Well not necessarily, but it depends how clever we want to get. If
you look over on the OVMF/edk2 list, there's a proposal to do guest
migration via a mirror VM that invokes a co-routine embedded in the
OVMF binary:
Yes, I heard of that. "Interesting" design.
Heh, well what other suggestion do you have? The problem is there
needs to be code somewhere to perform some operations that's trusted by
both the guest and the host. The only element for a confidential VM
that has this shared trust is the OVMF firmware, so it seems logical to
use it.
https://patchew.org/EDK2/20210818212048.162626-1-tobin@xxxxxxxxxxxxx/
This gives us a page encryption mechanism that's provided by the
host but accepted via the guest using attestation, meaning we have
a mutually trusted piece of code that can use to extract encrypted
pages. It does seem it could be enhanced to do swapping for us as
well if that's a road we want to go down?
Right, but that's than no longer ballooning, unless I am missing
something important. You'd ask the guest to export/import, and you
can trust it. But do we want to call something like that out of
random kernel context when swapping/writeback, ...? Hard to tell.
Feels like it won't win in a beauty contest.
What I was thinking is that OVMF can emulate devices in this trusted
code ... another potential use for it is a trusted vTPM for SEV-SNP so
we can do measured boot. To use it we'd give the guest kernel some
type of virtual swap driver that attaches to this OVMF device. I
suppose by the time we've done this, it really does look like a
balloon, but I'd like to think of it more as a paravirt memory
controller since it might be used to make a guest more co-operative in
a host overcommit situation.
That's not to say we *should* do this, merely that it doesn't have to
look like a pig with lipstick.