[Virtio-fs] virtiofs: Support for SEV encrypted guests

Jim Cadden jcadden at linux.vnet.ibm.com
Fri May 21 15:34:24 UTC 2021


Do you know if virtio-fs can support SEV encrypted guests?

I work on a project adding SEV support into kata containers. So far, 
we've been unable to boot SEV guests
with kata's virtio-fs option (and use virtio-9p instead):

May 19 16:52:05 sev1 virtiofsd[74904]: [ID: 00074904] 
virtio_session_mount: Received vhost-user socket connection
May 19 16:52:05 sev1 virtiofsd[74914]: [ID: 00000001] virtio_loop: Entry
...
May 19 16:52:07 sev1 virtiofsd[74914]: [ID: 00000001] virtio_loop: Got 
VU event
May 19 16:52:07 sev1 virtiofsd[74914]: [ID: 00000001] fv_panic: 
libvhost-user: Invalid vring_addr message

I know that other virtio devices use iommu and DMA apis to share 
non-encrypted pages between the host
and encrypted guest. Could something similar be done with virtiofsd 
andthe virtio-fs virtio device?

There are reported problems with vhost-user and SEV: 
https://bugzilla.redhat.com/show_bug.cgi?id=1797058

Thanks for any insight,
Jim




More information about the Virtio-fs mailing list