On Fri, Aug 30, 2024 at 01:20:12PM +0800, Xu Yilun wrote: > > If that is true for the confidential compute, I don't know. > > For Intel TDX TEE-IO, there may be a different story. > > Architechturely the secure IOMMU page table has to share with KVM secure > stage 2 (SEPT). The SEPT is managed by firmware (TDX Module), TDX Module > ensures the SEPT operations good for secure IOMMU, so there is no much > trick to play for SEPT. Yes, I think ARM will do the same as well.
