[RFC PATCH 00/14] Firmware Support for Fast Live Migration for AMD SEV

["Tobin Feldman-Fitzthum" <tobin@linux.ibm.com>]

This is a demonstration of fast migration for encrypted virtual machines
using a Migration Handler that lives in OVMF. This demo uses AMD SEV,
but the ideas may generalize to other confidential computing platforms.
With AMD SEV, guest memory is encrypted and the hypervisor cannot access
or move it. This makes migration tricky. In this demo, we show how the
HV can ask a Migration Handler (MH) in the firmware for an encrypted
page. The MH encrypts the page with a transport key prior to releasing
it to the HV. The target machine also runs an MH that decrypts the page
once it is passed in by the target HV. These patches are not ready for
production, but the are a full end-to-end solution that facilitates a
fast live migration between two SEV VMs.

Corresponding patches for QEMU have been posted my colleague Dov Murik
on qemu-devel. Our approach needs little kernel support, requiring only
one hypercall that the guest can use to mark a page as encrypted or
shared. This series includes updated patches from Ashish Kalra and
Brijesh Singh that allow OVMF to use this hypercall. 

The MH runs continuously in the guest, waiting for communication from
the HV. The HV starts an additional vCPU for the MH but does not expose
it to the guest OS via ACPI. We use the MpService to start the MH. The
MpService is only available at runtime and processes that are started by
it are usually cleaned up on ExitBootServices. Since we need the MH to
run continuously, we had to make some modifications. Ideally a feature
could be added to the MpService to allow for the starting of
long-running processes. Besides migration, this could support other
background processes that need to operate within the encryption
boundary. For now, we have included a handful of patches that modify the
MpService to allow the MH to keep running after ExitBootServices. These
are temporary. 

Ashish Kalra (2):
  OvmfPkg/PlatformPei: Mark SEC GHCB page in the page encrpytion bitmap.
  OvmfPkg/PlatformDxe: Add support for SEV live migration.

Brijesh Singh (1):
  OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall

Dov Murik (1):
  OvmfPkg/AmdSev: Build page table for migration handler

Tobin Feldman-Fitzthum (10):
  OvmfPkg/AmdSev: Base for Confidential Migration Handler
  OvmfPkg/PlatfomPei: Set Confidential Migration PCD
  OvmfPkg/AmdSev: Setup Migration Handler Mailbox
  OvmfPkg/AmdSev: MH support for mailbox protocol
  UefiCpuPkg/MpInitLib: temp removal of MpLib cleanup
  UefiCpuPkg/MpInitLib: Allocate MP buffer as runtime memory
  UefiCpuPkg/CpuExceptionHandlerLib: Exception handling as runtime
    memory
  OvmfPkg/AmdSev: Don't overwrite mailbox or pagetables
  OvmfPkg/AmdSev: Don't overwrite MH stack
  OvmfPkg/AmdSev: MH page encryption POC

 OvmfPkg/OvmfPkg.dec                           |  11 +
 OvmfPkg/AmdSev/AmdSevX64.dsc                  |   2 +
 OvmfPkg/AmdSev/AmdSevX64.fdf                  |  13 +-
 .../ConfidentialMigrationDxe.inf              |  45 +++
 .../ConfidentialMigrationPei.inf              |  35 ++
 .../DxeMemEncryptSevLib.inf                   |   1 +
 .../PeiMemEncryptSevLib.inf                   |   1 +
 OvmfPkg/PlatformDxe/Platform.inf              |   2 +
 OvmfPkg/PlatformPei/PlatformPei.inf           |   2 +
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |   2 +
 UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf |   2 +
 OvmfPkg/AmdSev/ConfidentialMigration/MpLib.h  | 235 +++++++++++++
 .../ConfidentialMigration/VirtualMemory.h     | 177 ++++++++++
 OvmfPkg/Include/Guid/MemEncryptLib.h          |  16 +
 OvmfPkg/PlatformDxe/PlatformConfig.h          |   5 +
 .../ConfidentialMigrationDxe.c                | 325 ++++++++++++++++++
 .../ConfidentialMigrationPei.c                |  25 ++
 .../X64/PeiDxeVirtualMemory.c                 |  18 +
 OvmfPkg/PlatformDxe/AmdSev.c                  |  99 ++++++
 OvmfPkg/PlatformDxe/Platform.c                |   6 +
 OvmfPkg/PlatformPei/AmdSev.c                  |  10 +
 OvmfPkg/PlatformPei/Platform.c                |  10 +
 .../CpuExceptionHandlerLib/DxeException.c     |   8 +-
 UefiCpuPkg/Library/MpInitLib/DxeMpLib.c       |  21 +-
 UefiCpuPkg/Library/MpInitLib/MpLib.c          |   7 +-
 25 files changed, 1061 insertions(+), 17 deletions(-)
 create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf
 create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf
 create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/MpLib.h
 create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/VirtualMemory.h
 create mode 100644 OvmfPkg/Include/Guid/MemEncryptLib.h
 create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c
 create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.c
 create mode 100644 OvmfPkg/PlatformDxe/AmdSev.c

-- 
2.20.1