On Sun, Apr 4, 2021 at 8:02 AM Dave Hansen <dave.han...@intel.com> wrote: > > It occurred to me that I've been doing a lot of digging in the TDX spec > lately. I think we can all agree that the "Architecture Specification" > is not the world's easiest, most disgestable reading. It's hard to > figure out what the Linux relation to the spec is. > > One bit of Documentation we need for TDX is a description of the memory > states. For instance, it would be nice to spell out the different > classes of memory, how they are selected, who selects them, and who > enforces the selection. What faults are generated on each type and who > can induce those? > > For instance: > > TD-Private memory is selected by the Shared/Private bit in Present=1 > guest PTEs. When the hardware page walker sees that bit, it walk the > secure EPT. The secure EPT entries can only be written by the TDX > module, although they are written at the request of the VMM. The TDX > module enforces rules like ensuring that the memory mapped by secure EPT > is not mapped multiple times. The VMM can remove entries. From the > guest perspective, all private memory accesses are either successful, or > result in a #VE. Private memory access does not cause VMExits. > > Would that be useful to folks?
That paragraph was useful for me as someone coming in cold to TDX patch review. +1 for more of that style of commentary.