On Mon, Mar 04, 2019 at 10:33:04AM +0000, Daniel P. Berrangé wrote:
On Thu, Feb 28, 2019 at 11:16:30PM +0000, Carvalho, Larkins L wrote:
> Hello Team,
>
> Greetings.
> We want to add Intel MKTME support to the Libvirt.
> Intel MKTME is a capability to encrypt entirety of physical memory of a
> system similar to AMD SEV.
>
> Please let us know what are the expectations from us to initiate the
> design and development of the feature.
Libvirt is likely dependant on QEMU / KVM to implement the low level
parts of this feature. So what is the status of QEMU / KVM work in
this area ? If it already exists, can you outline how it is used.
Seems like the related Linux kernel patch series is not merged yet:
https://lwn.net/Articles/758313/ ("MKTME enabling")
I get the feeling the impl is quite different from AMD SEV, but if
there's any scope to use similar/overlapping libvirt design in libvirt
that is highly desirable.
--
/kashyap