Paolo Bonzini <pbonzini@xxxxxxxxxx> writes: > On 04/06/20 23:54, Thiago Jung Bauermann wrote: >> QEMU could always create a PEF object, and if the command line defines >> one, it will correspond to it. And if the command line doesn't define one, >> then it would also work because the PEF object is already there. > > How would you start a non-protected VM? In the case of POWER PEF even with the machine property and the pef-guest object it's not guaranteed that the VM will be protected. They allow the possibility of the VM being protected. The decision lies with the guest. The Linux kernel will request being moved to "secure memory" when the `svm=on` parameter is passed in the kernel command line. To start a VM that doesn't have the possibility of being protected, one would simply not use the guest-memory-protection property (or host-trust-limitation, if that ends up being its name). Regardless of whether there's a pef-guest object. Sorry if the above is pedantic. I just want to make sure we're communicating clearly. > Currently it's the "-machine" > property that decides that, and the argument requires an id > corresponding to "-object". If there's only one object, there's no need to specify its id. I have the feeling I didn't understand your point. I hope these answers clarify what I'm suggesting. -- Thiago Jung Bauermann IBM Linux Technology Center
