Re: [ANNOUNCEMENT] COCONUT Secure VM Service Module for SEV-SNP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 21, 2023 at 04:56:20PM +0000, Dr. David Alan Gilbert wrote:
> OK, I'm just trying to avoid having guests that have a zillion different
> TPM setups for different SVSM and clouds.

My guess it that it will either be the SVSM TPM protocol or an emulation
of an existing TPM interface.

> Timing is a little tricky here; in many ways the thing that sounds
> nicest to me about Coconut is the mostly-unmodified guest (b) - but if
> that's a while out then hmm.

Yeah, would be nice. But we are still in the early stages of SVSM
development, so the priority now is to get services up and running.

But the project is open source and anyone can start looking into the
unmodified guest handling and send PRs. Making this happen is certainly
a multi-step process, as it requires several things to be implemented.
Just out of my head an incomplete list what is required:

	1) ReflectVC handling with instruction decoder and guest TLB
	   flush awareness
	2) vTOM handling
	3) Interrupt proxying using alternate injection (that can make
	   sense even earlier and without the other features imho)

So its quite some work, but if someone wants to look into that now I am
all for it.

Regards,

-- 
Jörg Rödel
jroedel@xxxxxxx

SUSE Software Solutions Germany GmbH
Frankenstraße 146
90461 Nürnberg
Germany

(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux