Re: [RFC v1 00/26] Add TDX Guest Support
From: Dave Hansen
Date: Thu Apr 01 2021 - 20:03:03 EST
On 2/5/21 3:38 PM, Kuppuswamy Sathyanarayanan wrote:
> Intel's Trust Domain Extensions (TDX) protect guest VMs from malicious
> hosts and some physical attacks. This series adds the bare-minimum
> support to run a TDX guest. The host-side support will be submitted
> separately. Also support for advanced TD guest features like attestation
> or debug-mode will be submitted separately. Also, at this point it is not
> secure with some known holes in drivers, and also hasn’t been fully audited
> and fuzzed yet.
I want to hear a lot more about this driver model.
I've heard things like "we need to harden the drivers" or "we need to do
audits" and that drivers might be "whitelisted".
What are we talking about specifically? Which drivers? How many
approximately? Just virtio? Are there any "real" hardware drivers
involved like how QEMU emulates an e1000 or rtl8139 device? What about
the APIC or HPET?
How broadly across the kernel is this going to go?
Without something concrete, it's really hard to figure out if we should
go full-blown paravirtualized MMIO, or do something like the #VE
trapping that's in this series currently.