Jason Gunthorpe wrote: > On Fri, Aug 30, 2024 at 01:20:12PM +0800, Xu Yilun wrote: > > > > If that is true for the confidential compute, I don't know. > > > > For Intel TDX TEE-IO, there may be a different story. > > > > Architechturely the secure IOMMU page table has to share with KVM secure > > stage 2 (SEPT). The SEPT is managed by firmware (TDX Module), TDX Module > > ensures the SEPT operations good for secure IOMMU, so there is no much > > trick to play for SEPT. > > Yes, I think ARM will do the same as well. > > From a uAPI perspective we need some way to create a secure vPCI > function linked to a KVM and some IOMMUs will implicitly get a > translation from the secure world and some IOMMUs will need to manage > it in untrusted hypervisor memory. Yes. This matches the line of though I had for the PCI TSM core interface. It allows establishing the connection to the device's security manager and facilitates linking that to a KVM context. So part of the uAPI is charged with managing device-security independent of a VM, and binding a vPCI device involves a rendezvous of the secure-world IOMMU setup with secure-world PCI via IOMMU and PCI-TSM coordination.
