On Tue, Nov 15, 2022 at 04:22:13AM -0800, Erdem Aktas <erdemaktas@xxxxxxxxxx> wrote: > On Mon, Nov 14, 2022 at 3:18 PM Isaku Yamahata <isaku.yamahata@xxxxxxxxx> wrote: > > > I think you should explain why MOVDIR64B is required, otherwise this just comes > > > out of blue. > > > > > > Btw, is this absolutely required? TDX also supports Li-mode, which doesn't have > > > integrity check. So theoretically with Li-mode, normal zeroing is also OK but > > > doesn't need to use MOVDIR64B. > > > > > > That being said, do we have a way to tell whether TDX works in Ci or Li mode? > > > > As long as I don't know. When clearing page, we can use > > if (featuremovdir64b) movdir64b else memset(0). > > -- sorry for resending the same email, for some reason my previous > email was not in plain text mode-- > As far as I know, Li mode and Ci mode both are working very similarly > and require movdir64b to clear any poison bit previously set. Why > would movdir64b is not supported in a tdx capable cpu? In practice, movdir64b can be safely assumed to be supported, I think. Strictly it's not guaranteed by SDM. There are two options. 1. Assume modir64b. If it's not supported, KVM refuses to enable TDX. + Don't care CI-mode or Li-mode - not strictly conforming to SDM. In practice, it won't matter. 2. Don't assume movdir64b. If movdir64b not supported, use memset(0). + strictly conforming to SDM - needs to care Ci-mode or Li-mode. So I'll choose option 1. -- Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
