From: Sean Christopherson <seanjc@google.com>
To: Jason Chen CJ <jason.cj.chen@intel.com>
Cc: kvm@vger.kernel.org
Subject: Re: [RFC PATCH part-1 0/5] pKVM on Intel Platform Introduction
Date: Mon, 13 Mar 2023 09:33:41 -0700 [thread overview]
Message-ID: <ZA9QZcADubkx/3Ev@google.com> (raw)
In-Reply-To: <20230312180048.1778187-1-jason.cj.chen@intel.com>
On Mon, Mar 13, 2023, Jason Chen CJ wrote:
> There are similar use cases on x86 platforms requesting protected
> environment which is isolated from host OS for confidential computing.
What exactly are those use cases? The more details you can provide, the better.
E.g. restricting the isolated VMs to 64-bit mode a la TDX would likely simplify
the pKVM implementation.
> HW solutions e.g. TDX [5] also exist to support above use cases. But
> they are available only on very new platforms. Hence having a software
> solution on massive existing platforms is also plausible.
TDX is a software solution, not a hardware solution. TDX relies on hardware features
that are only present in bleeding edge CPUs, e.g. SEAM, but TDX itself is software.
I bring that up because this RFC, especially since it's being posted by folks
from Intel, raises the question: why not utilize SEAM to implement pKVM for x86?
next prev parent reply other threads:[~2023-03-13 16:35 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-12 18:00 [RFC PATCH part-1 0/5] pKVM on Intel Platform Introduction Jason Chen CJ
2023-03-12 18:00 ` [RFC PATCH part-1 1/5] pkvm: arm64: Move nvhe/spinlock.h to include/asm dir Jason Chen CJ
2023-03-12 18:00 ` [RFC PATCH part-1 2/5] pkvm: arm64: Make page allocator arch agnostic Jason Chen CJ
2023-03-12 18:00 ` [RFC PATCH part-1 3/5] pkvm: arm64: Move page allocator to virt/kvm/pkvm Jason Chen CJ
2023-03-12 18:00 ` [RFC PATCH part-1 4/5] pkvm: arm64: Make memory reservation arch agnostic Jason Chen CJ
2023-03-12 18:00 ` [RFC PATCH part-1 5/5] pkvm: arm64: Move general part of memory reservation to virt/kvm/pkvm Jason Chen CJ
2023-03-13 16:33 ` Sean Christopherson [this message]
2023-03-14 16:17 ` [RFC PATCH part-1 0/5] pKVM on Intel Platform Introduction Jason Chen CJ
2023-03-14 14:21 ` Sean Christopherson
2023-03-16 8:50 ` Jason Chen CJ
2023-03-24 10:30 ` Keir Fraser
2023-06-07 14:26 ` Mickaël Salaün
2023-06-08 21:06 ` Dmytro Maluka
[not found] ` <d0900265-6ae6-2430-8185-4f9d153ec105@intel.com>
2023-06-09 8:08 ` Dmytro Maluka
2023-06-09 16:57 ` Trilok Soni
2023-06-09 18:44 ` Dmytro Maluka
2023-06-10 8:56 ` Dmytro Maluka
2023-06-13 17:45 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZA9QZcADubkx/3Ev@google.com \
--to=seanjc@google.com \
--cc=jason.cj.chen@intel.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.