On Thu, Sep 05, 2024 at 12:17:14PM +0000, Tian, Kevin wrote: > > From: Jason Gunthorpe <jgg@xxxxxxxxxx> > > Sent: Thursday, September 5, 2024 8:01 PM > > > > On Tue, Sep 03, 2024 at 05:59:38PM -0700, Dan Williams wrote: > > > Jason Gunthorpe wrote: > > > > It would be a good starting point for other platforms to pick at. Try > > > > iommufd first (I'm guessing this is correct) and if it doesn't work > > > > explain why. > > > > > > Yes, makes sense. Will take a look at that also to prevent more > > > disconnects on what this PCI device-security community is actually > > > building. > > > > We are already adding a VIOMMU object and that is going to be the > > linkage to the KVM side > > > > So we could have new actions: > > - Create a CC VIOMMU with XYZ parameters > > - Create a CC vPCI function on the vIOMMU with XYZ parameters > > - Query stuff? > > - ??? > > - Destroy a vPCI function > > > > I'll look at the vIOMMU series soon. Just double confirm here. > > the so-called vIOMMU object here is the uAPI between iommufd > and userspace. Not exactly suggesting a vIOMMU visible to guest. > otherwise this solution will be tied to implementations supporting > trusted vIOMMU. Right, the viommu object today just wraps elements of HW that are connected to the VM in some way. It is sort of a security container. If the VMM goes on to expose a vIOMMU to the guest or not should be orthogonal. I expect people will explicitly request a secure vIOMMU if they intend to expose the vIOMMU to the CC VM. This can trigger any actions in the trusted world that are required to support a secure vIOMMU. For instance any secure vIOMMU will require some way for the guest to issue secure invalidations, and that will require some level of trusted world involvement. At the minimum the trusted world has to attest the validity of the vIOMMU to the guest. > Then you expect to build CC/vPCI stuff around the vIOMMU > object given it already connects to KVM? Yes, it is my thought We alreay have a binding of devices to the viommu, increasing that to also include creating vPCI objects in the trusted world is a small step. Jason