SEV Live Migration Support in OVMF

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: Ashish Kalra <ashish.kalra@amd.com>
To: devel@edk2.groups.io
Cc: brijesh.singh@amd.com, Thomas.Lendacky@amd.com
Subject: SEV Live Migration Support in OVMF
Date: Fri, 17 Apr 2020 20:26:19 +0000	[thread overview]
Message-ID: <20200417202619.GA4304@ashkalra_ubuntu_server> (raw)

This is with reference to adding SEV Live migration support in OVMF,
which basically is adding a hypercall as part of the
MemEncryptSevClearPageEncMask() function. 

We unconditionally make a hypercall and if the hypercall succeeds 
then it can sets a new UEFI environment variable
"SevLiveMigrationEnabled" which indicates it supports the feature to the OS. 
OS can later query whether feature is supported by OVMF by checking for
this variable using the UEFI runtime services. 

I tried doing this by setting the UEFI variable if the hypercall 
succeeds using the UEFI runtime services SetVariable() function, but 
it looks like the UEFI runtime services table library is only 
available to DXE and UEFI module types.

As OVMF's BaseMemEncryptLib module (which is doing the hypercall and then 
setting the variable) is a PEIM module, hence, it cannot call the 
UEFI runtime services and the build fails.

Now i am returning the hypercall return status up the caller chain, i.e, all the way upto
MemEncryptSevClearPageEncMask() and then set the Uefi variable 
in the above function which is running in DXE environment, so i believe that should work.

Sharing the above on the development list for any feedback, comments or
suggestions on this support and our current approach for the same.

Thanks,
Ashish

next             reply	other threads:[~2020-04-17 20:26 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-17 20:26 Ashish Kalra [this message]
2020-04-18  0:26 ` SEV Live Migration Support in OVMF Ashish Kalra

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200417202619.GA4304@ashkalra_ubuntu_server \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox