do you deal with VT-d protections? The tboot.gz should normally DMA-protect memory before handing execution over to Linux kernel. But then you need to allow your drivers to work. Do you unprotect all the memory for DMA, or do you have some support for selectively unprotect only those regions of memory which are needed by (some) drivers? If the latter, how do you determine which memory should be DMA-unprotected? 4) Do you have some method of excluding particular PCI devices from being initialized by your host Linux? E.g. those devices that are later to be assigned to some VMs (via VT-d passthrough)? Thanks, I would appreciate any answers. Please note I'm not subscribed to the list, so won't get your response if sent only to the list. Regards, joanna. -- Joanna Rutkowska Founder/CEO Invisible Things Lab http://invisiblethingslab.com/
Attachment:
signature.asc
Description: OpenPGP digital signature
