On Tue, Feb 11, 2025, Borislav Petkov wrote: > On Fri, Jan 31, 2025 at 06:17:05PM -0800, Sean Christopherson wrote: > > > Add a TODO to call out that AMD_MEM_ENCRYPT is a mess and doesn't depend on > > HYPERVISOR_GUEST because it gates both guest and host code. > > Why is it a mess? > > I don't see it, frankly. It conflates two very different things: host/bare metal support for memory encryption, and SEV guest support. For kernels that will never run in a VM, pulling in all the SEV guest code just to enable host-side support for SME (and SEV) is very undesirable. And in this case, because AMD_MEM_ENCRYPT gates both host and guest code, it can't depend on HYPERVISOR_GUEST like it should, because taking a dependency on HYPERVISOR_GUEST to enable SME is obviously wrong.
