On Mon, Mar 03, 2025 at 01:32:47PM +0800, Xu Yilun wrote:
> All these settings cannot really take function until guest verifies them
> and does TDISP start. Guest verification does not (should not) need host
> awareness.
>
> Our solution is, separate the secure DMA setting and secure device setting
> in different components, iommufd & vfio.
>
> Guest require bind:
> - ioctl(iommufd, IOMMU_VIOMMU_ALLOC, {.type = IOMMU_VIOMMU_TYPE_KVM_VALID,
> .kvm_fd = kvm_fd,
> .out_viommu_id = &viommu_id});
> - ioctl(iommufd, IOMMU_HWPT_ALLOC, {.flag = IOMMU_HWPT_ALLOC_TRUSTED,
> .pt_id = viommu_id,
> .out_hwpt_id = &hwpt_id});
> - ioctl(vfio_fd, VFIO_DEVICE_ATTACH_IOMMUFD_PT, {.pt_id = hwpt_id})
> - do secure DMA setting in Intel iommu driver.
>
> - ioctl(vfio_fd, VFIO_DEVICE_TSM_BIND, ...)
> - do bind in Intel TSM driver.
Except what do command do you issue to the secure world for TSM_BIND
and what are it's argument? Again you can't include the vBDF or vIOMMU
ID here.
vfio also can't validate that the hwpt is in the right state when it
executes this function.
You could also issue the TSM bind against the idev on the iommufd
side..
Part of my problem here is I don't see anyone who seems to have read
all three specs and is trying to mush them together. Everyone is
focused on their own spec. I know there are subtle differences :\
Jason
