On 09/01/2024 15.42, Daniel P. Berrangé wrote:
On Tue, Jan 09, 2024 at 03:30:38PM +0100, Thomas Huth wrote:
It's a common scenario to copy guest images from one host to another
to run the guest on the other machine. This (of course) does not work
with "secure exection" guests since they are encrypted with one certain
host key. However, if you still (accidentally) do it, you only get a
very user-unfriendly error message that looks like this:
Not a comment on the patch, but my own interest how/where does the
disk image encryption/decryption happen ? Is that in guest kernel
context, and any info on what format the encryption uses ?
There is an "ultravisor" (part of the host firmware) that takes care of the
decryption. See e.g. Claudio's talk here:
https://www.youtube.com/watch?v=J2YibrLfB4s
HTH,
Thomas
