Re: [RFC PATCH v2 20/44] i386/tdx: Parse tdx metadata and store the result into TdxGuestState

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 1/7/2022 12:06 AM, Laszlo Ersek wrote:

On 01/04/22 14:08, Xiaoyao Li wrote:


+ Laszlo,

Regarding laoding TDVF as pflash, I have some questions:

- pflash requires KVM to support readonly mmeory. However, for TDX, it
doesn't support readonly memory. Is it a must? or we can make an
exception for TDX?

- I saw from
https://lists.gnu.org/archive/html/qemu-discuss/2018-04/msg00045.html,
you said when load OVMF as pflash, it's MMIO. But for TDVF, it's treated
as private memory. I'm not sure whether it will cause some potential
problem if loading TDVF with pflash.

Anyway I tried changing the existing pflash approach to load TDVF. It
can boot a TDX VM and no issue.


I have no comments on whether TDX should or should not use pflash.

If you go without pflash, then you likely will not have a
standards-conformant UEFI variable store. (Unless you reimplement the
variable arch protocols in edk2 on top of something else than the Fault
Tolerant Write and Firmware Volume Block protocols.) Whether a
conformant UEFI varstore matters to you (or to TDX in general) is
something I can't comment on.


Thanks for your reply! Laszlo
regarding "standards-conformant UEFI variable store", I guess you mean the change to UEFI non-volatile variables needs to be synced back to the OVMF_VARS.fd file. right?
If so, I need to sync with internal folks who are upstreaming TDVF support into OVMF. 


(I've generally stopped commenting on confidential computing topics, but
this message allows for comments on just pflash, and how it impacts OVMF.)

Regarding pflash itself, the read-only KVM memslot is required for it.
Otherwise pflash cannot work as a "ROMD device" (= you can't flip it
back and forth between ROM mode and programming (MMIO) mode).
We don't need Read-only mode for TDVF so far. If for this purpose, is it acceptable that allowing a pflash without KVM readonly memslot support if read-only is not required for the specific pflash device?
We are trying to follow the existing usage of OVMF for TDX, since TDVF support will be landed in OVMF instead of a new separate binary. 


Thanks
Laszlo
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux