On Sun, Apr 4, 2021 at 8:02 AM Dave Hansen wrote:
>
> It occurred to me that I've been doing a lot of digging in the TDX spec
> lately. I think we can all agree that the "Architecture Specification"
> is not the world's easiest, most disgestable reading. It's hard to
> figure out what the Linux
It occurred to me that I've been doing a lot of digging in the TDX spec
lately. I think we can all agree that the "Architecture Specification"
is not the world's easiest, most disgestable reading. It's hard to
figure out what the Linux relation to the spec is.
One bit of Documentation we need
On Sat, Apr 03, 2021 at 09:26:24AM -0700, Dave Hansen wrote:
> On 4/2/21 2:32 PM, Andi Kleen wrote:
> >> If we go this route, what are the rules and restrictions? Do we have to
> >> say "no MMIO in #VE"?
> >
> > All we have to say is "No MMIO in #VE before getting thd TDVEINFO arguments"
> >
On 4/2/21 2:32 PM, Andi Kleen wrote:
>> If we go this route, what are the rules and restrictions? Do we have to
>> say "no MMIO in #VE"?
>
> All we have to say is "No MMIO in #VE before getting thd TDVEINFO arguments"
> After that it can nest without problems.
Well, not exactly. You still
> If we go this route, what are the rules and restrictions? Do we have to
> say "no MMIO in #VE"?
All we have to say is "No MMIO in #VE before getting thd TDVEINFO arguments"
After that it can nest without problems.
If you nest before that the TDX will cause a triple fault.
The code that
On 4/1/21 7:48 PM, Andi Kleen wrote:
>> I've heard things like "we need to harden the drivers" or "we need to do
>> audits" and that drivers might be "whitelisted".
>
> The basic driver allow listing patches are already in the repository,
> but not currently posted or complete:
>
>
> I've heard things like "we need to harden the drivers" or "we need to do
> audits" and that drivers might be "whitelisted".
The basic driver allow listing patches are already in the repository,
but not currently posted or complete:
https://github.com/intel/tdx/commits/guest
>
> What are we
On 2/5/21 3:38 PM, Kuppuswamy Sathyanarayanan wrote:
> Intel's Trust Domain Extensions (TDX) protect guest VMs from malicious
> hosts and some physical attacks. This series adds the bare-minimum
> support to run a TDX guest. The host-side support will be submitted
> separately. Also support for
Hi All,
On 2/5/21 3:38 PM, Kuppuswamy Sathyanarayanan wrote:
Hi All,
NOTE: This series is not ready for wide public review. It is being
specifically posted so that Peter Z and other experts on the entry
code can look for problems with the new exception handler (#VE).
That's also why x86@ is
9 matches
Mail list logo
