From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [96.44.175.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 55DEF165F17 for ; Mon, 5 Aug 2024 15:21:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=96.44.175.130 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722871303; cv=none; b=e1la52Gi+ftgMvX4WvbRtwN1/iqUKTlkNzHGfAv/YRP6e3LkQwHjJf9U8CYXCaofMRHoqu42n9GOqq+eSeXLBCPfY1jzmJ9sIhGQtE9C6vGqVlE0o4+jiAD4UUIS2Vzaen+zO1/vdnx3zn+7p+zhaLtGgO+imRw1l05WXXtOO7Q= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722871303; c=relaxed/simple; bh=tqk4cYexIk1xGB5igSVa/QQOd6Yh1/FpCWUs45fJgSI=; h=Message-ID:Subject:From:To:Cc:Date:In-Reply-To:References: Content-Type:MIME-Version; b=LwDGJ8eWAoMecERMz3fymwBmRXw5/vZx/I5kU89Nw1YCs+qByBaY7Fit73RMyw+kSvE3397/fp5CkSqDh+5hmcVHOhP+Am96qYc/lNS9Md3N0hP5ugNCnRAIzn+a+n3YDsUBajG5GTprFQQ1h8WN3zfjUjlqdRAaOiOoZmLz5LM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=HansenPartnership.com; spf=pass smtp.mailfrom=HansenPartnership.com; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b=QWtEvMbf; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b=QWtEvMbf; arc=none smtp.client-ip=96.44.175.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=HansenPartnership.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=HansenPartnership.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b="QWtEvMbf"; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b="QWtEvMbf" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1722871300; bh=tqk4cYexIk1xGB5igSVa/QQOd6Yh1/FpCWUs45fJgSI=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=QWtEvMbf26tOtHdvNAZiQ/ba3hK3sEkaWoXwOeWvkvisLTSfQuY2beEbZLRrZbbNQ HJkJ9rF98eJsSRPCXWkhAIyXvRKsEnFD3Zect98hk3eSRhLANsW5hhH/qQZ2qpmn8X RRGuWVmE5ed0h0n2srG3FUt0FT2LWAOnoAu/k+QA= Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 48F5412869EC; Mon, 05 Aug 2024 11:21:40 -0400 (EDT) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavis, port 10024) with ESMTP id AkMw8HrN4HVe; Mon, 5 Aug 2024 11:21:40 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1722871300; bh=tqk4cYexIk1xGB5igSVa/QQOd6Yh1/FpCWUs45fJgSI=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=QWtEvMbf26tOtHdvNAZiQ/ba3hK3sEkaWoXwOeWvkvisLTSfQuY2beEbZLRrZbbNQ HJkJ9rF98eJsSRPCXWkhAIyXvRKsEnFD3Zect98hk3eSRhLANsW5hhH/qQZ2qpmn8X RRGuWVmE5ed0h0n2srG3FUt0FT2LWAOnoAu/k+QA= Received: from lingrow.int.hansenpartnership.com (unknown [IPv6:2601:5c4:4302:c21::db7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 270EE12869E7; Mon, 05 Aug 2024 11:21:39 -0400 (EDT) Message-ID: Subject: Re: Coconut-SVSM - vTPM support for Intel TD Partitioning From: James Bottomley To: "Reshetova, Elena" , Dionna Amalie Glaze Cc: "Yao, Jiewen" , "jejb@linux.ibm.com" , Jeremi Piotrowski , Claudio Siqueira de Carvalho , =?ISO-8859-1?Q?R=F6del=2C_J=F6rg?= , "Lange, Jon" , "Dong, Eddie" , "Johnson, Simon P" , "Nakajima, Jun" , "Perez, Ronald" , "linux-coco@lists.linux.dev" Date: Mon, 05 Aug 2024 11:21:37 -0400 In-Reply-To: References: <8c389411-c547-488f-93d2-ac953e212eaf@linux.microsoft.com> <900e624ab5ff2ad8c1a69662450b42a442baa828.camel@linux.ibm.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit On Mon, 2024-08-05 at 09:55 +0000, Reshetova, Elena wrote: > > On Fri, 2024-08-02 at 18:54 -0700, Dionna Amalie Glaze wrote: [...] > > > > That brings me to a curious point: is the Intel TDX SVSM going to > > follow the SVSM protocol interface?  because if it is, it will > > naturally inherit the enlightened interface (the code will be > > present in the kernel, so it only needs activating).  However, if > > the Intel SVSM were going to ignore the SVSM protocol spec then it > > would have to reinvent everything and the CRB interface might make > > more sense. > > I cannot speak on behalf of the Intel TDX *SVSM* implementation, but > for the Linux guest kernel there is no intention at the moment to > support smth like SVSM protocol interface. We have made an evaluation > on this during the spring. There are no usecases currently that > require such new protocol introduction on Intel TDX and it does bring > additional code complexity, etc. > If anyone believes otherwise, please let me know. If you reinvent the vTPM communication interface, I can see you are able to get away without that SVSM communication component. I assume you've done the same for other SVSM provided services like deposit/remove memory and vcpu create/delete, but what about migration when it comes along? Since the high level operations will be pretty much identical on AMD and Intel it would be very annoying to have to do it in completely different ways (with presumably different tools). Regards, James