On Thu, 2024-04-11 at 12:26 -0700, Isaku Yamahata wrote: > > > > So this enables features based on xss support in the passed CPUID, but these > > features are not > > dependent xsave. You could have CET without xsave support. And in fact > > Kernel IBT doesn't use it. To > > utilize CPUID leafs to configure features, but diverge from the HW meaning > > seems like asking for > > trouble. > > TDX module checks the consistency. KVM can rely on it not to re-implement it. > The TDX Base Architecture specification describes what check is done. > Table 11.4: Extended Features Enumeration and Execution Control The point is that it is an strange interface. Why not take XFAM as a specific field in struct kvm_tdx_init_vm?
