Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp2836715rdb; Mon, 4 Dec 2023 08:46:04 -0800 (PST) X-Google-Smtp-Source: AGHT+IF/j9eyJrwTky6HRuZQTtDsXWK110mkeGfvBv7d8RLlNqgB9aiT8jei2Eco0XYyS2bxr5sb X-Received: by 2002:a17:902:e807:b0:1d0:6ffd:f209 with SMTP id u7-20020a170902e80700b001d06ffdf209mr1981410plg.95.1701708364171; Mon, 04 Dec 2023 08:46:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701708364; cv=none; d=google.com; s=arc-20160816; b=aYduFZ0ZIpTCe+E1OZt27M2a38gP+06MHzczlwmb72p58zUPrJoqCrLOeRulQlxBwK ypuayKBzmdDv5Hht969pzYkLxxH+RVTeFaLz1lUb6UzisHVTtybj9Gi3fN6FMFKAFYOz fOJSkDV3giHXeFUEsA0W+HeNFeRz3tbiyYDM+IqSB4FGDl+1K6Fg4n4q6xPES6hMfgdf qu9+M+I0u/S7QQAIT8rFEb/8YuHABeNL3uT+wscamTSXZnX+5UYv7WXWFapbScxnNhAX GJQ1l3OU/NY7uYnj1fn4QOHSFelWS28JH+V4eGt5u9gPSCQ+9zwQh7hnvsYKduxqCluY x65Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature:dkim-filter; bh=WmfHCN3jVeLCujfeKdxoJP9+xwCwqUAHJemHoreeygQ=; fh=pCPubmUbpv+7gqwON1wnvfpHT8g2FU9h/VAkOyWbVj0=; b=IFznoS6WRoqggVJwcCqoc2hUEWbcBkGip4j6DHiQKlC0UQ3fkTGmryvLKpHXQM1tpa FvHeO+QYCwuJx1qZUi6kjFS3DltYatz1ZMGqTjjZqX4lIm8yuwqpy1Z2UiZ7FopVplUX vf2jcGkipI3VdlN+ju485uLaOJuJztxLknAroZKqDY8McTeMwQGBrgNoVAftCKT2KvaW 6ACI6eOQLeKShiWtAL4ViukrRhrxajPi2JbSOmU9IJbBUxm88fJI0hbQ+ysvJw4bvVpP YoX2TXkenSABbH9SagNAzSOEzzImvhlnHS+hN+msQ2O2UlVIUBXYW8we6h8qPMe5Rs1w eitg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=KFlFC6V3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id e2-20020a170902d38200b001cf77931eb1si4665496pld.4.2023.12.04.08.46.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 08:46:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=KFlFC6V3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 9D65A807C742; Mon, 4 Dec 2023 08:45:22 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230350AbjLDQpD (ORCPT + 99 others); Mon, 4 Dec 2023 11:45:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229477AbjLDQpC (ORCPT ); Mon, 4 Dec 2023 11:45:02 -0500 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 301939B; Mon, 4 Dec 2023 08:45:08 -0800 (PST) Received: from [172.20.10.13] (unknown [83.232.59.81]) by linux.microsoft.com (Postfix) with ESMTPSA id 0511820B74C0; Mon, 4 Dec 2023 08:44:51 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 0511820B74C0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1701708307; bh=WmfHCN3jVeLCujfeKdxoJP9+xwCwqUAHJemHoreeygQ=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=KFlFC6V35RPeaHC9w0beCchXcugku32yKVEsntKZ3fKxjfVgUqS68wvMhqXHdbBbE frmWEegr00kCD9RMUNe6mjL52CJ2jwKyND8zZ9wRe7sMGxSgqsnpQUDI2HGBVnZi7k M82u7dWOIncYGS28B/PcXwmhxyVDQCkk1nOwdxog= Message-ID: <450a50ba-4c87-4137-9feb-de8f17e3dfa6@linux.microsoft.com> Date: Mon, 4 Dec 2023 17:44:48 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v1 1/3] x86/tdx: Check for TDX partitioning during early TDX init Content-Language: en-US To: Borislav Petkov , "Reshetova, Elena" Cc: "linux-hyperv@vger.kernel.org" , "stefan.bader@canonical.com" , "tim.gardner@canonical.com" , "roxana.nicolescu@canonical.com" , "cascardo@canonical.com" , "kys@microsoft.com" , "haiyangz@microsoft.com" , "wei.liu@kernel.org" , "sashal@kernel.org" , "stable@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "H. Peter Anvin" , Dave Hansen , Ingo Molnar , "Kirill A. Shutemov" , Michael Kelley , Nikolay Borisov , Peter Zijlstra , Thomas Gleixner , Tom Lendacky , "x86@kernel.org" , "Cui, Dexuan" References: <20231122170106.270266-1-jpiotrowski@linux.microsoft.com> <0799b692-4b26-4e00-9cec-fdc4c929ea58@linux.microsoft.com> <20231129164049.GVZWdpkVlc8nUvl/jx@fat_crate.local> <20231130075559.GAZWhAD5ScHoxbbTxL@fat_crate.local> <20231130092119.GBZWhUD6LscxYOpxNl@fat_crate.local> From: Jeremi Piotrowski In-Reply-To: <20231130092119.GBZWhUD6LscxYOpxNl@fat_crate.local> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Mon, 04 Dec 2023 08:45:22 -0800 (PST) On 30/11/2023 10:21, Borislav Petkov wrote: > On Thu, Nov 30, 2023 at 08:31:03AM +0000, Reshetova, Elena wrote: >> No threats whatsoever, > > I don't mean you - others. :-) > >> I just truly don’t know details of SEV architecture on this and how it >> envisioned to operate under this nesting scenario. I raised this >> point to see if we can build the common understanding on this. My >> personal understanding (please correct me) was that SEV would also >> allow different types of L2 guests, so I think we should be aligning >> on this. > > Yes, makes sense. The only L2 thing I've heard of is some Azure setup. "L2" is the Intel terminology in TD-partitioning (see figure 11.2 in [1]), but Azure uses it for the exact same thing as VMPLs in SEV-SNP. On the AMD side the community is working on Coconut SVSM[2] and there was an AMD SVSM[3] project before that, both of them have the same idea as the Azure paravisor. SUSE, Red Hat, IBM and others are active in SVSM development, we've also started contributing. I think this kind of usage will also appear on TDX soon. [1]: https://cdrdv2.intel.com/v1/dl/getContent/773039 [2]: https://github.com/coconut-svsm/svsm [3]: https://github.com/AMDESE/linux-svsm > >> Yes, agree, so what are our options and overall strategy on this? We >> can try to push as much as possible complexity into L1 VMM in this >> scenario to keep the guest kernel almost free from these sprinkling >> differences. > > I like that angle. :) > >> Afterall the L1 VMM can emulate whatever it wants for the guest. >> We can also see if there is a true need to add another virtualization >> abstraction here, i.e. "nested encrypted guest". > > Yes, that too. I'm sceptical but there are use cases with that paravisor > thing and being able to run an unmodified guest, i.e., something like > a very old OS which no one develops anymore but customers simply can't > part ways with it for raisins I don't think we'll be seeing Windows XP TDX/SNP guests :) The primary use case for the paravisor (/SVSM) is pretty common across the the industry and projects that I shared: TPM emulation. Then comes the other stuff: live migration, "trustlets", further device emulation. All this inside the confidential boundary. > >> Any other options we should be considering as overall strategy? > > The less the kernel knows about guests, the better, I'd say. > The challenge lies in navigating the Venn diagram of: standard guest, TDX guest and SNP guest. Is a "guest" more "TDX" or more "Hyper-V" (or KVM/Vmware)? Should the TDX (and SNP) code be extended with more knowledge of hypervisor interfaces or should the hypervisor interfaces know more about TDX/SNP. I'd love it if we all had some agreement on this. I posted these patches based on suggestions that TDX guest-ness takes precedence. > The other thing I'm missing most of the time is, people come with those > patches enabling this and that but nowhere does it say: "we would love > to have this because of this great idea we had" or "brings so much more > performance" or "amazing code quality imrpovement" or, or other great > reason. > > Rather, it is "yeah, we do this and you should support it". Well, nope. > I hear you, that's we've been making an effort to be more open about use cases and capabilities along with patches. We also care about simplifying the code to make it easier to follow the flows. I think the whole kernel has come a long way since the first confidential guest patches were posted. Jeremi > Thx. >