On Mon, Nov 28, 2022 at 05:55:11PM +0000, Michael Kelley (LINUX) wrote: > But vendor AMD effectively offers two different encryption schemes that > could be seen by the guest VM. The hypervisor chooses which scheme a > particular guest will see. Hyper-V has chosen to present the vTOM scheme > to guest VMs, including normal Linux and Windows guests, that have been > modestly updated to understand vTOM. If this is a standard SNP guest then you can detect vTOM support using SEV_FEATURES. See this thread here: https://lore.kernel.org/r/20221117044433.244656-1-nikunj@xxxxxxx Which then means, you don't need any special gunk except extending this patch above to check SNP has vTOM support. > In the future, Hyper-V may also choose to present original AMD C-bit scheme > in some guest VMs, depending on the use case. And it will present the Intel > TDX scheme when running on that hardware. And all those should JustWork(tm) because we already support such guests. > To my knowledge, KVM does not support the AMD vTOM scheme. > Someone from AMD may have a better sense whether adding that > support is likely in the future. Yah, see above. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette
