On 1/27/23 05:07, Jean-Philippe Brucker wrote:
When confidential-guest-support is enabled for the virt machine, call
the RME init function, and add the RME flag to the VM type.
* The Realm differentiates non-secure from realm memory using the upper
GPA bit. Reserve that bit when creating the memory map, to make sure
that device MMIO located in high memory can still fit.
* pvtime is disabled for the moment. Since the hypervisor has to write
into the shared pvtime page before scheduling a vcpu, it seems
incompatible with confidential guests.
Signed-off-by: Jean-Philippe Brucker <jean-phili...@linaro.org>
This should be 3 patches:
(1) Including the rme type into the kvm type.
(2) Adjusting the pa size,
(3) Checking the steal-time and randomness flags.
+ /*
+ * Since the devicetree is included in the initial measurement, it must
+ * not contain random data.
+ */
+ if (virt_machine_is_confidential(vms)) {
+ vms->dtb_randomness = false;
+ }
This property is default off, and the only way it can be on is user argument. This should
be an error, not a silent disable.
+ if (virt_machine_is_confidential(vms)) {
+ /*
+ * The host cannot write into a confidential guest's memory until the
+ * guest shares it. Since the host writes the pvtime region before the
+ * guest gets a chance to set it up, disable pvtime.
+ */
+ steal_time = false;
+ }
This property is default on since 5.2, so falls into a different category. Since 5.2 it
is auto-on for 64-bit guests. Since it's auto-off for 32-bit guests, I don't see a
problem with it being auto-off for RME guests.
I do wonder if we should change it to an OnOffAuto property, just to catch
silly usage.
r~
