Re: [PATCH v4 10/15] virt: sev-guest: Choose the VMPCK key based on executing VMPL

From: Tom Lendacky
Date: Fri May 31 2024 - 15:34:51 EST


On 5/31/24 14:03, Borislav Petkov wrote:
On Fri, May 31, 2024 at 01:36:06PM -0500, Tom Lendacky wrote:
The sev-guest driver needs to access it. Given it is a driver/module, I
created the accessor rather than mark the variable EXPORT_SYMBOL_GPL(). Your
call, I'm fine with either.

Yeah, if the variable doesn't change after init, then you don't really
need an accessor.

Yes, the driver can and does figure it out. However, this module parameter
was added in the off chance the default VMPCK gets wiped. Then you can
reload the driver and use a different (less privileged) VMPCK.

Is that what the text over snp_disable_vmpck() is alluding to?

Yes, I believe so.


Or where are we documenting this intended use?

It probably should have been documented above the module parameter itself and/or in the sev-guest documentation. Those can be done as part of this patch or separate, whichever is preferred.

Thanks,
Tom


Thx.