On Tue, 17 Apr 2018 10:26:57 -0400 Tony Krowiak <akrowiak@xxxxxxxxxxxxxxxxxx> wrote: > On 04/17/2018 06:10 AM, Cornelia Huck wrote: > > On Tue, 17 Apr 2018 09:49:58 +0200 > > "Harald Freudenberger" <FREUDE@xxxxxxxxxx> wrote: > > > >> Didn't we say that when APXA is not available there is no Crypto support > >> for KVM ? > > [Going by the code, as I don't have access to the architecture] > > > > Current status seems to be: > > - setup crycb if facility 76 is available (that's MSAX3, I guess?) > > The crycb is set up regardless of whether STFLE.76 (MSAX3) is > installed or not. Hm, the current code does a quick exit if bit 76 is not set, doesn't it? > > > - use format 2 if APXA is available, else use format 1 > > Use format 0 if MSAX3 is not available > Use format 1 if MSAX3 is available but APXA is not > Use format 2 if MSAX3 and APXA is available > > > > > From Tony's patch description, the goal seems to be: > > - setup crycb even if MSAX3 is not available > > Yes, that is true > > > > > So my understanding is that we use APXA only to decide on the format of > > the crycb, but provide it in any case? > > Yes, that is true With the format selection you outlined above, I guess. Makes sense from my point of view (just looking at the source code). > > > > > (Not providing a crycb if APXA is not available would be loss of > > functionality, I guess? Deciding not to provide vfio-ap if APXA is not > > available is a different game, of course.) > > This would require a change to enabling the CPU model feature for > AP. But would it actually make sense to tie vfio-ap to APXA? This needs to be answered by folks with access to the architecture :) [Personally, I think we should go with the version that uses the least restrictions without introducing over-complex code. What constitutes "over-complex code" is of course in the eye of the beholder...]
