On 2/3/22 10:14, Fares Mehanna wrote: > This will guarantee that hardware supports TME, MSRs are locked, so host can't > change them and exclusion range is disabled, so TME rules apply on all host > memory. But, what's the point? Guests can't trust this information. The host can lie all it wants about it. Also, your assumptions about TME rules applying to *all* host memory are a bit aggressive. Even if the guest knew for sure that it was reading an MSR directly, it doesn't mean that any guest memory is actually TME-protected. The memory could be from a non-TME range like persistent memory. There are some weasel words in the spec about this: > Upon activation, all memory (except in TME Exclusion range) attached > to CPU/SoC is encrypted using AES-XTS 128 bit ephemeral key (platform > key) that is generated by the CPU on every boot. The important part here is "attached to the CPU/SoC". I guess they don't count persistent memory as "attached". This also obviously would not apply to non-CPU-attached memory that was attached by something like CXL[1]. The extra fun part of all this is that the architecture doesn't provide a way to tell if the memory is "attached to the CPU/SoC". That makes it impossible to get any guarantees out of all this. In other words, you can't trust the exclusion range in the MSR to be the *ONLY* non-TME-protected area. 1. https://www.computeexpresslink.org/
