[...] >> + * >> + * All scenarios here are: >> + * 1. No paravisor, >> + * 2. Paravisor without VMBus relay, no hardware isolation, >> + * 3. Paravisor without VMBus relay, with hardware isolation, >> + * 4. Paravisor with VMBus relay, no hardware isolation, >> + * 5. Paravisor with VMBus relay, with hardware isolation. >> + * >> > I read this blurb looking for answers to my question below, no luck, and > left further wondering what is the comment trying to convey to future > maintenance?
The intention was to enumerate scenarios in which the driver executes this code to document what to expect of the conditional statement | if (ms_hyperv.paravisor_present && (hv_isolation_type_tdx() || hv_isolation_type_snp())) [...] > In comparison to PCIe TDISP where there is an explicit validation step > of cryptographic evidence that the platform is what it claims to be, I > am missing the same for this. > This doesn't replace TDISP, I'll do a better job of supplementing the code changes with documentation and comments! Any suggestions are greatly appreciated. A fully-enlightened Linux guest could just use TDISP once support for that is available in the Linux kernel. Before it is, the non-fully enlightened Linux guests (they can only deal with accepting memory and sharing memory with the host) could rely on the paravisor to talk to such devices. The TDISP device will be connected to the paravisor, and the paravisor will provide the paravirtualized storage and network over the VMBus channels to the Linux guest. The patch set is a building block for building a confidential I/O path for the non-fully enlightened Linux guests. It would be great to have the Linux storage and network stack not to share pages with the host (and not bounce-buffer) if the storage and network are paravirtualized && use the Confidential VMBus. In the first version of the patchset I had patches for that, yet that was considered too naive to be merged in the main line kernel so I dropped them. But even without that, this patch series protects the control plane and the data plane from the host with the exception of the pages the guest might use for bounce-buffering although it could've avoided that in this case. I mentioned that the paravisor will be handling the TDISP device for such guests. As folks might know, we use the OpenHCL paravisor which is a Linux kernel with the VTL mode patches we've been upstreaming (links to the repos are in the cover letter), and the OpenVMM running in the user land. The question would be if TDISP isn't available in the Linux kernel, how one would get it working in the OpenHCL paravisor that itself runs Linux? The SEV guest device in the paravisor kernel is being extended to handle TIO. Once TDISP support is available in the mainline kernel, the paravisor will switch to using the mainline implementation. > I would expect something like a paravisor signed golden measurement with > a certificate that can be built-in to the kernel to validate that "yes, > in addition to the platform claims that can be emulated, this bus > enumeration is signed by an authority this kernel image trusts." > > My motivation for commenting here is for alignment purposes with the > PCIe TDISP enabling and wider concerns about accepting other devices for > private operation. Specifically, I want to align on a shared > representation in the device-core (struct device) to communicate that a > device is either on a bus that has been accepted for private operation > (confidential-vmbus today, potentially signed-ACPI-devices tomorrow), or > is a device that has been individually accepted for private operation > (PCIe TDISP). In both cases there needs to be either a golden > measurement mechanism built-in, or a userspace acceptance dependency in > the flow. > > Otherwise what mitigates a guest conveying secrets to a device that is > merely emulating a trusted bus/device?
