qemu-s390x
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] target/s390x/kvm/pv: Provide some more useful information if

From: Thomas Huth
Subject: Re: [PATCH] target/s390x/kvm/pv: Provide some more useful information if decryption fails
Date: Tue, 9 Jan 2024 15:52:58 +0100
User-agent: Mozilla Thunderbird 
On 09/01/2024 15.42, Daniel P. Berrangé wrote:

On Tue, Jan 09, 2024 at 03:30:38PM +0100, Thomas Huth wrote:

It's a common scenario to copy guest images from one host to another
to run the guest on the other machine. This (of course) does not work
with "secure exection" guests since they are encrypted with one certain
host key. However, if you still (accidentally) do it, you only get a
very user-unfriendly error message that looks like this:


Not a comment on the patch, but my own interest how/where does the
disk image encryption/decryption happen ?  Is that in guest kernel
context, and any info on what format the encryption uses ?
There is an "ultravisor" (part of the host firmware) that takes care of the decryption. See e.g. Claudio's talk here: 

 https://www.youtube.com/watch?v=J2YibrLfB4s

 HTH,
  Thomas
reply via email to
[Prev in Thread] Current Thread [Next in Thread]