diff options
Diffstat (limited to 'docs/system')
| -rw-r--r-- | docs/system/arm/cpu-features.rst | 7 | ||||
| -rw-r--r-- | docs/system/arm/virt.rst | 4 | ||||
| -rw-r--r-- | docs/system/i386/nitro-enclave.rst | 2 | ||||
| -rw-r--r-- | docs/system/introduction.rst | 2 |
4 files changed, 11 insertions, 4 deletions
diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-features.rst index a5fb929243..37d5dfd15b 100644 --- a/docs/system/arm/cpu-features.rst +++ b/docs/system/arm/cpu-features.rst @@ -219,8 +219,11 @@ Below is the list of TCG VCPU features and their descriptions. ``pauth-qarma3`` When ``pauth`` is enabled, select the architected QARMA3 algorithm. -Without either ``pauth-impdef`` or ``pauth-qarma3`` enabled, -the architected QARMA5 algorithm is used. The architected QARMA5 +``pauth-qarma5`` + When ``pauth`` is enabled, select the architected QARMA5 algorithm. + +Without ``pauth-impdef``, ``pauth-qarma3`` or ``pauth-qarma5`` enabled, +the QEMU impdef algorithm is used. The architected QARMA5 and QARMA3 algorithms have good cryptographic properties, but can be quite slow to emulate. The impdef algorithm used by QEMU is non-cryptographic but significantly faster. diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst index f87adeb444..766a7455f0 100644 --- a/docs/system/arm/virt.rst +++ b/docs/system/arm/virt.rst @@ -19,6 +19,10 @@ of the 5.0 release and ``virt-5.0`` of the 5.1 release. Migration is not guaranteed to work between different QEMU releases for the non-versioned ``virt`` machine type. +VM migration is not guaranteed when using ``-cpu max``, as features +supported may change between QEMU versions. To ensure your VM can be +migrated, it is recommended to use another cpu model instead. + Supported devices """"""""""""""""" diff --git a/docs/system/i386/nitro-enclave.rst b/docs/system/i386/nitro-enclave.rst index 48eda5bd9e..7317f547dc 100644 --- a/docs/system/i386/nitro-enclave.rst +++ b/docs/system/i386/nitro-enclave.rst @@ -13,7 +13,7 @@ the enclave VM gets a dynamic CID. Enclaves use an EIF (`Enclave Image Format`_) file which contains the necessary kernel, cmdline and ramdisk(s) to boot. In QEMU, ``nitro-enclave`` is a machine type based on ``microvm`` similar to how -AWS nitro enclaves are based on `Firecracker`_ microvm. This is useful for +AWS nitro enclaves look like a `Firecracker`_ microvm. This is useful for local testing of EIF files using QEMU instead of running real AWS Nitro Enclaves which can be difficult for debugging due to its roots in security. The vsock device emulation is done using vhost-user-vsock which means another process that diff --git a/docs/system/introduction.rst b/docs/system/introduction.rst index 746707eb00..338d3745c3 100644 --- a/docs/system/introduction.rst +++ b/docs/system/introduction.rst @@ -169,7 +169,7 @@ would default to it anyway. .. code:: - -cpu max,pauth-impdef=on \ + -cpu max \ -smp 4 \ -accel tcg \ |