Re: [PATCH v1 00/24] Opt-in always-on nVHE hypervisor

From: Marc Zyngier
Date: Tue Nov 10 2020 - 06:19:02 EST


On 2020-11-10 10:15, Christoph Hellwig wrote:
On Mon, Nov 09, 2020 at 11:32:09AM +0000, David Brazdil wrote:
As we progress towards being able to keep guest state private to the
host running nVHE hypervisor, this series allows the hypervisor to
install itself on newly booted CPUs before the host is allowed to run
on them.

Why? I thought we were trying to kill nVHE off now that newer CPUs
provide the saner virtualization extensions?

We can't kill nVHE at all, because that is the only game in town.
You can't even buy a decent machine with VHE, no matter how much money
you put on the table.

nVHE is here for the foreseeable future, and we even use its misfeatures
to our advantage in order to offer confidential VMs. See Will's presentation
at KVM forum a couple of weeks ago for the gory details.

Thanks,

M.
--
Jazz is not dead. It just smells funny...