On Thu, Nov 25, 2021 at 08:43:55AM +0000, Wang, Wei W wrote:
> On Thursday, November 25, 2021 2:38 PM, Jason Wang wrote:
> > > We thought about virtio-mmio. There are some barriers:
> > > 1) It wasn't originally intended for x86 machines. The only machine
> > > type in QEMU that supports it (to run on x86) is microvm. But
> > > "microvm" doesn’t support TDX currently, and adding this support might
> > need larger effort.
> >
> > Can you explain why microvm needs larger effort? It looks to me it fits for TDX
> > perfectly since it has less attack surface.
>
> The main thing is TDVF doesn’t support microvm so far (the based OVMF
> support for microvm is still under their community discussion).
Initial microvm support (direct kernel boot only) is merged in upstream
OVMF. Better device support is underway: virtio-mmio patches are out
for review, patches for pcie support exist.
TDX patches for OVMF are under review upstream, I havn't noticed
anything which would be a blocker for microvm. If it doesn't work
out-of-the-box it should be mostly wiring up things needed on guest
(ovmf) and/or host (qemu) side.
(same goes for sev btw).
> Do you guys think it is possible to add virtio-mmio support for q35?
> (e.g. create a special platform bus in some fashion for memory mapped devices)
> Not sure if the effort would be larger.
I'd rather explore the microvm path than making q35 even more
frankenstein than it already is.
Also the pcie host bridge is present in q35 no matter what, so one of
the reasons to use virtio-mmio ("we can reduce the attach surface by
turning off pcie") goes away.
take care,
Gerd
_______________________________________________
Virtualization mailing list
Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
