> From: Avi Kivity [mailto:avi@xxxxxxxxxx] > Sent: Thursday, May 27, 2010 3:16 AM > > On 05/27/2010 12:27 PM, Wang, Shane wrote: > > Jan Kiszka wrote: > > > >> The latter. As we have no clue about the actual state (tboot is not > >> exported on older kernels), we are forced to assume some reasonable > >> state. > >> > > Are you trying to load the latest KVM on the older kernels? > > > > He is, look at kvm-kmod: > > > http://www.linux-kvm.org/page/Code#building_an_external_module_with_older_kernels > > (Jan was tricked into becoming the kvm-kmod maintainer) While it is technically possible to have launched an older kernel from tboot, and thus be "in SMX", such a situation won't provide all of the security (e.g. DMAR table DMA protections) or functionality (e.g. Sx) expected. So I think it is reasonable to assume that you will only function properly (i.e. detect that VMX is usable) post-TXT if the kernel supports TXT. So you may determine that there is no VMX even when it is usable (e.g. VMX outside SMX clear, VMX inside SMX set), but that would be OK. You want to make sure that you don't make a false assumption in such cases. Thus, assuming TXT/tboot is false on older kernels should be OK. Joe -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
