On Fri, Feb 17, 2023, Borislav Petkov wrote: > On Fri, Feb 17, 2023 at 06:16:56AM +0000, Michael Kelley (LINUX) wrote: > > Is that consistent with your thinking, or is the whole > > cc_platform_has() approach problematic, including for the existing SEV > > flavors and for TDX? > > The confidential computing attributes are, yes, features. I've been > preaching since the very beginning that vTOM *is* *also* one such > feature. It is a feature bit in sev_features, for chrissakes. So by that > logic, those SEV-SNP HyperV guests should return true when > > cc_platform_has(CC_ATTR_GUEST_SEV_SNP_VTOM); > > is tested. > > But Sean doesn't like that. Because vTOM is a hardware feature, whereas the IO-APIC and vTPM being accessible via private memory are software features. It's very possible to emulate the IO-APIC in trusted code without vTOM. > If the access method to the IO-APIC and vTPM are specific to the > HyperV's vTOM implementation, then I don't mind if this were called > > cc_platform_has(CC_ATTR_GUEST_HYPERV_VTOM); I still think that's likely to caused problems in the future, e.g. if Hyper-V moves more stuff into the paravisor or if Hyper-V ends up with similar functionality for TDX. But it's not a sticking point, the only thing I'm fiercely resistant to is conflating hardware features with software features.
