On Thu, 2024-07-25 at 01:54 -0400, Michael S. Tsirkin wrote: > one other thing worth mentioning is that this design can't work > with confidential computing setups. By comparison, mapping e.g. a > range in a PCI BAR would work for these setups. Why so? This is just like mapping a PCI BAR, isn't it? It's cacheable MMIO space, *not* part of the encrypted guest RAM ranges. It just happens to be discovered through the _CRS of an ACPI device, not the BAR of a PCI device. > Is there a reason this functionality is not interesting for > confidential VMs? It is. In fact, that was one of the reasons for doing it as mappable MMIO space, instead of having the guest allocate a portion of its own RAM and invoke a hypervisor enlightenment to populate it. (Although the latter *can* work with CC too, as demonstrated by e.g. ptp_kvm).
Attachment:
smime.p7s
Description: S/MIME cryptographic signature