From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: "Jörg Rödel" <jroedel@suse.de>
Cc: amd-sev-snp@lists.suse.com, linux-coco@lists.linux.dev,
kvm@vger.kernel.org
Subject: Re: [ANNOUNCEMENT] COCONUT Secure VM Service Module for SEV-SNP
Date: Tue, 21 Mar 2023 16:56:20 +0000 [thread overview]
Message-ID: <ZBnhtEsMhuvwfY75@work-vm> (raw)
In-Reply-To: <ZBnMZsWMJMkxOelX@suse.de>
* Jörg Rödel (jroedel@suse.de) wrote:
> Hi Dave,
>
> On Tue, Mar 21, 2023 at 03:06:19PM +0000, Dr. David Alan Gilbert wrote:
> > Interesting; it would have been nice to have known about this a little
> > earlier, some people have been working on stuff built on top of the AMD
> > one for a while.
>
> Sorry for that, we wanted to have it in a state where it could at least
> boot an SMP Linux guest. It took us some more time to get the
> foundations right and get to that point.
>
> > You mention two things that I wonder how they interact:
> >
> > a) TPMs in the future at a higher ring
> > b) Making (almost) unmodified guests
> >
> > What interface do you expect the guest to see from the TPM - would it
> > look like an existing TPM hardware interface or would you need some
> > changes?
>
> For a) without b) the guest interface will be the SVSM TPM protocol. The
> ring-0 code will forward any request to the TPM process and return to
> the guest when it is done.
>
> For b), or the paravisor mode, this is the vision, which is probably
> more than a year out. The idea behind that is to be able to emulate what
> Hyper-V is doing to boot Windows guests under SEV-SNP on an open source
> SW stack.
>
> How the TPM interface will look like for that paravisor mode is not
> clear yet. In theory we can emulate a real TPM interface to make this
> work, but that is not sure yet.
OK, I'm just trying to avoid having guests that have a zillion different
TPM setups for different SVSM and clouds.
Timing is a little tricky here; in many ways the thing that sounds
nicest to me about Coconut is the mostly-unmodified guest (b) - but if
that's a while out then hmm.
Dave
> Regards,
>
> --
> Jörg Rödel
> jroedel@suse.de
>
> SUSE Software Solutions Germany GmbH
> Frankenstraße 146
> 90461 Nürnberg
> Germany
>
> (HRB 36809, AG Nürnberg)
> Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2023-03-21 16:56 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-21 9:29 [ANNOUNCEMENT] COCONUT Secure VM Service Module for SEV-SNP Jörg Rödel
2023-03-21 11:09 ` James Bottomley
2023-03-21 12:43 ` Jörg Rödel
2023-03-21 13:43 ` James Bottomley
2023-03-21 15:14 ` Jörg Rödel
2023-03-21 17:48 ` Dr. David Alan Gilbert
2023-03-21 18:50 ` Jörg Rödel
2023-03-21 20:05 ` James Bottomley
2023-03-22 1:29 ` Marc Orr
2023-03-22 17:57 ` Daniel P. Berrangé
2023-03-22 9:15 ` Jörg Rödel
2023-03-22 18:07 ` Daniel P. Berrangé
2023-03-22 18:24 ` Dionna Amalie Glaze
2023-03-21 15:06 ` Dr. David Alan Gilbert
2023-03-21 15:25 ` Jörg Rödel
2023-03-21 16:56 ` Dr. David Alan Gilbert [this message]
2023-03-21 19:03 ` Jörg Rödel
2023-03-21 19:53 ` Dr. David Alan Gilbert
2023-03-22 9:19 ` Jörg Rödel
2023-03-22 9:43 ` Alexander Graf
2023-03-22 10:34 ` Dr. David Alan Gilbert
2023-03-22 17:37 ` Dionna Amalie Glaze
2023-03-22 17:47 ` Dr. David Alan Gilbert
2023-03-22 21:53 ` James Bottomley
2023-04-11 19:57 ` Tom Lendacky
2023-04-11 20:01 ` Dionna Amalie Glaze
2023-04-13 16:57 ` James Bottomley
2023-04-14 9:00 ` Jörg Rödel
2023-05-02 23:03 ` Tom Lendacky
2023-05-03 12:26 ` Jörg Rödel
2023-05-03 15:24 ` Dionna Amalie Glaze
2023-05-03 15:43 ` James Bottomley
2023-05-03 16:10 ` Daniel P. Berrangé
2023-05-03 16:51 ` Claudio Carvalho
2023-05-03 17:16 ` Alexander Graf
2023-05-05 15:34 ` Jörg Rödel
2023-05-05 15:47 ` Daniel P. Berrangé
2023-05-04 17:04 ` James Bottomley
2023-05-05 12:35 ` Christophe de Dinechin
2023-05-06 12:48 ` James Bottomley
2023-05-08 5:16 ` Alexander Graf
2023-05-05 15:02 ` Jörg Rödel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZBnhtEsMhuvwfY75@work-vm \
--to=dgilbert@redhat.com \
--cc=amd-sev-snp@lists.suse.com \
--cc=jroedel@suse.de \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.