On Wed, Feb 21, 2024 at 08:16:50PM +0100, Hans-Jörg Höxer wrote:
> Hi everyone,
>
> I spent some time on exploring and expermimentig with AMDs SEV (VM with
> encrypted memory).  And I'd like to share my current results:
>
> o I implemented basic proof-of-concept SEV support to both the host
>   (generic kernel and vmd(8)) and guest (generic kernel).
>
> o DMA and virtio(4) has still some issues.
>
> o I'm able to boot bsd.rd and start download and installation of
>   snapshots; however fails to complete due to DMA issues.
>
> o I can boot a pre-installed system multi-user with generic kernel as
>   SEV guest.  The system is stable enough to log in and "look around".
>   But I guess it'll show same DMA issues as bsd.rd as soon as there is
>   some load.
>
> This is all proof-of-concept and far from complete.  I just crammed
> things in and hacked code all over the place.  Just to get things come
> to life quickly.
>
> Nonetheless, I think this is good enough to share and to discuss how to
> do things the right way.  Then ditch everything and rewrite.
>
> To get this started, see the attached diff.

-snip-

> DIFF
> ====
>
> So, enough said.  See the diff below and let me know what you think.
>
> Have fund and take care,
> Hans-Joerg
>

this is really cool and a good start. I'll read through it and see if I have
any thoughts, but a first quick glance seems like it's probably the right
direction.

thanks!

-ml

(cut the rest of the diff out since it's huge and I made no further comments)