On Tue, Nov 08, 2022, Huang, Kai wrote:
> > +int __init tdx_hardware_setup(struct kvm_x86_ops *x86_ops)
> > +{
> > + int r;
> > +
> > + if (!enable_ept) {
> > + pr_warn("Cannot enable TDX with EPT disabled\n");
> > + return -EINVAL;
> > + }
> > +
> > + /* MOVDIR64B instruction is needed. */
> > + if (!static_cpu_has(X86_FEATURE_MOVDIR64B)) {
Nit unrelated to Kai's comments: use boot_cpu_has(), not static_cpu_has(). This
is run-once code that's not a hot path so there's zero reason to trigger patching.
> > + pr_warn("Cannot enable TDX with MOVDIR64B supported ");
> ^
> without
> > + return -ENODEV;
> > + }
>
> I think you should explain why MOVDIR64B is required, otherwise this just comes
> out of blue.
>
> Btw, is this absolutely required? TDX also supports Li-mode, which doesn't have
> integrity check. So theoretically with Li-mode, normal zeroing is also OK but
> doesn't need to use MOVDIR64B.
>
> That being said, do we have a way to tell whether TDX works in Ci or Li mode?
>
>
>
