[Virtio-fs] virtiofs: Support for SEV encrypted guests
Jim Cadden
jcadden at linux.vnet.ibm.com
Fri May 21 15:34:24 UTC 2021
Do you know if virtio-fs can support SEV encrypted guests?
I work on a project adding SEV support into kata containers. So far,
we've been unable to boot SEV guests
with kata's virtio-fs option (and use virtio-9p instead):
May 19 16:52:05 sev1 virtiofsd[74904]: [ID: 00074904]
virtio_session_mount: Received vhost-user socket connection
May 19 16:52:05 sev1 virtiofsd[74914]: [ID: 00000001] virtio_loop: Entry
...
May 19 16:52:07 sev1 virtiofsd[74914]: [ID: 00000001] virtio_loop: Got
VU event
May 19 16:52:07 sev1 virtiofsd[74914]: [ID: 00000001] fv_panic:
libvhost-user: Invalid vring_addr message
I know that other virtio devices use iommu and DMA apis to share
non-encrypted pages between the host
and encrypted guest. Could something similar be done with virtiofsd
andthe virtio-fs virtio device?
There are reported problems with vhost-user and SEV:
https://bugzilla.redhat.com/show_bug.cgi?id=1797058
Thanks for any insight,
Jim
More information about the Virtio-fs
mailing list