From: Borislav Petkov <bp@alien8.de>
To: Wei Liu <wei.liu@kernel.org>
Cc: "Kirill A. Shutemov" <kirill@shutemov.name>,
aarcange@redhat.com, ak@linux.intel.com,
dan.j.williams@intel.com, dave.hansen@intel.com,
david@redhat.com, hpa@zytor.com, jgross@suse.com,
jmattson@google.com, joro@8bytes.org, jpoimboe@redhat.com,
kirill.shutemov@linux.intel.com, knsathya@kernel.org,
linux-kernel@vger.kernel.org, luto@kernel.org, mingo@redhat.com,
pbonzini@redhat.com, peterz@infradead.org,
sathyanarayanan.kuppuswamy@linux.intel.com, sdeep@vmware.com,
seanjc@google.com, tglx@linutronix.de, tony.luck@intel.com,
vkuznets@redhat.com, wanpengli@tencent.com, x86@kernel.org,
linux-hyperv@vger.kernel.org,
Brijesh Singh <brijesh.singh@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [PATCHv3.1 2/32] x86/coco: Explicitly declare type of confidential computing platform
Date: Mon, 21 Feb 2022 21:20:25 +0100 [thread overview]
Message-ID: <YhP0CY0Gdepgnz4f@zn.tnic> (raw)
In-Reply-To: <20220221135258.4qcpt6i2zaou7ygm@liuwe-devbox-debian-v2>
On Mon, Feb 21, 2022 at 01:52:58PM +0000, Wei Liu wrote:
> Hi Boris and Kirill, I only see VBS mentioned here so I don't have much
> context, but VBS likely means virtualization-based security. There is a
> public document for it.
>
> https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs
>
> Whether it needs a new isolation type or not, I am not sure. Perhaps
> Tianyu can provide more context.
Right, this came in with
c789b90a6904 ("x86/hyper-v: Add hyperv Isolation VM check in the cc_platform_has()")
which says
Hyper-V provides Isolation VM for confidential computing support and
guest memory is encrypted in it. Places checking cc_platform_has()
with GUEST_MEM_ENCRYPT attr should return "True" in Isolation VM.
I'm guessing this was done because you "need to adjust the SWIOTLB size
just like SEV guests."
So my question is, does this VBS thing do guest memory encryption or
does it only use hw virt features?
Because you guys have HV_ISOLATION_TYPE_SNP already. And so, the check
hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE;
includes VBS because VBS is only interested in the SWIOTLB buffer size
adjustment and not the rest of the cc_* stuff. Or?
But let's see what Tianyu says.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
prev parent reply other threads:[~2022-02-21 20:20 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <YhAWcPbzgUGcJZjI@zn.tnic>
[not found] ` <20220219001305.22883-1-kirill.shutemov@linux.intel.com>
2022-02-21 11:07 ` [PATCHv3.1 2/32] x86/coco: Explicitly declare type of confidential computing platform Borislav Petkov
2022-02-21 11:44 ` Kirill A. Shutemov
2022-02-21 12:05 ` Borislav Petkov
2022-02-21 13:52 ` Wei Liu
2022-02-21 20:20 ` Borislav Petkov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YhP0CY0Gdepgnz4f@zn.tnic \
--to=bp@alien8.de \
--cc=aarcange@redhat.com \
--cc=ak@linux.intel.com \
--cc=brijesh.singh@amd.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=david@redhat.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=jpoimboe@redhat.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kirill@shutemov.name \
--cc=knsathya@kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=sdeep@vmware.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tony.luck@intel.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox