On Wed, Feb 22, 2023, Borislav Petkov wrote: > On Wed, Feb 22, 2023 at 02:13:44PM -0800, Sean Christopherson wrote: > > Because vTOM is a hardware feature, whereas the IO-APIC and vTPM being accessible > > via private memory are software features. It's very possible to emulate the > > IO-APIC in trusted code without vTOM. > > I know, but their use case is dictated by the fact that they're using > a SNP guest *with* vTOM as a SEV feature. And so their guest does > IO-APIC and vTPM *with* the vTOM SEV feature. That's what I'm trying to > model. Why? I genuinely don't understand the motivation for bundling all of this stuff under a single "feature". To me, that's like saying Haswell or Zen2 is a "feature", but outside of a very few cases where the exact uarch truly matters, nothing pivots on FMS because the CPU type is not a single feature.
