* SEV Live Migration Support in OVMF
@ 2020-04-17 20:26 Ashish Kalra
2020-04-18 0:26 ` Ashish Kalra
0 siblings, 1 reply; 2+ messages in thread
From: Ashish Kalra @ 2020-04-17 20:26 UTC (permalink / raw)
To: devel; +Cc: brijesh.singh, Thomas.Lendacky
This is with reference to adding SEV Live migration support in OVMF,
which basically is adding a hypercall as part of the
MemEncryptSevClearPageEncMask() function.
We unconditionally make a hypercall and if the hypercall succeeds
then it can sets a new UEFI environment variable
"SevLiveMigrationEnabled" which indicates it supports the feature to the OS.
OS can later query whether feature is supported by OVMF by checking for
this variable using the UEFI runtime services.
I tried doing this by setting the UEFI variable if the hypercall
succeeds using the UEFI runtime services SetVariable() function, but
it looks like the UEFI runtime services table library is only
available to DXE and UEFI module types.
As OVMF's BaseMemEncryptLib module (which is doing the hypercall and then
setting the variable) is a PEIM module, hence, it cannot call the
UEFI runtime services and the build fails.
Now i am returning the hypercall return status up the caller chain, i.e, all the way upto
MemEncryptSevClearPageEncMask() and then set the Uefi variable
in the above function which is running in DXE environment, so i believe that should work.
Sharing the above on the development list for any feedback, comments or
suggestions on this support and our current approach for the same.
Thanks,
Ashish
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: SEV Live Migration Support in OVMF
2020-04-17 20:26 SEV Live Migration Support in OVMF Ashish Kalra
@ 2020-04-18 0:26 ` Ashish Kalra
0 siblings, 0 replies; 2+ messages in thread
From: Ashish Kalra @ 2020-04-18 0:26 UTC (permalink / raw)
To: devel; +Cc: brijesh.singh, Thomas.Lendacky
While testing this i found that the Uefi Variable module is loaded much
later after AmdSevDxe module is loaded, hence the SetVariable() runtime
service is available much later, so now i am setting this new
Uefi variable as part of AmdIoMmuDxe module IoMmuMap() call.
Thanks,
Ashish
On Fri, Apr 17, 2020 at 08:26:19PM +0000, Ashish Kalra wrote:
>
> This is with reference to adding SEV Live migration support in OVMF,
> which basically is adding a hypercall as part of the
> MemEncryptSevClearPageEncMask() function.
>
> We unconditionally make a hypercall and if the hypercall succeeds
> then it can sets a new UEFI environment variable
> "SevLiveMigrationEnabled" which indicates it supports the feature to the OS.
> OS can later query whether feature is supported by OVMF by checking for
> this variable using the UEFI runtime services.
>
> I tried doing this by setting the UEFI variable if the hypercall
> succeeds using the UEFI runtime services SetVariable() function, but
> it looks like the UEFI runtime services table library is only
> available to DXE and UEFI module types.
>
> As OVMF's BaseMemEncryptLib module (which is doing the hypercall and then
> setting the variable) is a PEIM module, hence, it cannot call the
> UEFI runtime services and the build fails.
>
> Now i am returning the hypercall return status up the caller chain, i.e, all the way upto
> MemEncryptSevClearPageEncMask() and then set the Uefi variable
> in the above function which is running in DXE environment, so i believe that should work.
>
> Sharing the above on the development list for any feedback, comments or
> suggestions on this support and our current approach for the same.
>
> Thanks,
> Ashish
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-04-18 0:27 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-17 20:26 SEV Live Migration Support in OVMF Ashish Kalra
2020-04-18 0:26 ` Ashish Kalra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox