On 4/9/2024 11:49 PM, Edgecombe, Rick P wrote:
I don't want JSON. I want a data payload that is easily consumable in C code,
which contains (a) the bits that are fixed and (b) their values. If a value
can
change at runtime, it's not fixed.
Right. The fixed values have to come in a reasonable format from the TDX module
at runtime, or require an opt-in for any CPUID bits to change in future TDX
modules.
I have a thought for current situation that TDX module doesn't report
fixed CPUID bits via SEAMCALL interface but defines them in docs. VMM
(KVM or userspace) can maintain a hardcoded array of fixed CPUID bits
and their values according to TDX docs. And VMM needs to update the
fixed array by striping out the bits that are reported in
TDSYSINFO.CPUID_CONFIG[], which are configurable.
If the newer TDX module changes some fixed bits to configurable bits,
They will show up in TDSYSINFO.CPUID_CONFIG[]. So VMM can update fixed
array correctly.
In fact, this is how TDX QEMU series current implements.
However, it requires TDX module to follow the rule that if any bit
becomes not fixed, it needs to be reported in TDSYSINFO.CPUID_CONFIG[]
as configurable.
It's just for the case there is no interface from TDX module to report
the fixed CPUID bits in the end.