Hi Marc, On Fri, Aug 13, 2021 at 11:44:39AM -0700, Marc Orr wrote: > To date, we have _most_ x86 test cases (39/44) working under UEFI and > we've also got some of the test cases to boot under SEV-ES, using the > UEFI #VC handler. While the EFI APP approach simplifies the implementation a lot, I don't think it is the best path to SEV and TDX testing for a couple of reasons: 1) It leaves the details of #VC/#VE handling and the SEV-ES specific communication channels (GHCB) under control of the firmware. So we can't reliably test those interfaces from an EFI APP. 2) Same for the memory validation/acceptance interface needed for SEV-SNP and TDX. Using an EFI APP leaves those under firmware control and we are not able to reliably test them. 3) The IDT also stays under control of the firmware in an EFI APP, otherwise the firmware couldn't provide a #VC handler. This makes it unreliable to test anything IDT or IRQ related. 4) Relying on the firmware #VC hanlder limits the tests to its abilities. Implementing a separate #VC handler routine for kvm-unit-tests is more work, but it makes test development much more flexible. So it comes down to the fact that and EFI APP leaves control over SEV/TDX specific hypervisor interfaces in the firmware, making it hard and unreliable to test these interfaces from kvm-unit-tests. The stub approach on the other side gives the tests full control over the VM, allowing to test all aspects of the guest-host interface. Regards, Joerg
