From: Mike Larkin Subject: Re: vmd(8), vmm(4): Experimental support for AMD SEV To: Hans-Jörg Höxer Cc: tech@openbsd.org Date: Wed, 21 Feb 2024 15:03:23 -0800 On Wed, Feb 21, 2024 at 08:16:50PM +0100, Hans-Jörg Höxer wrote: > Hi everyone, > > I spent some time on exploring and expermimentig with AMDs SEV (VM with > encrypted memory). And I'd like to share my current results: > > o I implemented basic proof-of-concept SEV support to both the host > (generic kernel and vmd(8)) and guest (generic kernel). > > o DMA and virtio(4) has still some issues. > > o I'm able to boot bsd.rd and start download and installation of > snapshots; however fails to complete due to DMA issues. > > o I can boot a pre-installed system multi-user with generic kernel as > SEV guest. The system is stable enough to log in and "look around". > But I guess it'll show same DMA issues as bsd.rd as soon as there is > some load. > > This is all proof-of-concept and far from complete. I just crammed > things in and hacked code all over the place. Just to get things come > to life quickly. > > Nonetheless, I think this is good enough to share and to discuss how to > do things the right way. Then ditch everything and rewrite. > > To get this started, see the attached diff. -snip- > DIFF > ==== > > So, enough said. See the diff below and let me know what you think. > > Have fund and take care, > Hans-Joerg > this is really cool and a good start. I'll read through it and see if I have any thoughts, but a first quick glance seems like it's probably the right direction. thanks! -ml (cut the rest of the diff out since it's huge and I made no further comments)