Re: [RFC v2-fix-v4 1/1] x86/boot: Avoid #VE during boot for TDX platforms

[Dan Williams]

On Thu, May 27, 2021 at 2:25 PM Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx> wrote:
>
> From: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
>
> There are a few MSRs and control register bits which the kernel
> normally needs to modify during boot. But, TDX disallows
> modification of these registers to help provide consistent
> security guarantees. Fortunately, TDX ensures that these are all
> in the correct state before the kernel loads, which means the
> kernel has no need to modify them.
>
> The conditions to avoid are:
>
>   * Any writes to the EFER MSR
>   * Clearing CR0.NE
>   * Clearing CR3.MCE
>
> This theoretically makes guest boot more fragile. If, for
> instance, EFER was set up incorrectly and a WRMSR was performed,
> it will trigger early exception panic or a triple fault, if it's
> before early exceptions are set up. However, this is likely to
> trip up the guest BIOS long before control reaches the kernel. In
> any case, these kinds of problems are unlikely to occur in
> production environments, and developers have good debug
> tools to fix them quickly.
>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> Reviewed-by: Andi Kleen <ak@xxxxxxxxxxxxxxx>
> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx>

Looks good to me:

Reviewed-by: Dan Williams <dan.j.williams@xxxxxxxxx>