On Fri, Apr 9, 2021 at 1:14 AM Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > > On 09/04/21 03:18, James Bottomley wrote: > > If you want to share ASIDs you have to share the firmware that the > > running VM has been attested to. Once the VM moves from LAUNCH to > > RUNNING, the PSP won't allow the VMM to inject any more firmware or do > > any more attestations. > > I think Steve is suggesting to just change the RIP of the mirror VM, > which would work for SEV but not SEV-ES (the RAM migration helper won't > *suffice* for SEV-ES, but perhaps you could use the PSP to migrate the > VMSA and the migration helper for the rest?). Exactly: you can use the existing PSP flows to migrate both the migration helper itself and the necessary VMSAs. > > If you want to use a single firmware binary, SEC does almost no I/O > accesses (the exception being the library constructor from > SourceLevelDebugPkg's SecPeiDebugAgentLib), so you probably can: > > - detect the migration helper hardware in PlatformPei, either from > fw_cfg or based on the lack of it > > - either divert execution to the migration helper through > gEfiEndOfPeiSignalPpiGuid, or if it's too late add a new boot mode and > PPI to DxeLoadCore. > > Paolo > > > What you mirror after this point can thus only > > contain what has already been measured or what the guest added. This > > is why we think there has to be a new entry path into the VM for the > > mirror vCPU. >
