On Thu, 2024-04-11 at 13:46 -0700, Isaku Yamahata wrote: > On Thu, Apr 11, 2024 at 07:51:55PM +0000, > "Edgecombe, Rick P" <rick.p.edgecombe@xxxxxxxxx> wrote: > > > On Thu, 2024-04-11 at 12:26 -0700, Isaku Yamahata wrote: > > > > > > > > So this enables features based on xss support in the passed CPUID, but > > > > these > > > > features are not > > > > dependent xsave. You could have CET without xsave support. And in fact > > > > Kernel IBT doesn't use it. To > > > > utilize CPUID leafs to configure features, but diverge from the HW > > > > meaning > > > > seems like asking for > > > > trouble. > > > > > > TDX module checks the consistency. KVM can rely on it not to re-implement > > > it. > > > The TDX Base Architecture specification describes what check is done. > > > Table 11.4: Extended Features Enumeration and Execution Control > > > > The point is that it is an strange interface. Why not take XFAM as a > > specific > > field in struct kvm_tdx_init_vm? > > Now I see your point. Yes, we can add xfam to struct kvm_tdx_init_vm and > move the burden to create xfam from the kernel to the user space. Oh, right. Qemu would have to figure out how to take it's CPUID based model and convert it to XFAM. I still think it would be better, but I was only thinking of it from KVM's perspective. We can see how the API discussion on the PUCK call resolves.