On 01.09.21 19:50, Sean Christopherson wrote:

On Wed, Sep 01, 2021, David Hildenbrand wrote:

quoted

quoted

quoted

quoted

Well not necessarily, but it depends how clever we want to get.  If
you look over on the OVMF/edk2 list, there's a proposal to do guest
migration via a mirror VM that invokes a co-routine embedded in the
OVMF binary:

Yes, I heard of that. "Interesting" design.

Heh, well what other suggestion do you have?  The problem is there
needs to be code somewhere to perform some operations that's trusted by
both the guest and the host.  The only element for a confidential VM
that has this shared trust is the OVMF firmware, so it seems logical to
use it.

<offtopic>

Let me put it this way: I worked with another architecture that doesn't
fault on access of a secure page, but instead automatically exports/encrypts

I thought s390 does fault on insecure accesses to secure pages, and it's the
kernel's fault handler that "automatically" converts the page?  E.g. trap 0x3d
-> do_secure_storage_access() -> arch_make_page_accessible().

"automatic" as in "the kernel can do it easily automatically under the 
hood when accessing such memory", yes that's what I meant :)

-- 
Thanks,

David / dhildenb