On 01/04/22 14:08, Xiaoyao Li wrote: > + Laszlo, > > Regarding laoding TDVF as pflash, I have some questions: > > - pflash requires KVM to support readonly mmeory. However, for TDX, it > doesn't support readonly memory. Is it a must? or we can make an > exception for TDX? > > - I saw from > https://lists.gnu.org/archive/html/qemu-discuss/2018-04/msg00045.html, > you said when load OVMF as pflash, it's MMIO. But for TDVF, it's treated > as private memory. I'm not sure whether it will cause some potential > problem if loading TDVF with pflash. > > Anyway I tried changing the existing pflash approach to load TDVF. It > can boot a TDX VM and no issue. I have no comments on whether TDX should or should not use pflash. If you go without pflash, then you likely will not have a standards-conformant UEFI variable store. (Unless you reimplement the variable arch protocols in edk2 on top of something else than the Fault Tolerant Write and Firmware Volume Block protocols.) Whether a conformant UEFI varstore matters to you (or to TDX in general) is something I can't comment on. (I've generally stopped commenting on confidential computing topics, but this message allows for comments on just pflash, and how it impacts OVMF.) Regarding pflash itself, the read-only KVM memslot is required for it. Otherwise pflash cannot work as a "ROMD device" (= you can't flip it back and forth between ROM mode and programming (MMIO) mode). Thanks Laszlo
