Re: [PATCH] KVM: VMX: pass TME information to guests

From: Dave Hansen
Date: Thu Feb 03 2022 - 13:41:09 EST


On 2/3/22 10:14, Fares Mehanna wrote:
> This will guarantee that hardware supports TME, MSRs are locked, so host can't
> change them and exclusion range is disabled, so TME rules apply on all host
> memory.

But, what's the point? Guests can't trust this information. The host
can lie all it wants about it.

Also, your assumptions about TME rules applying to *all* host memory are
a bit aggressive.

Even if the guest knew for sure that it was reading an MSR directly, it
doesn't mean that any guest memory is actually TME-protected. The
memory could be from a non-TME range like persistent memory. There are
some weasel words in the spec about this:

> Upon activation, all memory (except in TME Exclusion range) attached
> to CPU/SoC is encrypted using AES-XTS 128 bit ephemeral key (platform
> key) that is generated by the CPU on every boot.

The important part here is "attached to the CPU/SoC". I guess they
don't count persistent memory as "attached". This also obviously would
not apply to non-CPU-attached memory that was attached by something like
CXL[1].

The extra fun part of all this is that the architecture doesn't provide
a way to tell if the memory is "attached to the CPU/SoC". That makes it
impossible to get any guarantees out of all this.

In other words, you can't trust the exclusion range in the MSR to be the
*ONLY* non-TME-protected area.

1. https://www.computeexpresslink.org/