Re: [RFC Part2 PATCH v3 01/26] Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV)

From: Borislav Petkov
Date: Wed Sep 06 2017 - 12:42:17 EST


On Tue, Sep 05, 2017 at 04:39:14PM -0500, Brijesh Singh wrote:
> Not sure if we need to document the complete measurement flow in the
> driver doc.

No, not the whole thing - only summarized in a couple of sentences with
the link to the doc.

> I was trying to keep everything to 80 column limit but if that is
> not an issue for documentation then I like your recommendation.

That rule is not a hard one - rather, it is to human discretion what
is better - readability or fitting on some small screen, no one uses
anymore.

> The command does not require explicit parameter to differentiate between
> live migration vs snapshot. All it needs is a destination platform
> PDH key. If its live migration case then VM management stack will probably
> communicate with remote platform and get its PDH keys before calling us.
> The KVM driver simply acts upon the request from the userspace. SEV firmware
> spec Appendix A [1] provides complete flow diagram which need to be implemented
> in userspace. The driver simply act upon when it asked to create SEND_START
> context.

Ok, so that only creates the context after sending the PDH cert into the
firmware. So please state that first and then what the command can be
used for. The way it is written now, it reads like it does the sending
of the guest.

Thx.

--
Regards/Gruss,
Boris.

SUSE Linux GmbH, GF: Felix ImendÃrffer, Jane Smithard, Graham Norton, HRB 21284 (AG NÃrnberg)
--