Re: [Part1 PATCH v7 00/17] x86: Secure Encrypted Virtualization (AMD)

[Tom Lendacky]

On 11/16/2017 4:02 AM, Borislav Petkov wrote:
> On Wed, Nov 15, 2017 at 03:57:13PM -0800, Steve Rutherford wrote:
> > One piece that seems missing here is the handling of the vmm
> > communication exception. What's the plan for non-automatic exits? In
> > particular, what's the plan for emulated devices that are currently
> > accessed through MMIO (e.g. the IOAPIC)?
>
> First of all, please do not top-post.
>
> Then, maybe this would answer some of your questions:
>
> http://support.amd.com/TechDocs/Protecting%20VM%20Register%20State%20with%20SEV-ES.pdf
>
> But I'd look in Tom's direction for further comments.

I'm not sure what the question really is...

MMIO works just fine using the data contained in the VMCB on exit
(exit_info_1, exit_info_2, insn_bytes, etc.).

These patches are for SEV support.  If the question is related to SEV-ES
(based on the non-automatic exit comment), that support is not part of
these patches and will require additional changes to be able to both
launch a guest as an SEV-ES guest and run as an SEV-ES guest.

> > Maybe I'm getting ahead of myself: What's the testing story? (since I
> > don't think linux would boot with these patches, I'm curious what you
> > are doing to ensure these pieces work)
>
> Seems to boot fine here :)

Using these patches we have successfully booted and tested a guest both
with and without SEV enabled.

Thanks,
Tom

>