On 07/12/2023 18:36, Reshetova, Elena wrote:
The TDVMCALLs are related to the I/O path (networking/block io) into the L2
>> guest, and
so they intentionally go straight to L0 and are never injected to L1. L1
is not
involved in that path at all.
Using something differe
On Thu, 2023-12-07 at 20:35 +0100, Jeremi Piotrowski wrote:
> On 07/12/2023 18:21, Jeremi Piotrowski wrote:
> > On 07/12/2023 13:58, Huang, Kai wrote:
> > > >
> > > > That's how it currently works - all the enlightenments are in
> > > > hypervisor/paravisor
> > > > specific code in arch/x86/hyper
On Thu, Dec 07, 2023 at 06:06:38PM +0100, Jeremi Piotrowski wrote:
> >
> >> This doesn't work in partitioning when TDVMCALLs go to L0:
> >> TDVMCALL_MAP_GPA bypasses
> >> L1 and TDX_ACCEPT_PAGE is L1 responsibility.
> >>
> >> If you want to see how this is currently supported take a look at
> >>
On 07/12/2023 18:21, Jeremi Piotrowski wrote:
> On 07/12/2023 13:58, Huang, Kai wrote:
>>>
>>> That's how it currently works - all the enlightenments are in
>>> hypervisor/paravisor
>>> specific code in arch/x86/hyperv and drivers/hv and the vm is not marked
>>> with
>>> X86_FEATURE_TDX_GUEST.
>>
> >> The TDVMCALLs are related to the I/O path (networking/block io) into the L2
> guest, and
> >> so they intentionally go straight to L0 and are never injected to L1. L1
> >> is not
> >> involved in that path at all.
> >>
> >> Using something different than TDVMCALLs here would lead to additiona
On 07/12/2023 13:58, Huang, Kai wrote:
>>
>> That's how it currently works - all the enlightenments are in
>> hypervisor/paravisor
>> specific code in arch/x86/hyperv and drivers/hv and the vm is not marked with
>> X86_FEATURE_TDX_GUEST.
>
> And I believe there's a reason that the VM is not marke
On 06/12/2023 23:54, Kirill A. Shutemov wrote:
> On Wed, Dec 06, 2023 at 06:49:11PM +0100, Jeremi Piotrowski wrote:
>> On 05/12/2023 11:54, Kirill A. Shutemov wrote:
>>> On Mon, Dec 04, 2023 at 08:07:38PM +0100, Jeremi Piotrowski wrote:
On 04/12/2023 10:17, Reshetova, Elena wrote:
>> Check
>
> > I think we are lacking background of this usage model and how it works. For
> > instance, typically L2 is created by L1, and L1 is responsible for L2's
> > device
> > I/O emulation. I don't quite understand how could L0 emulate L2's device
> > I/O?
> >
> > Can you provide more informat
On Wed, Dec 06, 2023 at 06:49:11PM +0100, Jeremi Piotrowski wrote:
> On 05/12/2023 11:54, Kirill A. Shutemov wrote:
> > On Mon, Dec 04, 2023 at 08:07:38PM +0100, Jeremi Piotrowski wrote:
> >> On 04/12/2023 10:17, Reshetova, Elena wrote:
> Check for additional CPUID bits to identify TDX guests
On 05/12/2023 14:26, Huang, Kai wrote:
>>
>
> Hm. Okay.
>
> Can we take a step back? What is bigger picture here? What enlightenment
> do you expect from the guest when everything is in-place?
>
All the functional enlightenment are already in place in the kernel an
On 05/12/2023 11:54, Kirill A. Shutemov wrote:
> On Mon, Dec 04, 2023 at 08:07:38PM +0100, Jeremi Piotrowski wrote:
>> On 04/12/2023 10:17, Reshetova, Elena wrote:
Check for additional CPUID bits to identify TDX guests running with Trust
Domain (TD) partitioning enabled. TD partitioning i
>
> > > >
> > > > Hm. Okay.
> > > >
> > > > Can we take a step back? What is bigger picture here? What enlightenment
> > > > do you expect from the guest when everything is in-place?
> > > >
> > >
> > > All the functional enlightenment are already in place in the kernel and
> > > everything wo
> On 04/12/2023 10:17, Reshetova, Elena wrote:
> >> Check for additional CPUID bits to identify TDX guests running with Trust
> >> Domain (TD) partitioning enabled. TD partitioning is like nested
> >> virtualization
> >> inside the Trust Domain so there is a L1 TD VM(M) and there can be L2 TD
> VM
On Mon, Dec 04, 2023 at 08:07:38PM +0100, Jeremi Piotrowski wrote:
> On 04/12/2023 10:17, Reshetova, Elena wrote:
> >> Check for additional CPUID bits to identify TDX guests running with Trust
> >> Domain (TD) partitioning enabled. TD partitioning is like nested
> >> virtualization
> >> inside the
On 29/11/2023 17:40, Borislav Petkov wrote:
> On Wed, Nov 22, 2023 at 06:19:20PM +0100, Jeremi Piotrowski wrote:
>> Which approach do you prefer?
>
> I'm trying to figure out from the whole thread, what this guest is.
Wanted to clarify some things directly here. This type guest is supported
in th
On 04/12/2023 10:17, Reshetova, Elena wrote:
>> Check for additional CPUID bits to identify TDX guests running with Trust
>> Domain (TD) partitioning enabled. TD partitioning is like nested
>> virtualization
>> inside the Trust Domain so there is a L1 TD VM(M) and there can be L2 TD
>> VM(s).
>>
On 30/11/2023 10:21, Borislav Petkov wrote:
> On Thu, Nov 30, 2023 at 08:31:03AM +, Reshetova, Elena wrote:
>> No threats whatsoever,
>
> I don't mean you - others. :-)
>
>> I just truly don’t know details of SEV architecture on this and how it
>> envisioned to operate under this nesting scen
On 30/11/2023 09:31, Reshetova, Elena wrote:
>
>> On Thu, Nov 30, 2023 at 07:08:00AM +, Reshetova, Elena wrote:
>>> ...
>>> 3. Normal TDX 1.0 guest that is unaware that it runs in partitioned
>>>environment
>>> 4. and so on
>>
>> There's a reason I call it a virt zoo.
>>
>>> I don’t know i
> Check for additional CPUID bits to identify TDX guests running with Trust
> Domain (TD) partitioning enabled. TD partitioning is like nested
> virtualization
> inside the Trust Domain so there is a L1 TD VM(M) and there can be L2 TD
> VM(s).
>
> In this arrangement we are not guaranteed that t
On 29/11/2023 05:36, Huang, Kai wrote:
> On Fri, 2023-11-24 at 17:19 +0100, Jeremi Piotrowski wrote:
>> On 24/11/2023 14:33, Kirill A. Shutemov wrote:
>>> On Fri, Nov 24, 2023 at 12:04:56PM +0100, Jeremi Piotrowski wrote:
On 24/11/2023 11:43, Kirill A. Shutemov wrote:
> On Fri, Nov 24, 202
On Thu, Nov 30, 2023 at 08:31:03AM +, Reshetova, Elena wrote:
> No threats whatsoever,
I don't mean you - others. :-)
> I just truly don’t know details of SEV architecture on this and how it
> envisioned to operate under this nesting scenario. I raised this
> point to see if we can build the
> On Thu, Nov 30, 2023 at 07:08:00AM +, Reshetova, Elena wrote:
> > ...
> > 3. Normal TDX 1.0 guest that is unaware that it runs in partitioned
> >environment
> > 4. and so on
>
> There's a reason I call it a virt zoo.
>
> > I don’t know if AMD architecture would support all this spectru
On Thu, Nov 30, 2023 at 07:08:00AM +, Reshetova, Elena wrote:
> ...
> 3. Normal TDX 1.0 guest that is unaware that it runs in partitioned
>environment
> 4. and so on
There's a reason I call it a virt zoo.
> I don’t know if AMD architecture would support all this spectrum of
> the guests t
> On Wed, Nov 22, 2023 at 06:19:20PM +0100, Jeremi Piotrowski wrote:
> > Which approach do you prefer?
>
> I'm trying to figure out from the whole thread, what this guest is.
>
> * A HyperV second-level guest
>
> * of type TDX
>
> * Needs to defer cc_mask and page visibility bla...
>
> * need
On Wed, Nov 22, 2023 at 06:19:20PM +0100, Jeremi Piotrowski wrote:
> Which approach do you prefer?
I'm trying to figure out from the whole thread, what this guest is.
* A HyperV second-level guest
* of type TDX
* Needs to defer cc_mask and page visibility bla...
* needs to disable TDX module c
On Fri, 2023-11-24 at 17:19 +0100, Jeremi Piotrowski wrote:
> On 24/11/2023 14:33, Kirill A. Shutemov wrote:
> > On Fri, Nov 24, 2023 at 12:04:56PM +0100, Jeremi Piotrowski wrote:
> > > On 24/11/2023 11:43, Kirill A. Shutemov wrote:
> > > > On Fri, Nov 24, 2023 at 11:31:44AM +0100, Jeremi Piotrowsk
On 24/11/2023 14:33, Kirill A. Shutemov wrote:
> On Fri, Nov 24, 2023 at 12:04:56PM +0100, Jeremi Piotrowski wrote:
>> On 24/11/2023 11:43, Kirill A. Shutemov wrote:
>>> On Fri, Nov 24, 2023 at 11:31:44AM +0100, Jeremi Piotrowski wrote:
On 23/11/2023 14:58, Kirill A. Shutemov wrote:
> On W
On Fri, Nov 24, 2023 at 12:04:56PM +0100, Jeremi Piotrowski wrote:
> On 24/11/2023 11:43, Kirill A. Shutemov wrote:
> > On Fri, Nov 24, 2023 at 11:31:44AM +0100, Jeremi Piotrowski wrote:
> >> On 23/11/2023 14:58, Kirill A. Shutemov wrote:
> >>> On Wed, Nov 22, 2023 at 06:01:04PM +0100, Jeremi Piotr
On 24/11/2023 11:43, Kirill A. Shutemov wrote:
> On Fri, Nov 24, 2023 at 11:31:44AM +0100, Jeremi Piotrowski wrote:
>> On 23/11/2023 14:58, Kirill A. Shutemov wrote:
>>> On Wed, Nov 22, 2023 at 06:01:04PM +0100, Jeremi Piotrowski wrote:
Check for additional CPUID bits to identify TDX guests ru
On Fri, Nov 24, 2023 at 11:31:44AM +0100, Jeremi Piotrowski wrote:
> On 23/11/2023 14:58, Kirill A. Shutemov wrote:
> > On Wed, Nov 22, 2023 at 06:01:04PM +0100, Jeremi Piotrowski wrote:
> >> Check for additional CPUID bits to identify TDX guests running with Trust
> >> Domain (TD) partitioning ena
On 23/11/2023 14:58, Kirill A. Shutemov wrote:
> On Wed, Nov 22, 2023 at 06:01:04PM +0100, Jeremi Piotrowski wrote:
>> Check for additional CPUID bits to identify TDX guests running with Trust
>> Domain (TD) partitioning enabled. TD partitioning is like nested
>> virtualization
>> inside the Trust
On Wed, Nov 22, 2023 at 06:01:04PM +0100, Jeremi Piotrowski wrote:
> Check for additional CPUID bits to identify TDX guests running with Trust
> Domain (TD) partitioning enabled. TD partitioning is like nested
> virtualization
> inside the Trust Domain so there is a L1 TD VM(M) and there can be L2
On 22/11/2023 18:01, Jeremi Piotrowski wrote:
> Check for additional CPUID bits to identify TDX guests running with Trust
> Domain (TD) partitioning enabled. TD partitioning is like nested
> virtualization
> inside the Trust Domain so there is a L1 TD VM(M) and there can be L2 TD
> VM(s).
>
> In
33 matches
Mail list logo
