Re: [RFC PATCH 00/13] Add support for Mirror VM.

[Tobin Feldman-Fitzthum]

On 8/19/21 4:22 AM, Dr. David Alan Gilbert wrote:
> * Tobin Feldman-Fitzthum (tobin@linux.ibm.com) wrote:
> > On 8/18/21 3:04 PM, Dr. David Alan Gilbert wrote:
> >
> > > Are you relying on the target firmware to be *identical* or purely for
> > > it to be *compatible* ?  It's normal for a migration to be the result of
> > > wanting to do an upgrade; and that means the destination build of OVMF
> > > might be newer (or older, or ...).
> > >
> > > Dave
> > This is a good point. The migration handler on the source and target must
> > have the same memory footprint or bad things will happen. Using the same
> > firmware on the source and target is an easy way to guarantee this. Since
> > the MH in OVMF is not a contiguous region of memory, but a group of
> > functions scattered around OVMF, it is a bit difficult to guarantee that the
> > memory footprint is the same if the build is different.
> Can you explain what the 'memory footprint' consists of? Can't it just
> be the whole of the OVMF rom space if you have no way of nudging the MH
> into it's own chunk?

The footprint is not massive. It is mainly ConfidentialMigrationDxe and 
the OVMF crypto support. It might be feasible to copy these components 
to a fixed location that would be the same across fw builds. It might 
also be feasible to pin these components to certain addresses. OVMF sort 
of supports doing this. We can raise the question in that community.

It also might work to protect the entirety of OVMF as you suggest. 
Currently we don't copy any of the OVMF ROM (as in flash0) over. That 
said, the MH doesn't run from the ROM so we would need to protect the 
memory used by OVMF as well. In some ways it might seem easier to 
protect all of the OVMF memory rather than just a couple of packages, 
but there are some complexities. For one thing, we would only want to 
protect efi runtime memory, as boot memory may be in use by the OS and 
would need to be migrated. The MH could check whether each page is efi 
runtime memory and skip any pages that are. Runtime memory won't be a 
contiguous blob, however, so for this approach the layout of the runtime 
memory would need to be the same on the source and target.

We can sidestep these issues entirely by using identical firmware 
images. That said, there are a number of strategies for developing 
compatible OVMF images and I definitely see the value of doing so.

-Tobin

> I think it really does have to cope with migration to a new version of
> host.
>
> Dave
>
> > -Tobin
> >
> > > > We start the target like a normal VM rather than
> > > > waiting for an incoming migration. The plan is to treat the target like a
> > > > normal VM for attestation as well. The guest owner will attest the target VM
> > > > just like they would any other VM that is started on their behalf. Secret
> > > > injection can be used to establish a shared key for the source and target.
> > > >
> > > > -Tobin
> > > >
> > > > > --Steve