We haven't yet implemented the fairly involved handshaking that will be
needed to migrate PEF protected guests. For now, just use a migration
blocker so we get a meaningful error if someone attempts this (this is the
same approach used by AMD SEV).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
static int kvmppc_svm_init(Error **errp)
{
#ifdef CONFIG_KVM
+ static Error *pef_mig_blocker;
+
if (!kvm_check_extension(kvm_state, KVM_CAP_PPC_SECURE_GUEST)) {
error_setg(errp,
"KVM implementation does not support Secure VMs (is an ultravisor running?)");
}
}
+ /* add migration blocker */
+ error_setg(&pef_mig_blocker, "PEF: Migration is not implemented");
+ /* NB: This can fail if --only-migratable is used */
+ migrate_add_blocker(pef_mig_blocker, &error_fatal);
+
return 0;
#else
g_assert_not_reached();