On 09/04/21 03:18, James Bottomley wrote:
If you want to share ASIDs you have to share the firmware that the running VM has been attested to. Once the VM moves from LAUNCH to RUNNING, the PSP won't allow the VMM to inject any more firmware or do any more attestations.
I think Steve is suggesting to just change the RIP of the mirror VM, which would work for SEV but not SEV-ES (the RAM migration helper won't *suffice* for SEV-ES, but perhaps you could use the PSP to migrate the VMSA and the migration helper for the rest?).
If you want to use a single firmware binary, SEC does almost no I/O accesses (the exception being the library constructor from SourceLevelDebugPkg's SecPeiDebugAgentLib), so you probably can:
- detect the migration helper hardware in PlatformPei, either from fw_cfg or based on the lack of it
- either divert execution to the migration helper through gEfiEndOfPeiSignalPpiGuid, or if it's too late add a new boot mode and PPI to DxeLoadCore.
Paolo
What you mirror after this point can thus only contain what has already been measured or what the guest added. This is why we think there has to be a new entry path into the VM for the mirror vCPU.
