On 24/11/2023 11:43, Kirill A. Shutemov wrote: > On Fri, Nov 24, 2023 at 11:31:44AM +0100, Jeremi Piotrowski wrote: >> On 23/11/2023 14:58, Kirill A. Shutemov wrote: >>> On Wed, Nov 22, 2023 at 06:01:04PM +0100, Jeremi Piotrowski wrote: >>>> Check for additional CPUID bits to identify TDX guests running with Trust >>>> Domain (TD) partitioning enabled. TD partitioning is like nested virtualization >>>> inside the Trust Domain so there is a L1 TD VM(M) and there can be L2 TD VM(s). >>>> >>>> In this arrangement we are not guaranteed that the TDX_CPUID_LEAF_ID is visible >>>> to Linux running as an L2 TD VM. This is because a majority of TDX facilities >>>> are controlled by the L1 VMM and the L2 TDX guest needs to use TD partitioning >>>> aware mechanisms for what's left. So currently such guests do not have >>>> X86_FEATURE_TDX_GUEST set. >>>> >>>> We want the kernel to have X86_FEATURE_TDX_GUEST set for all TDX guests so we >>>> need to check these additional CPUID bits, but we skip further initialization >>>> in the function as we aren't guaranteed access to TDX module calls. >>> >>> I don't follow. The idea of partitioning is that L2 OS can be >>> unenlightened and have no idea if it runs indide of TD. But this patch >>> tries to enumerate TDX anyway. >>> >>> Why? >>> >> >> That's not the only idea of partitioning. Partitioning provides different privilege >> levels within the TD, and unenlightened L2 OS can be made to work but are inefficient. >> In our case Linux always runs enlightened (both with and without TD partitioning), and >> uses TDX functionality where applicable (TDX vmcalls, PTE encryption bit). > > What value L1 adds in this case? If L2 has to be enlightened just run the > enlightened OS directly as L1 and ditch half-measures. I think you can > gain some performance this way. > It's primarily about the privilege separation, performance is a reason one doesn't want to run unenlightened. The L1 makes the following possible: - TPM emulation within the trust domain but isolated from the OS - infrastructure interfaces for things like VM live migration - support for Virtual Trust Levels[1], Virtual Secure Mode[2] These provide a lot of value to users, it's not at all about half-measures. [1]: https://lore.kernel.org/lkml/1681192532-15460-1-git-send-email-ssengar@xxxxxxxxxxxxxxxxxxx/ [2]: https://lore.kernel.org/lkml/20231108111806.92604-1-nsaenz@xxxxxxxxxx/
