From: Jan Kiszka <jan.kiszka@siemens.com>
To: "Wang, Shane" <shane.wang@intel.com>
Cc: Avi Kivity <avi@redhat.com>, Zachary Amsden <zamsden@redhat.com>,
kvm <kvm@vger.kernel.org>, Gleb Natapov <gleb@redhat.com>
Subject: Re: [PATCH 1/4] Fix tboot enabled macro
Date: Wed, 26 May 2010 12:39:43 +0200 [thread overview]
Message-ID: <4BFCFA6F.8030000@siemens.com> (raw)
In-Reply-To: <D5AB6E638E5A3E4B8F4406B113A5A19A1E85890F@shsmsx501.ccr.corp.intel.com>
Wang, Shane wrote:
> Avi Kivity wrote:
>> On 05/26/2010 10:25 AM, Jan Kiszka wrote:
>>> This is for CONFIG_INTEL_TXT enabled? Good point but needs to be
>>> solved differently. tboot, the variable that is checked by the
>>> original header, is not exported to modules. I wonder how this
>>> worked out for you...
>>>
>>> Solution should be: hack tboot_enabled to kvm_tboot_enabled and
>>> unconditionally define that to 0 for older kernels. If tboot is
>>> actually enabled in hardware, KVM may not load but I'm unsure if
>>> it's OK to assume tboot == 1 for that case or if that will cause
>>> breakages if it's off instead - CC'ing the KVM patch author.
>>>
>> Worst case it doesn't load. I don't think it's a problem since
>> enabling tboot will be rare for older kernels.
>
> tboot is not 0 if tboot module is run before kernel.
> If "tboot is enabled in hardware" (I assume you mean if Intel TXT is enabled in hardware)
> but tboot module is not run or old kernels don't support tboot module,
> we still have outside_smx bit in feature msr. Why might KVM not load?
If we have to hard-wire tboot_enabled in kvm-kmod to 0, KVM may not test
all required bits and erroneously assume VTX would be disabled.
So I wondered what would happen if we hard-wired it to 1, pretending
that the tboot modules is loaded. Would we gain something without
loosing on some other end? If not, I would simply leave things as they
are now (i.e. always assuming tboot absence).
Thanks,
Jan
--
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux
next prev parent reply other threads:[~2010-05-26 10:39 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-26 3:33 [PATCH 1/4] Fix tboot enabled macro Zachary Amsden
2010-05-26 7:25 ` Jan Kiszka
2010-05-26 8:38 ` Avi Kivity
2010-05-26 9:23 ` Wang, Shane
2010-05-26 10:39 ` Jan Kiszka [this message]
2010-05-27 7:21 ` Wang, Shane
2010-05-27 8:36 ` Jan Kiszka
2010-05-27 9:13 ` Wang, Shane
2010-05-27 9:23 ` Jan Kiszka
2010-05-27 9:27 ` Wang, Shane
2010-05-27 10:15 ` Avi Kivity
2010-05-27 18:22 ` Cihula, Joseph
2010-05-27 7:25 ` Wang, Shane
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BFCFA6F.8030000@siemens.com \
--to=jan.kiszka@siemens.com \
--cc=avi@redhat.com \
--cc=gleb@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=shane.wang@intel.com \
--cc=zamsden@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox