On Mon, Mar 04, 2019 at 10:33:04AM +0000, Daniel P. Berrangé wrote:
On Thu, Feb 28, 2019 at 11:16:30PM +0000, Carvalho, Larkins L wrote:
Hello Team,
Greetings. We want to add Intel MKTME support to the Libvirt. Intel MKTME is a capability to encrypt entirety of physical memory of a system similar to AMD SEV.
Please let us know what are the expectations from us to initiate the design and development of the feature.
Libvirt is likely dependant on QEMU / KVM to implement the low level parts of this feature. So what is the status of QEMU / KVM work in this area ? If it already exists, can you outline how it is used.
Seems like the related Linux kernel patch series is not merged yet: https://lwn.net/Articles/758313/ ("MKTME enabling")
I get the feeling the impl is quite different from AMD SEV, but if there's any scope to use similar/overlapping libvirt design in libvirt that is highly desirable.
-- /kashyap