Huang, Kai wrote: > On Wed, 2024-10-30 at 08:19 -0700, Sean Christopherson wrote: > > On Tue, Oct 29, 2024, Kai Huang wrote: > > > diff --git a/arch/x86/kvm/Makefile b/arch/x86/kvm/Makefile > > > index f9dddb8cb466..fec803aff7ad 100644 > > > --- a/arch/x86/kvm/Makefile > > > +++ b/arch/x86/kvm/Makefile > > > @@ -20,6 +20,7 @@ kvm-intel-y += vmx/vmx.o vmx/vmenter.o vmx/pmu_intel.o vmx/vmcs12.o \ > > > > > > kvm-intel-$(CONFIG_X86_SGX_KVM) += vmx/sgx.o > > > kvm-intel-$(CONFIG_KVM_HYPERV) += vmx/hyperv.o vmx/hyperv_evmcs.o > > > +kvm-intel-$(CONFIG_INTEL_TDX_HOST) += vmx/tdx.o > > > > IMO, INTEL_TDX_HOST should be a KVM Kconfig, e.g. KVM_INTEL_TDX. Forcing the user > > to bounce between KVM's menu and the generic menu to enable KVM support for TDX is > > kludgy. Having INTEL_TDX_HOST exist before KVM support came along made sense, as > > it allowed compile-testing a bunch of code, but I don't think it should be the end > > state. > > > > If others disagree, then we should adjust KVM_AMD_SEV in the opposite direction, > > because doing different things for SEV vs. TDX is confusing and messy. > > + Dave (and Dan for TDX Connect). > > Agree SEV/TDX should be in similar way. But also I find SEV has a dependency on > CRYPTO_DEV_SP_PSP, so perhaps it also reasonable to make an additional > KVM_INTEL_TDX and make it depend on INTEL_TDX_HOST? > > We could remove INTEL_TDX_HOST but only keep KVM_INTEL_TDX. But in the long > term, more kernel components will need to add TDX support (e.g., for TDX > Connect). I think the question is whether we can safely disable TDX code in ALL > kernel components when KVM_INTEL_TDX is not enabled. > > If the answer is yes (seems correct to me, because it seems meaningless to > enable TDX code in _ANY_ kernel components when it's even possible to run TDX > guest), then I think we can just change the current INTEL_TDX_HOST to > KVM_INTEL_TDX and put it in arch/x86/kvm/Kconfig. I agree with Sean's later reply that kvm-intel.ko should fail if anything that is expected to be there and not otherwise permanently disabled fails setup. However, I want to provide a counterpoint to this "_ANY_ kernel component" dependency on being able to run a TDX guest. TDX Connect like SEV-TIO offers device-security provisioning flows that are expected to run before any confidential guest is being launched, and theoretically may offer services independent of *ever* launching a guest (e.g. PCIe link encrcyption without device assignment). So longer term, seamcalls without kvm-intel.ko flexibility is useful, but in the near term a coarse dependency on kvm-intel.ko is workable.
