Re: [RFC 00/14] AMD: Add Secure AVIC Guest Support

From: Neeraj Upadhyay
Date: Tue Oct 29 2024 - 11:29:26 EST

Next message: Will Deacon: "Re: [PATCH] perf/arm_pmuv3: fix building on 32-bit"
Previous message: Bjorn Andersson: "Re: [PATCH] usb: typec: qcom-pmic: fix uninitialized value hdr_len and txbuf_len"
In reply to: Kirill A. Shutemov: "Re: [RFC 00/14] AMD: Add Secure AVIC Guest Support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>> Have you tested the case when the target kernel doesn't support SAVIC and
>>> tries to use a new interrupt vector on the boot CPU? I think it will
>>> break.
>>>
>>
>> For a VM launched with VMSA feature containing Secure AVIC, the target
>> kernel also is required to support Secure AVIC. Otherwise, guest bootup
>> would fail. I will capture this information in the documentation.
>> So, as far as I understand, SAVIC kernel kexecing into a non-SAVIC kernel
>> is not a valid use case.
>
> Hm. I thought if SAVIC is not enabled by the guest the guest would boot
> without the secure feature, no?
>

Actually no. The guest VM which is launched by VMM with Secure AVIC enabled
would have SecureAVIC reported in sev_status MSR. Secure AVIC is part of
SNP_FEATURES_IMPL_REQ and guest boot would terminate due to snp_get_unsupported_features()
check in arch/x86/boot/compressed/sev.c if secure avic is not enabled (having said that,
I need to update config rules to select CONFIG_AMD_SECURE_AVIC if CONFIG_AMD_MEM_ENCRYPT
is enabled).

- Neeraj

Next message: Will Deacon: "Re: [PATCH] perf/arm_pmuv3: fix building on 32-bit"
Previous message: Bjorn Andersson: "Re: [PATCH] usb: typec: qcom-pmic: fix uninitialized value hdr_len and txbuf_len"
In reply to: Kirill A. Shutemov: "Re: [RFC 00/14] AMD: Add Secure AVIC Guest Support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]