On Thu, Mar 24, 2022 at 02:52:10PM +0800, Xiaoyao Li wrote: > On 3/22/2022 5:02 PM, Gerd Hoffmann wrote: > > On Thu, Mar 17, 2022 at 09:58:49PM +0800, Xiaoyao Li wrote: > > > Add sept-ve-disable property for tdx-guest object. It's used to > > > configure bit 28 of TD attributes. > > > > What is this? > > It seems this bit doesn't show up in the public spec yet. > > Bit 28 (SEPT_VE_DISABLE): Disable EPT violation conversion to #VE ON guest > TD ACCESS of PENDING pages. > > The TDX architecture requires a private page to be accepted before using. If > guest accesses a not-accepted (pending) page it will get #VE. > > For some OS, e.g., Linux TD guest, it doesn't want the #VE on pending page > so it will set this bit. Hmm. That looks rather pointless to me. The TDX patches for OVMF add a #VE handler, so I suspect every guest wants #VE exceptions if even the firmware cares to install a handler ... Also: What will happen instead? EPT fault delivered to the host? take care, Gerd