Re: [PATCH Part2 v6 17/49] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH Part2 v6 17/49] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command
From: Dionna Amalie Glaze <dionnaglaze@xxxxxxxxxx>
Date: Mon, 8 Aug 2022 16:25:23 -0700
Cc: Jarkko Sakkinen <jarkko@xxxxxxxxxx>, Ashish Kalra <Ashish.Kalra@xxxxxxx>, "the arch/x86 maintainers" <x86@xxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, "open list:X86 KVM CPUs" <kvm@xxxxxxxxxxxxxxx>, linux-coco@xxxxxxxxxxxxxxx, Linux Memory Management List <linux-mm@xxxxxxxxx>, linux-crypto@xxxxxxxxxxxxxxx, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Joerg Roedel <jroedel@xxxxxxx>, hpa@xxxxxxxxx, Ard Biesheuvel <ardb@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Sean Christopherson <seanjc@xxxxxxxxxx>, vkuznets@xxxxxxxxxx, Jim Mattson <jmattson@xxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, dave.hansen@xxxxxxxxxxxxxxx, slp@xxxxxxxxxx, Peter Gonda <pgonda@xxxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, srinivas.pandruvada@xxxxxxxxxxxxxxx, David Rientjes <rientjes@xxxxxxxxxx>, dovmurik@xxxxxxxxxxxxx, tobin@xxxxxxx, Borislav Petkov <bp@xxxxxxxxx>, "Roth, Michael" <michael.roth@xxxxxxx>, Vlastimil Babka <vbabka@xxxxxxx>, "Kirill A. Shutemov" <kirill@xxxxxxxxxxxxx>, Andi Kleen <ak@xxxxxxxxxxxxxxx>, tony.luck@xxxxxxxxx, Marc Orr <marcorr@xxxxxxxxxx>, Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx>, Alper Gun <alpergun@xxxxxxxxxx>, dgilbert@xxxxxxxxxx
In-reply-to: <a4b82687-7143-35c5-ee90-003a9f2a088c@amd.com>
References: <cover.1655761627.git.ashish.kalra@amd.com> <d325cb5d7961f015400999dda7ee8e08e4ca2ec6.1655761627.git.ashish.kalra@amd.com> <YukZFKpAO5o5MLA1@kernel.org> <CAAH4kHazh_S4zTLimL3Bch7yo3zL2wv86j=w3f2n74O-joWLQQ@mail.gmail.com> <a4b82687-7143-35c5-ee90-003a9f2a088c@amd.com>

> Would it be burden to supply all the certificates, both system and per-VM,
> in this KVM call? On the SNP Extended Guest Request, the hypervisor could
> just check if there is a per-VM blob and return that or else return the
> system-wide blob (if present).
>

I think that's fine by me. We can use SNP_GET_EXT_CONFIG, merge in
user space, and create an instance override with a KVM ioctl without
touching ccp.

-- 
-Dionna Glaze, PhD (she/her)

References:
- [PATCH Part2 v6 00/49] Add AMD Secure Nested Paging (SEV-SNP)
  - From: Ashish Kalra
- [PATCH Part2 v6 17/49] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command
  - From: Ashish Kalra
- Re: [PATCH Part2 v6 17/49] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command
  - From: Jarkko Sakkinen
- Re: [PATCH Part2 v6 17/49] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command
  - From: Dionna Amalie Glaze
- Re: [PATCH Part2 v6 17/49] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command
  - From: Tom Lendacky

Prev by Date: Re: [PATCH Part2 v6 17/49] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command
Next by Date: RE: [PATCH v2 0/5] KVM: Fix oneshot interrupts forwarding
Previous by thread: Re: [PATCH Part2 v6 17/49] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command
Next by thread: [PATCH Part2 v6 18/49] crypto: ccp: Provide APIs to query extended attestation report
Index(es):
- Date
- Thread

[Index of Archives] [KVM ARM] [KVM ia64] [KVM ppc] [Virtualization Tools] [Spice Development] [Libvirt] [Libvirt Users] [Linux USB Devel] [Linux Audio Users] [Yosemite Questions] [Linux Kernel] [Linux SCSI] [XFree86]