[pve-devel] [PATCH docs v2 2/2] added Memory Encryption documentation

Fiona Ebner f.ebner at proxmox.com
Mon Nov 14 14:07:43 CET 2022


Am 11.11.22 um 15:27 schrieb Markus Frank:
> +* if there are problems while booting (stops at blank/splash screen or "Guest has not
> +initialized the display (yet)") try to add virtio-rng and/or set "freeze: 1"
> +so that you wait a few seconds before you click on *Resume* to boot.

Doesn't sound very nice from a user perspective. Do you have an idea
what's going on there? Can we automatically add some other kvm parameter
to make it work (better) when SEV is configured?

> +
> +*Limitations:*
> +
> +* Because the memory is encrypted the memory usage on host is always wrong
> +* Operations that involve saving or restoring memory like snapshots
> +& live migration do not work yet or are attackable
> +https://github.com/PSPReverse/amd-sev-migration-attack

What happens if a user attempts a migration or snapshot right now? I
think we should cleanly error out before even attempting if it can't
work (yet).





More information about the pve-devel mailing list