From: <dan.j.williams@intel.com>
To: Roman Kisel <romank@linux.microsoft.com>, <dan.j.williams@intel.com>
Cc: <Tianyu.Lan@microsoft.com>, <alok.a.tiwari@oracle.com>,
<apais@microsoft.com>, <arnd@arndb.de>, <benhill@microsoft.com>,
<bp@alien8.de>, <bperkins@microsoft.com>, <corbet@lwn.net>,
<dave.hansen@linux.intel.com>, <decui@microsoft.com>,
<haiyangz@microsoft.com>, <hpa@zytor.com>, <kys@microsoft.com>,
<linux-arch@vger.kernel.org>, <linux-coco@lists.linux.dev>
Subject: Re: [PATCH hyperv-next v4 15/16] Drivers: hv: Support establishing the confidential VMBus connection
Date: Mon, 25 Aug 2025 16:57:16 -0700 [thread overview]
Message-ID: <68acf85c42fb7_75db100d@dwillia2-mobl4.notmuch> (raw)
In-Reply-To: <0e808267-7955-4a37-8726-2a4e3040dd11@linux.microsoft.com>
Roman Kisel wrote:
[..]
> Trying to understand the question, thinking out loud. The paravisor is
> running within the same GPA space as the guest, the host/hv cannot
> access the CPU context and the memory assigned to the paravisor and the
> guest until they share the pages, the paravisor is measured and goes
> through attestation. From that, the customer has the control over the
> chain of trust. They can rebuild the paravisor if they wish to do so.
Ah, that is the detail I was missing the paravisor is provided by the
tenant so it could be measured by secure boot or similar mechanism the
tenant uses to measure the kernel and/or initrd image.
I also now realize this is not trying to enable device drivers other
than existing VMBUS drivers that do not need to have explicit knowledge
that the transport channel is now encrypted.
So, carry on, sorry for the noise. TDISP is trying to solve a wholly
different problem in its support for unmodified drivers without
something like a VMBUS abstraction to secure the communication channel.
next prev parent reply other threads:[~2025-08-25 23:57 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-14 22:15 [PATCH hyperv-next v4 00/16] Confidential VMBus Roman Kisel
2025-07-14 22:15 ` [PATCH hyperv-next v4 01/16] Documentation: hyperv: " Roman Kisel
2025-07-22 17:43 ` Michael Kelley
2025-07-14 22:15 ` [PATCH hyperv-next v4 02/16] drivers: hv: VMBus protocol version 6.0 Roman Kisel
2025-07-22 17:43 ` Michael Kelley
2025-07-14 22:15 ` [PATCH hyperv-next v4 03/16] arch: hyperv: Get/set SynIC synth.registers via paravisor Roman Kisel
2025-07-15 12:46 ` kernel test robot
2025-07-22 17:43 ` Michael Kelley
2025-07-14 22:15 ` [PATCH hyperv-next v4 04/16] arch/x86: mshyperv: Trap on access for some synthetic MSRs Roman Kisel
2025-07-15 17:58 ` kernel test robot
2025-07-22 17:43 ` Michael Kelley
2025-07-25 8:04 ` Tianyu Lan
2025-07-14 22:15 ` [PATCH hyperv-next v4 05/16] Drivers: hv: Rename fields for SynIC message and event pages Roman Kisel
2025-07-15 21:46 ` kernel test robot
2025-07-22 17:44 ` Michael Kelley
2025-07-25 8:18 ` Tianyu Lan
2025-07-14 22:15 ` [PATCH hyperv-next v4 06/16] Drivers: hv: Allocate the paravisor SynIC pages when required Roman Kisel
2025-07-22 17:44 ` Michael Kelley
2025-07-25 8:23 ` Tianyu Lan
2025-07-14 22:15 ` [PATCH hyperv-next v4 07/16] Drivers: hv: Post messages through the confidential VMBus if available Roman Kisel
2025-07-22 17:44 ` Michael Kelley
2025-07-25 11:07 ` Tianyu Lan
2025-07-14 22:15 ` [PATCH hyperv-next v4 08/16] Drivers: hv: remove stale comment Roman Kisel
2025-07-22 17:44 ` Michael Kelley
2025-07-25 11:08 ` Tianyu Lan
2025-07-14 22:15 ` [PATCH hyperv-next v4 09/16] Drivers: hv: Check message and event pages for non-NULL before iounmap() Roman Kisel
2025-07-22 17:44 ` Michael Kelley
2025-07-25 11:14 ` Tianyu Lan
2025-07-14 22:15 ` [PATCH hyperv-next v4 10/16] Drivers: hv: Rename the SynIC enable and disable routines Roman Kisel
2025-07-22 17:44 ` Michael Kelley
2025-07-25 11:21 ` Tianyu Lan
2025-07-14 22:15 ` [PATCH hyperv-next v4 11/16] Drivers: hv: Functions for setting up and tearing down the paravisor SynIC Roman Kisel
2025-07-22 17:44 ` Michael Kelley
2025-07-14 22:15 ` [PATCH hyperv-next v4 12/16] Drivers: hv: Allocate encrypted buffers when requested Roman Kisel
2025-07-22 17:44 ` Michael Kelley
2025-07-25 14:40 ` Tianyu Lan
2025-07-14 22:15 ` [PATCH hyperv-next v4 13/16] Drivers: hv: Free msginfo when the buffer fails to decrypt Roman Kisel
2025-07-22 17:45 ` Michael Kelley
2025-07-14 22:15 ` [PATCH hyperv-next v4 14/16] Drivers: hv: Support confidential VMBus channels Roman Kisel
2025-07-22 17:45 ` Michael Kelley
2025-07-14 22:15 ` [PATCH hyperv-next v4 15/16] Drivers: hv: Support establishing the confidential VMBus connection Roman Kisel
2025-07-22 17:45 ` Michael Kelley
2025-08-19 20:26 ` dan.j.williams
2025-08-25 22:21 ` Roman Kisel
2025-08-25 23:00 ` dan.j.williams
2025-08-25 23:34 ` Roman Kisel
2025-08-25 23:57 ` dan.j.williams [this message]
2025-08-25 22:41 ` Roman Kisel
2025-07-14 22:15 ` [PATCH hyperv-next v4 16/16] Drivers: hv: Set the default VMBus version to 6.0 Roman Kisel
2025-07-22 17:45 ` Michael Kelley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=68acf85c42fb7_75db100d@dwillia2-mobl4.notmuch \
--to=dan.j.williams@intel.com \
--cc=Tianyu.Lan@microsoft.com \
--cc=alok.a.tiwari@oracle.com \
--cc=apais@microsoft.com \
--cc=arnd@arndb.de \
--cc=benhill@microsoft.com \
--cc=bp@alien8.de \
--cc=bperkins@microsoft.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=haiyangz@microsoft.com \
--cc=hpa@zytor.com \
--cc=kys@microsoft.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=romank@linux.microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox