Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp7767149rwl;
        Thu, 23 Mar 2023 08:26:52 -0700 (PDT)
X-Google-Smtp-Source: AK7set9gBaMYpdnXNIMxZUPu+vNgEDHYMOyhMf84EzZSpXctKMlOd9FWjhCIclc/R/pC22CE9BN/
X-Received: by 2002:a17:906:51d5:b0:929:b101:937d with SMTP id v21-20020a17090651d500b00929b101937dmr9300863ejk.1.1679585211965;
        Thu, 23 Mar 2023 08:26:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1679585211; cv=none;
        d=google.com; s=arc-20160816;
        b=gNsX0Tw3EB731o6YuIa6aK6W7UzAkfTPHHgsC/3Z+1qniMw7VvBrNKmMd+EOdqm/XV
         eVY9frG7ThqC3jkRiZpd3jYh4bOGMDFFcvXs1usEj14MhvA7SdjzJOTbExC5l+2o1X9A
         1G/ABciRl1o/pty4AZZRkxGmY4yP6XHa7CugEFoza1Aui5hDpegQXOlg7exyNKIgFTqc
         yYSh2KOuzPPKKE5HEdqhK5DbG1SRGhNuW24mozB8sNLkWDT3HY9N5nLTfypeTbUkDl0R
         sIq0cJ2VmdcwH49nUF1btbyXtOiy90Pw1jU6yGn5x1De0KvPJL043/+U9U1/ncSW9e9+
         aFkQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=w/8FQI5qasdjFSo2KwlvPu/61yY7H92avlsMZAE3JXY=;
        b=d6fXVfne/ynHYEw8M0mhcgRTyZh6d6jZeWtz4oTb6RpNGFIJIGkAxuUNTxp5Lg1N+M
         FW1eW1o2Sd06bmjWJQaW3liIzak8UsWj+HiPhkq6w3B9SR9rsJe1u7uPTxKT+glIiUw0
         bFaODkR7qLuPOODRJ/vUy7L5+adoSFny6hX0wlC5sBwPzFHJaz9xm0ByBHeW21qqRAbS
         TC7obaW7TSBYC13pPmakOFnbEJLkSVWFxteuODQyGMOKelRjdZ7JUqU54MW0gVfz5w8z
         gLX3jZlG10SRz2r2mkeB6Rpv1S1PzRcBaQPHsnCSK3otNyCs0QEgW/2goPSAxVTsEUwQ
         kn1g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@alien8.de header.s=dkim header.b="jZ9248/g";
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id z13-20020a170906814d00b009285f242673si18440763ejw.209.2023.03.23.08.25.24;
        Thu, 23 Mar 2023 08:26:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@alien8.de header.s=dkim header.b="jZ9248/g";
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232113AbjCWPXu (ORCPT <rfc822;proase2022@gmail.com> + 99 others);
        Thu, 23 Mar 2023 11:23:50 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45220 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232117AbjCWPXt (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 23 Mar 2023 11:23:49 -0400
Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B3BFF2D15C;
        Thu, 23 Mar 2023 08:23:48 -0700 (PDT)
Received: from zn.tnic (p5de8e687.dip0.t-ipconnect.de [93.232.230.135])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 0FED81EC0104;
        Thu, 23 Mar 2023 16:23:47 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim;
        t=1679585027;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:in-reply-to:in-reply-to:  references:references;
        bh=w/8FQI5qasdjFSo2KwlvPu/61yY7H92avlsMZAE3JXY=;
        b=jZ9248/gHa0ZVU0XUFKLSq7ZtRVgehhgDPrvRDitHgUYpvBatxlo7Go0EIONe8V0SufF/u
        MrO5vkwYtNKlvGVsSstoVr7ox7lo3YVtWXPCK3tq4BiW5grDb7Wp5FSiyGQsNJk73vPDTE
        ogTtzcX6vRt3ADlsuZ87Kg83YeY1Z2Q=
Date:   Thu, 23 Mar 2023 16:23:42 +0100
From:   Borislav Petkov <bp@alien8.de>
To:     Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
Cc:     linux-kernel@vger.kernel.org,
        Brijesh Singh <brijesh.singh@amd.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        "Kalra, Ashish" <ashish.kalra@amd.com>,
        linux-crypto@vger.kernel.org,
        "Rafael J. Wysocki" <rafael@kernel.org>,
        Len Brown <lenb@kernel.org>, linux-acpi@vger.kernel.org,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        Dave Hansen <dave.hansen@linux.intel.com>, x86@kernel.org
Subject: Re: [PATCH v3 0/8] Support ACPI PSP on Hyper-V
Message-ID: <20230323152342.GFZBxu/m3u6aFUDY/7@fat_crate.local>
References: <20230320191956.1354602-1-jpiotrowski@linux.microsoft.com>
 <20230322154655.GDZBsi75f6LnQStxSp@fat_crate.local>
 <1d25221c-eaab-0f97-83aa-8b4fbe3a53ed@linux.microsoft.com>
 <20230322181541.GEZBtFzRAMcH9BAzUe@fat_crate.local>
 <ecf005b1-ddb9-da4c-4526-28df4806426c@linux.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <ecf005b1-ddb9-da4c-4526-28df4806426c@linux.microsoft.com>
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
        DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Thu, Mar 23, 2023 at 03:46:22PM +0100, Jeremi Piotrowski wrote:
> Not at all. Just to be clear: this lights up all the same bits of SNP
> as it does on bare-metal, none of it is emulated away. On bare-metal the
> hypervisor underneath the SNP guest is unencrypted as well. Here the stack
> is: L0 (Hyper-V), L1 (KVM) and L2 (SNP guest).

Yeah, I talked to folks after sending that email yesterday. Apparently
it is ok to do that without compromising SNP guest security but I, in my
eternal paranoia, somehow don't have the warm and fuzzy feeling about
it.

> ... The communication channel between L2 guest and PSP is secured
> using keys that the PSP injects into the SNP guest's address space at
> launch time.

Yeah, all the levels below L2 are required to do it set up env properly
so that L2 SNP guests can run.

> Honestly, I find it pretty cool that you can stuff a whole extra hypervisor
> underneath the SNP guest,

Whatever floats your boat. :-)

As long as it doesn't mess up my interrupt setup code with crazy hacks.

> Not sure I follow you here. The quoted paragraph talks about what the L1
> VM (KVM) sees. The L1 VM needs to issue PSP commands to bring up an L2 SNP
> guest, and later the L1 VM relays SNP guest commands to the PSP. The
> PSP commands are multiplexed to the physical PSP by the L0 hypervisor
> (Hyper-V).
>
> So Hyper-V exposes a PSP to the L1 VM because it is needed and it is
> compatible with the existing Linux driver that handles the PSP. The way
> it is exposed (ACPI table) follows how it was specified by AMD.

No no, it was specified by Microsoft architects.

So, that same interface to the PSP can be done by L0 emulating
a standard ACPI device for the KVM L1 HV and then L1 can use the normal
ACPI interrupt #9.

What's the need for supplying all that other gunk like destination ID,
interrupt vector and so on?

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette