On Tue, 11 Feb 2020 21:03:17 +0100 Christian Borntraeger <borntraeger@xxxxxxxxxx> wrote: > On 11.02.20 13:23, Thomas Huth wrote: > > On 07/02/2020 12.39, Christian Borntraeger wrote: > >> +The switch into PV mode lets us load encrypted guest executables and > > > > Maybe rather: "After the switch into PV mode, the guest can load ..." ? > > No its not after the switch. By doing the switch the guest image can be loaded > fro anywhere because it is just like a kernel. > > So I will do: > > As the guest image is just like an opaque kernel image that does the > switch into PV mode itself, the user can load encrypted guest > executables and data via every available method (network, dasd, scsi, > direct kernel, ...) without the need to change the boot process. Sounds good to me. (...) > >> +All non-decrypted data of the guest before it switches to protected > >> +virtualization mode are zero on first access of the PV. > > > > Before it switches to protected virtualization mode, all non-decrypted > > data of the guest are ... ? > > No, this is about the data after the initial import. > What about > > After the initial import of the encrypted data all defined pages will s/data/data,/ > contain the guest content. All non-specified pages will start out as > zero pages on first access. Also sounds good to me. (...)
