On Tue, May 30, 2023 at 12:34:45PM +0200, Thomas Gleixner wrote: > On Tue, May 30 2023 at 11:26, Thomas Gleixner wrote: > > On Tue, May 30 2023 at 03:54, Kirill A. Shutemov wrote: > >> On Mon, May 29, 2023 at 11:31:29PM +0300, Kirill A. Shutemov wrote: > >>> Disabling parallel bringup helps. I didn't look closer yet. If you have > >>> an idea let me know. > >> > >> Okay, it crashes around .Lread_apicid due to touching MSRs that trigger #VE. > >> > >> Looks like the patch had no intention to enable parallel bringup on TDX. > >> > >> + * Intel-TDX has a secure RDMSR hypercall, but that needs to be > >> + * implemented seperately in the low level startup ASM code. > >> > >> But CC_ATTR_GUEST_STATE_ENCRYPT that used to filter it out is > >> SEV-ES-specific thingy and doesn't cover TDX. I don't think we have an > >> attribute that fits nicely here. > > > > Bah. That sucks. > > Can we have something consistent in this CC space or needs everything to > be extra magic per CC variant? IIUC, CC_ATTR_GUEST_MEM_ENCRYPT should cover all AMD SEV flavours and Intel TDX. But the name is confusing in this context: memory encryption has nothing to do with the APIC. -- Kiryl Shutsemau / Kirill A. Shutemov
