From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 2DF7A71BC6 for ; Fri, 10 Jun 2022 10:52:18 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 16E642520F for ; Fri, 10 Jun 2022 10:51:48 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 531E325202 for ; Fri, 10 Jun 2022 10:51:47 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 5994242F9A for ; Fri, 10 Jun 2022 10:51:46 +0200 (CEST) Message-ID: <5655a15f-e0e3-1ec0-937e-45cee832d405@proxmox.com> Date: Fri, 10 Jun 2022 10:51:45 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0 Content-Language: en-US To: Dietmar Maurer , Proxmox VE development discussion References: <2131917860.4411.1654835841666@webmail.proxmox.com> From: Markus Frank In-Reply-To: <2131917860.4411.1654835841666@webmail.proxmox.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.399 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_INFOUSMEBIZ 0.75 Prevalent use of .info|.us|.me|.me.uk|.biz|xyz|id|rocks|life domains in spam/malware KAM_SHORT 0.001 Use of a URL Shortener for very short URL NICE_REPLY_A -1.732 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [marc.info, suse.com, qemu.org] Subject: Re: [pve-devel] [PATCH pve-docs] added Memory Encryption documentation X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jun 2022 08:52:18 -0000 Not really. All i could find are these patches: https://marc.info/?l=kvm&m=156278967226011&w=2 https://lore.kernel.org/all/20190809185434.GH2840@work-vm/T/#m902085a219bdad35007dd7fffa0ed0765fd2322a In the documentation of qemu snapshots&live migration is still a TODO: https://www.qemu.org/docs/master/system/i386/amd-memory-encryption.html Current Limitations Section in the suse documentation: https://documentation.suse.com/sles/15-SP3/html/SLES-amd-sev/article-amd-sev.html Also interesting "Migration Attack" when using these patches: https://github.com/PSPReverse/amd-sev-migration-attack On 6/10/22 06:37, Dietmar Maurer wrote: > Live migration works? > >> +Limitations: >> + >> +* Memory usage on host is always wrong and around 82% Usage >> +* Snapshots do not work >> +* edk2-OVMF required >> +* Recommendable: VirtIO RNG for more entropy (VMs sometimes will not