Re: [RFC Part2 PATCH v3 01/26] Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV)

From: Brijesh Singh
Date: Wed Sep 06 2017 - 16:54:28 EST




On 09/06/2017 11:41 AM, Borislav Petkov wrote:
On Tue, Sep 05, 2017 at 04:39:14PM -0500, Brijesh Singh wrote:
Not sure if we need to document the complete measurement flow in the
driver doc.

No, not the whole thing - only summarized in a couple of sentences with
the link to the doc.


Will do.


I was trying to keep everything to 80 column limit but if that is
not an issue for documentation then I like your recommendation.

That rule is not a hard one - rather, it is to human discretion what
is better - readability or fitting on some small screen, no one uses
anymore.


I will follow your recommendation


The command does not require explicit parameter to differentiate between
live migration vs snapshot. All it needs is a destination platform
PDH key. If its live migration case then VM management stack will probably
communicate with remote platform and get its PDH keys before calling us.
The KVM driver simply acts upon the request from the userspace. SEV firmware
spec Appendix A [1] provides complete flow diagram which need to be implemented
in userspace. The driver simply act upon when it asked to create SEND_START
context.

Ok, so that only creates the context after sending the PDH cert into the
firmware. So please state that first and then what the command can be
used for. The way it is written now, it reads like it does the sending
of the guest.


Will clarify it in documentation.