On Tue, Mar 14, 2023, Jason Chen CJ wrote: > On Mon, Mar 13, 2023 at 09:33:41AM -0700, Sean Christopherson wrote: > > > On Mon, Mar 13, 2023, Jason Chen CJ wrote: > > > There are similar use cases on x86 platforms requesting protected > > > environment which is isolated from host OS for confidential computing. > > > > What exactly are those use cases? The more details you can provide, the better. > > E.g. restricting the isolated VMs to 64-bit mode a la TDX would likely simplify > > the pKVM implementation. > > Thanks Sean for your comments, I am very appreciated! > > We are expected Who is "we"? Unless Intel is making a rather large pivot, I doubt Intel is the end customer of pKVM-on-x86. If you aren't at liberty to say due NDA/confidentiality, then please work with whoever you need to in order to get permission to fully disclose the use case. Because realistically, without knowing exactly what is in scope and why, this is going nowhere. > to run protected VM with general OS and may with pass-thru secure devices support. Why? What is the actual use case? > May I know your suggestion of "utilize SEAM" is to follow TDX SPEC then > work out a SW-TDX solution, or just do some leverage from SEAM code? Throw away TDX and let KVM run its own code in SEAM.
