qemu/doc-update-AMD-SEV-to-include-Live-migration-flow.patch

From 2da2e7ebea456360cc41881ff2e4a81a03b6d10c Mon Sep 17 00:00:00 2001
From: Brijesh Singh <brijesh.singh@amd.com>
Date: Thu, 7 May 2020 22:26:17 +0000
Subject: [PATCH] doc: update AMD SEV to include Live migration flow

cherry-picked from https://github.com/AMDESE/qemu/commit/0e2b3d80e3.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
Signed-off-by: hanliyang <hanliyang@hygon.cn>
---
 docs/system/i386/amd-memory-encryption.rst | 40 +++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/docs/system/i386/amd-memory-encryption.rst b/docs/system/i386/amd-memory-encryption.rst
index e9bc142bc1..b7e3f46ff6 100644
--- a/docs/system/i386/amd-memory-encryption.rst
+++ b/docs/system/i386/amd-memory-encryption.rst
@@ -177,7 +177,45 @@ TODO
 Live Migration
 ---------------
 
-TODO
+AMD SEV encrypts the memory of VMs and because a different key is used
+in each VM, the hypervisor will be unable to simply copy the
+ciphertext from one VM to another to migrate the VM. Instead the AMD SEV Key
+Management API provides sets of function which the hypervisor can use
+to package a guest page for migration, while maintaining the confidentiality
+provided by AMD SEV.
+
+SEV guest VMs have the concept of private and shared memory. The private
+memory is encrypted with the guest-specific key, while shared memory may
+be encrypted with the hypervisor key. The migration APIs provided by the
+SEV API spec should be used for migrating the private pages. The
+KVM_GET_PAGE_ENC_BITMAP ioctl can be used to get the guest page encryption
+bitmap. The bitmap can be used to check if the given guest page is
+private or shared.
+
+Before initiating the migration, we need to know the targets machine's public
+Diffie-Hellman key (PDH) and certificate chain. It can be retrieved
+with the 'query-sev-capabilities' QMP command or using the sev-tool. The
+migrate-set-parameter can be used to pass the target machine's PDH and
+certificate chain.
+
+During the migration flow, the SEND_START is called on the source hypervisor
+to create an outgoing encryption context. The SEV guest policy dictates whether
+the certificate passed through the migrate-sev-set-info command will be
+validated. SEND_UPDATE_DATA is called to encrypt the guest private pages.
+After migration is completed, SEND_FINISH is called to destroy the encryption
+context and make the VM non-runnable to protect it against cloning.
+
+On the target machine, RECEIVE_START is called first to create an
+incoming encryption context. The RECEIVE_UPDATE_DATA is called to copy
+the received encrypted page into guest memory. After migration has
+completed, RECEIVE_FINISH is called to make the VM runnable.
+
+For more information about the migration see SEV API Appendix A
+Usage flow (Live migration section).
+
+NOTE:
+To protect against the memory clone SEV APIs are designed to make the VM
+unrunnable in case of the migration failure.
 
 References
 ----------
-- 
2.41.0.windows.1
QEMU update to version 8.2.0-18: - hw/loongarch/virt: Fix FDT memory node address width - hw/loongarch: Fix fdt memory node wrong 'reg' - load_elf: fix iterator's type for elf file processing - migration/colo: Fix bdrv_graph_rdlock_main_loop: Assertion `!qemu_in_… - target/i386: no single-step exception after MOV or POP SS - char-stdio: Restore blocking mode of stdout on exit - backends/cryptodev-builtin: Fix local_error leaks - target/loongarch: fix a wrong print in cpu dump - virtio-pci: fix use of a released vector - target/arm: Disable SVE extensions when SVE is disabled - hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE - target/i386: Introduce SapphireRapids-v3 to add missing features - virtio-net: Ensure queue index fits with RSS (CVE-2024-6505) - nbd/server: CVE-2024-7409: Avoid use-after-free when closing server - update io/trace-events. Parameters should remain consistent. - update docs/tools/virtfs-proxy-helper.rst. This place is spelled wrong. - kvm: Add support for CSV2 reboot - target/i386/kvm: Fix the resettable info when emulate Hygon CSV2 guest - target/i386: get/set/migrate GHCB state - target/i386: csv: Add support for migrate VMSA for CSV2 guest - migration/ram: Accelerate the loading of CSV guest's encrypted pages - migration/ram: Accelerate the transmission of CSV guest's encrypted pages - target/i386: csv: add support to load incoming encrypted pages queued in the CMD list - target/i386: csv: add support to queue the incoming page into a list - target/i386: csv: add support to encrypt the outgoing pages in the list queued before. - target/i386: csv: add support to queue the outgoing page into a list - target/i386: csv: Read cert chain from file when prepared for CSV live migration - target/i386: Introduce header file csv.h - migration/ram: Fix calculation of gfn correpond to a page in ramblock - target/i386: sev: Clear shared_regions_list when reboot CSV Guest - migration/ram: Force encrypted status for VGA vram - target/i386: sev: Return 0 if sev_send_get_packet_len() fails - kvm: Add support for userspace MSR filtering and handling of MSR_KVM_MIGRATION_CONTROL. - migration/ram: Force encrypted status for flash0 & flash1 devices. - migration/ram: add support to send encrypted pages - migration: add support to migrate shared regions list - kvm: Add support for SEV shared regions list and KVM_EXIT_HYPERCALL. - target/i386: sev: add support to load incoming encrypted page - target/i386: sev: add support to encrypt the outgoing page - target/i386: sev: do not create launch context for an incoming guest - target/i386: sev: provide callback to setup outgoing context - confidential guest support: introduce ConfidentialGuestMemoryEncryptionOps for encrypted VMs - migration.json: add AMD SEV specific migration parameters - doc: update AMD SEV to include Live migration flow - crypto/tlscredspsk: Free username on finalize - hw/nvme: fix leak of uninitialized memory in io_mgmt_recv - hw/display/vhost-user-gpu.c: fix vhost_user_gpu_chr_read() - cvm : Implement command blacklist for cvm security enhancement - crypto: Introduce SM3 hash hmac pbkdf algorithm - virtio-net: Use virtual time for RSC timers - vvfat: Fix bug in writing to middle of file - hw/core/ptimer: fix timer zero period condition for freq > 1GHz - hw/misc: support vpsp Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> 2024-09-18 15:20:53 +08:00			`From 2da2e7ebea456360cc41881ff2e4a81a03b6d10c Mon Sep 17 00:00:00 2001`
			`From: Brijesh Singh <brijesh.singh@amd.com>`
			`Date: Thu, 7 May 2020 22:26:17 +0000`
			`Subject: [PATCH] doc: update AMD SEV to include Live migration flow`

			`cherry-picked from https://github.com/AMDESE/qemu/commit/0e2b3d80e3.`

			`Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>`
			`Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>`
			`Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>`
			`Signed-off-by: hanliyang <hanliyang@hygon.cn>`
			`---`
			`docs/system/i386/amd-memory-encryption.rst \| 40 +++++++++++++++++++++-`
			`1 file changed, 39 insertions(+), 1 deletion(-)`

			`diff --git a/docs/system/i386/amd-memory-encryption.rst b/docs/system/i386/amd-memory-encryption.rst`
			`index e9bc142bc1..b7e3f46ff6 100644`
			`--- a/docs/system/i386/amd-memory-encryption.rst`
			`+++ b/docs/system/i386/amd-memory-encryption.rst`
			`@@ -177,7 +177,45 @@ TODO`
			`Live Migration`
			`---------------`

			`-TODO`
			`+AMD SEV encrypts the memory of VMs and because a different key is used`
			`+in each VM, the hypervisor will be unable to simply copy the`
			`+ciphertext from one VM to another to migrate the VM. Instead the AMD SEV Key`
			`+Management API provides sets of function which the hypervisor can use`
			`+to package a guest page for migration, while maintaining the confidentiality`
			`+provided by AMD SEV.`
			`+`
			`+SEV guest VMs have the concept of private and shared memory. The private`
			`+memory is encrypted with the guest-specific key, while shared memory may`
			`+be encrypted with the hypervisor key. The migration APIs provided by the`
			`+SEV API spec should be used for migrating the private pages. The`
			`+KVM_GET_PAGE_ENC_BITMAP ioctl can be used to get the guest page encryption`
			`+bitmap. The bitmap can be used to check if the given guest page is`
			`+private or shared.`
			`+`
			`+Before initiating the migration, we need to know the targets machine's public`
			`+Diffie-Hellman key (PDH) and certificate chain. It can be retrieved`
			`+with the 'query-sev-capabilities' QMP command or using the sev-tool. The`
			`+migrate-set-parameter can be used to pass the target machine's PDH and`
			`+certificate chain.`
			`+`
			`+During the migration flow, the SEND_START is called on the source hypervisor`
			`+to create an outgoing encryption context. The SEV guest policy dictates whether`
			`+the certificate passed through the migrate-sev-set-info command will be`
			`+validated. SEND_UPDATE_DATA is called to encrypt the guest private pages.`
			`+After migration is completed, SEND_FINISH is called to destroy the encryption`
			`+context and make the VM non-runnable to protect it against cloning.`
			`+`
			`+On the target machine, RECEIVE_START is called first to create an`
			`+incoming encryption context. The RECEIVE_UPDATE_DATA is called to copy`
			`+the received encrypted page into guest memory. After migration has`
			`+completed, RECEIVE_FINISH is called to make the VM runnable.`
			`+`
			`+For more information about the migration see SEV API Appendix A`
			`+Usage flow (Live migration section).`
			`+`
			`+NOTE:`
			`+To protect against the memory clone SEV APIs are designed to make the VM`
			`+unrunnable in case of the migration failure.`

			`References`
			`----------`
			`--`
			`2.41.0.windows.1`