On Fri, Jan 27, 2023 at 11:07:35AM -1000, Richard Henderson wrote:
> > + /*
> > + * Since the devicetree is included in the initial measurement, it must
> > + * not contain random data.
> > + */
> > + if (virt_machine_is_confidential(vms)) {
> > + vms->dtb_randomness = false;
> > + }
>
> This property is default off, and the only way it can be on is user
> argument. This should be an error, not a silent disable.
This one seems to default to true in virt_instance_init(), and I did need
to disable it in order to get deterministic measurements. Maybe I could
throw an error only when the user attempts to explicitly enables it.
> > + if (virt_machine_is_confidential(vms)) {
> > + /*
> > + * The host cannot write into a confidential guest's memory until
> > the
> > + * guest shares it. Since the host writes the pvtime region before
> > the
> > + * guest gets a chance to set it up, disable pvtime.
> > + */
> > + steal_time = false;
> > + }
>
> This property is default on since 5.2, so falls into a different category.
> Since 5.2 it is auto-on for 64-bit guests. Since it's auto-off for 32-bit
> guests, I don't see a problem with it being auto-off for RME guests.
>
> I do wonder if we should change it to an OnOffAuto property, just to catch
> silly usage.
I'll look into that
Thanks,
Jean
