Re: [RFC v2] KVM: x86: Support KVM VMs sharing SEV context

[Paolo Bonzini]

On 09/04/21 03:18, James Bottomley wrote:
> If you want to share ASIDs you have to share the firmware that the
> running VM has been attested to.  Once the VM moves from LAUNCH to
> RUNNING, the PSP won't allow the VMM to inject any more firmware or do
> any more attestations.

I think Steve is suggesting to just change the RIP of the mirror VM, 
which would work for SEV but not SEV-ES (the RAM migration helper won't 
*suffice* for SEV-ES, but perhaps you could use the PSP to migrate the 
VMSA and the migration helper for the rest?).

If you want to use a single firmware binary, SEC does almost no I/O 
accesses (the exception being the library constructor from 
SourceLevelDebugPkg's SecPeiDebugAgentLib), so you probably can:

- detect the migration helper hardware in PlatformPei, either from 
fw_cfg or based on the lack of it

- either divert execution to the migration helper through 
gEfiEndOfPeiSignalPpiGuid, or if it's too late add a new boot mode and 
PPI to DxeLoadCore.

Paolo

> What you mirror after this point can thus only
> contain what has already been measured or what the guest added.  This
> is why we think there has to be a new entry path into the VM for the
> mirror vCPU.