SEV and Beaker

Tuesday, January 8, 2019

Discussed Beaker setup to reserve an AMD SEV-capable machine. This led me to spend some time finding a couple of old demos, one about the VDO module, one about boot volume snapshot and restore using LVM.

Also explored the Beaker.org web site to try and understand how Beaker works internally, and if we were using it "right". For example, I would like to be able to loan a machine to multiple people, so that they can hand it to one another, e.g. to use time zone differences. Is that even possible?

In the user interface, there is a "reservation" button, but it seems to reprovision the machine. Asked for some clarifications.

Code reviews

Reviewed Yang Weijiang's series on guest CET support. This allowed me to dig deeper into the emulation of the XSAVE and XRSTOR instructions. It's such a mess. I still do not fully understand what is "user space" save and restore. I suspect the instructions may have their use from user-space and don't save/restore system registers in that case, but need to check the documentation.

Coming from the world of Itanium, it's so completely different. Itanium had a massive state, with relatively complex save/restore rules, that you all had to implement in software. You'd save different registers in different contexts. On x86, it's basically one instruction that saves what you want depending on some flags.

Interesting discussions

The topic of halal food was brought up on a large French mailing list. Hilarity ensued.