About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
KVM Forum 2021
Short paper
Secure Live Migration of Encrypted VMs
Abstract
Most Confidential Computing platforms, such as AMD SEV, encrypt guest memory and CPU state, not allowing the hypervisor to access either. This complicates live VM migration. In a non-secure setting, the hypervisor copies memory from the source node to the destination node and coordinates the CPU state of the source VM and destination VM. In a secure setting, without access to guest memory or CPU state, the hypervisor needs help from a trusted agent inside the guest to facilitate live migration. We are implementing live migration support in firmware. In this session, we will describe in detail the current and future challenges for migrating encrypted VMs. We will walk through our modified firmware and demonstrate how it can be used with QEMU and SEV VMs.