On Tue, Jan 21, 2025 at 01:43:03PM -0400, Jason Gunthorpe wrote: > On Tue, Jun 25, 2024 at 05:12:10AM +0800, Xu Yilun wrote: > > > When VFIO works as a TEE user in VM, it means an attester (e.g. PCI > > subsystem) has already moved the device to RUN state. So VFIO & DPDK > > are all TEE users, no need to manipulate TDISP state between them. > > AFAICS, this is the most preferred TIO usage in CoCo-VM. > > No, unfortunately. Part of the motivation to have the devices be > unlocked when the VM starts is because there is an expectation that a > driver in the VM will need to do untrusted operations to boot up the I assume these operations are device specific. > device before it can be switched to the run state. > > So any vfio use case needs to imagine that VFIO starts with an > untrusted device, does stuff to it, then pushes everything through to I have concern that VFIO has to do device specific stuff. Our current expectation is a specific device driver deals with the untrusted operations, then user writes a 'bind' device sysfs node which detaches the driver for untrusted, do the attestation and accept, and try match the driver for trusted (e.g. VFIO). Thanks, Yilun > run. The exact mirror as what a kernel driver should be able to do. > > How exactly all this very complex stuff works, I have no idea, but > this is what I've understood is the target. :\ > > Jason
