Re: [PATCH 08/26] x86/tdx: Handle in-kernel MMIO

From: Borislav Petkov
Date: Fri Jan 07 2022 - 14:06:31 EST

Next message: Benson Leung: "Re: [PATCH v5 3/3] drm/privacy_screen_x86: Add entry for ChromeOS privacy-screen"
Previous message: Rajat Jain: "Re: [PATCH v4 2/3] platform/chrome: Add driver for ChromeOS privacy-screen"
In reply to: Kirill A. Shutemov: "Re: [PATCH 08/26] x86/tdx: Handle in-kernel MMIO"
Next in thread: Kirill A. Shutemov: "Re: [PATCH 08/26] x86/tdx: Handle in-kernel MMIO"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 07, 2022 at 08:49:26PM +0300, Kirill A. Shutemov wrote:
> To emulate an instruction the emulator needs two things:
>
> - R/W access to the register file to read/modify instruction arguments
> and see RIP of the faulted instruction.
>
> - Read access to memory where instruction is placed to see what to
> emualte. In this case it is guest kernel text.
>
> Both of them are not available to VMM in TDX environment:
>
> - Register file is never exposed to VMM. When a TD exits to the module,
> it saves registers into the state-save area allocated for that TD.
> The module then scrubs these registers before returning execution
> control to the VMM, to help prevent leakage of TD state.
>
> - Memory is encrypted TD-private key. The CPU disallows software other
> than the TDX module and TDs from making memory accesses using the
> private key.

Thanks, that's very helpful info. It would be nice to have it in the
commit message.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Benson Leung: "Re: [PATCH v5 3/3] drm/privacy_screen_x86: Add entry for ChromeOS privacy-screen"
Previous message: Rajat Jain: "Re: [PATCH v4 2/3] platform/chrome: Add driver for ChromeOS privacy-screen"
In reply to: Kirill A. Shutemov: "Re: [PATCH 08/26] x86/tdx: Handle in-kernel MMIO"
Next in thread: Kirill A. Shutemov: "Re: [PATCH 08/26] x86/tdx: Handle in-kernel MMIO"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]