On Thu, Mar 31, 2022 at 02:21:06PM +1300, Kai Huang <kai.huang@xxxxxxxxx> wrote: > On Fri, 2022-03-04 at 11:48 -0800, isaku.yamahata@xxxxxxxxx wrote: > > From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx> > > > > MKTME keyid is assigned to guest TD. The memory controller encrypts guest > > TD memory with key id. Add helper functions to allocate/free MKTME keyid > > so that TDX KVM assign keyid. > > Using MKTME keyid is wrong, at least not accurate I think. We should use > explicitly use "TDX private KeyID", which is clearly documented in the spec: > > https://software.intel.com/content/dam/develop/external/us/en/documents-tps/intel-tdx-cpu-architectural-specification.pdf > > Also, description of IA32_MKTME_KEYID_PARTITIONING MSR clearly says TDX private > KeyIDs span the range (NUM_MKTME_KIDS+1) through > (NUM_MKTME_KIDS+NUM_TDX_PRIV_KIDS). So please just use TDX private KeyID here. > > > > > > Also export MKTME global keyid that is used to encrypt TDX module and its > > memory. > > This needs explanation why the global keyID needs to be exported. How about the followings? TDX private host key id is assigned to guest TD. The memory controller encrypts guest TD memory with the assigned host key id (HIKD). Add helper functions to allocate/free TDX private host key id so that TDX KVM manage it. Also export the global TDX private host key id that is used to encrypt TDX module, its memory and some dynamic data (e.g. TDR). When VMM releasing encrypted page to reuse it, the page needs to be flushed with the used host key id. VMM needs the global TDX private host key id to flush such pages TDX module accesses with the global TDX private host key id. Thanks, -- Isaku Yamahata <isaku.yamahata@xxxxxxxxx>