CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2025/11/12 04:34:36
Modified files:
etc/etc.amd64 : MAKEDEV MAKEDEV.md
sys/arch/amd64/amd64: conf.c machdep.c
sys/arch/amd64/conf: files.amd64
sys/arch/amd64/include: conf.h
sys/arch/amd64/stand: Makefile
Added files:
sys/arch/amd64/amd64: kexec.c kexec_subr.S
sys/arch/amd64/compile/VMBOOT: Makefile
sys/arch/amd64/conf: VMBOOT
sys/arch/amd64/include: kexec.h
sys/arch/amd64/stand/rdboot: Makefile cmd.c cmd.h disk.c disk.h
rdboot.c vars.c
sys/arch/amd64/stand/vmboot: Makefile
Log message:
vmboot: A tiny kernel for booting SEV VMs
When using SEV-enabled VMs, we let vmd(8) launch the kernel directly.
With this, we do not have to trust a firmware like OVMF. However,
with this approach, sysupgrade(8) can not be used as the kernel
resides outside the VM in the host file system. Thus maintainig
SEV-enabled VMs is hard.
With vmboot, we use a small ramdisk kernel that runs the actual
kernel using the kexec facility. vmboot can be launched directly
by vmd(8). The actual kernel is loaded from the disk image of the
SEV-enabled VM. With this, sysupgrade(8) can be used, and there
is no need for additional firmware.
This approach is similar to vmboot for powerpc64 and octeon.
Discussed with bluhm@ for a while.
ok mlarkin@
