From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Roy Hopkins <roy.hopkins@randomman.co.uk>
Cc: qemu-devel@nongnu.org, Paolo Bonzini <pbonzini@redhat.com>,
Stefano Garzarella <sgarzare@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
"Michael S . Tsirkin" <mst@redhat.com>,
Cornelia Huck <cohuck@redhat.com>,
Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
Sergio Lopez <slp@redhat.com>,
Eduardo Habkost <eduardo@habkost.net>,
Alistair Francis <alistair@alistair23.me>,
Peter Xu <peterx@redhat.com>,
David Hildenbrand <david@redhat.com>,
Igor Mammedov <imammedo@redhat.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Michael Roth <michael.roth@amd.com>,
Ani Sinha <anisinha@redhat.com>, Gerd Hoffman <kraxel@redhat.com>,
Pankaj Gupta <pankaj.gupta@amd.com>,
Joerg Roedel <joro@8bytes.org>
Subject: Re: [PATCH v9 02/16] backends/confidential-guest-support: Add functions to support IGVM
Date: Tue, 8 Jul 2025 16:07:30 +0100 [thread overview]
Message-ID: <aG00MgIsZdXq9bRy@redhat.com> (raw)
In-Reply-To: <23e34a106da87427899f93178102e4a6ef50c966.1751554099.git.roy.hopkins@randomman.co.uk>
On Thu, Jul 03, 2025 at 04:03:10PM +0100, Roy Hopkins wrote:
> In preparation for supporting the processing of IGVM files to configure
> guests, this adds a set of functions to ConfidentialGuestSupport
> allowing configuration of secure virtual machines that can be
> implemented for each supported isolation platform type such as Intel TDX
> or AMD SEV-SNP. These functions will be called by IGVM processing code
> in subsequent patches.
>
> This commit provides a default implementation of the functions that
> either perform no action or generate an error when they are called.
> Targets that support ConfidentalGuestSupport should override these
> implementations.
>
> Signed-off-by: Roy Hopkins <roy.hopkins@randomman.co.uk>
> Acked-by: Michael S. Tsirkin <mst@redhat.com>
> Acked-by: Gerd Hoffman <kraxel@redhat.com>
> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
> Reviewed-by: Ani Sinha <anisinha@redhat.com>
> ---
> backends/confidential-guest-support.c | 31 ++++++++++
> include/system/confidential-guest-support.h | 67 +++++++++++++++++++++
> 2 files changed, 98 insertions(+)
>
> diff --git a/backends/confidential-guest-support.c b/backends/confidential-guest-support.c
> index 8ff7bfa857..c5bef1fbfa 100644
> --- a/backends/confidential-guest-support.c
> +++ b/backends/confidential-guest-support.c
> @@ -14,15 +14,46 @@
> #include "qemu/osdep.h"
>
> #include "system/confidential-guest-support.h"
> +#include "qapi/error.h"
>
> OBJECT_DEFINE_ABSTRACT_TYPE(ConfidentialGuestSupport,
> confidential_guest_support,
> CONFIDENTIAL_GUEST_SUPPORT,
> OBJECT)
>
> +static bool check_support(ConfidentialGuestPlatformType platform,
> + uint16_t platform_version, uint8_t highest_vtl,
> + uint64_t shared_gpa_boundary)
Nit-pick - underindented by 1 space.
> diff --git a/include/system/confidential-guest-support.h b/include/system/confidential-guest-support.h
> index ea46b50c56..79ecd21f42 100644
> --- a/include/system/confidential-guest-support.h
> +++ b/include/system/confidential-guest-support.h
> @@ -64,6 +95,42 @@ typedef struct ConfidentialGuestSupportClass {
>
> int (*kvm_init)(ConfidentialGuestSupport *cgs, Error **errp);
> int (*kvm_reset)(ConfidentialGuestSupport *cgs, Error **errp);
> +
> + /*
> + * Check to see if this confidential guest supports a particular
> + * platform or configuration.
> + *
> + * Return true if supported or false if not supported.
> + */
> + bool (*check_support)(ConfidentialGuestPlatformType platform,
> + uint16_t platform_version, uint8_t highest_vtl,
> + uint64_t shared_gpa_boundary);
Nit-pick: underindented 1 space.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2025-07-08 20:55 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-03 14:59 [PATCH v9 00/16] Introduce support for IGVM files Roy Hopkins
2025-07-03 15:00 ` [PATCH v9 01/16] meson: Add optional dependency on IGVM library Roy Hopkins
2025-07-03 15:03 ` [PATCH v9 02/16] backends/confidential-guest-support: Add functions to support IGVM Roy Hopkins
2025-07-08 15:07 ` Daniel P. Berrangé [this message]
2025-07-11 5:47 ` Ani Sinha
2025-07-03 15:10 ` [PATCH v9 03/16] backends/igvm: Add IGVM loader and configuration Roy Hopkins
2025-07-03 15:11 ` [PATCH v9 04/16] hw/i386: Add igvm-cfg object and processing for IGVM files Roy Hopkins
2025-07-03 15:15 ` [PATCH v9 05/16] i386/pc_sysfw: Ensure sysfw flash configuration does not conflict with IGVM Roy Hopkins
2025-07-03 15:21 ` [PATCH v9 06/16] sev: Update launch_update_data functions to use Error handling Roy Hopkins
2025-07-03 15:31 ` [PATCH v9 07/16] target/i386: Allow setting of R_LDTR and R_TR with cpu_x86_load_seg_cache() Roy Hopkins
2025-07-03 15:31 ` [PATCH v9 08/16] i386/sev: Refactor setting of reset vector and initial CPU state Roy Hopkins
2025-07-08 15:25 ` Daniel P. Berrangé
2025-07-08 15:28 ` Daniel P. Berrangé
2025-07-03 15:34 ` [PATCH v9 09/16] i386/sev: Implement ConfidentialGuestSupport functions for SEV Roy Hopkins
2025-07-03 15:41 ` [PATCH v9 10/16] docs/system: Add documentation on support for IGVM Roy Hopkins
2025-07-03 16:02 ` [PATCH v9 11/16] docs/interop/firmware.json: Add igvm to FirmwareDevice Roy Hopkins
2025-07-03 16:02 ` [PATCH v9 12/16] backends/confidential-guest-support: Add set_guest_policy() function Roy Hopkins
2025-07-03 16:18 ` [PATCH v9 13/16] backends/igvm: Process initialization sections in IGVM file Roy Hopkins
2025-07-03 16:21 ` [PATCH v9 14/16] backends/igvm: Handle policy for SEV guests Roy Hopkins
2025-07-03 16:21 ` [PATCH v9 15/16] i386/sev: Add implementation of CGS set_guest_policy() Roy Hopkins
2025-07-03 16:21 ` [PATCH v9 16/16] sev: Provide sev_features flags from IGVM VMSA to KVM_SEV_INIT2 Roy Hopkins
2025-07-08 13:28 ` [PATCH v9 00/16] Introduce support for IGVM files Stefano Garzarella
2025-07-08 15:32 ` Daniel P. Berrangé
2025-07-08 17:11 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aG00MgIsZdXq9bRy@redhat.com \
--to=berrange@redhat.com \
--cc=alistair@alistair23.me \
--cc=anisinha@redhat.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=eduardo@habkost.net \
--cc=imammedo@redhat.com \
--cc=joro@8bytes.org \
--cc=kraxel@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=michael.roth@amd.com \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pankaj.gupta@amd.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=roy.hopkins@randomman.co.uk \
--cc=sgarzare@redhat.com \
--cc=slp@redhat.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.