Re: [PATCH v8 5/5] x86/tdx: Add Quote generation support

[Kai Huang]

On Fri, 2022-07-22 at 12:13 -0700, Dave Hansen wrote:
> On 7/22/22 12:05, Isaku Yamahata wrote:
> > > So, the quote portion of this is basically a bidirectional blob sender.
> > >  It's to send a blob between guest userspace to host userspace.
> > > 
> > > Do we *REALLY* need specific driver functionality for this?  For
> > > instance, is there no existing virtio device that can send blobs back
> > > and forth?
> > It's virtio-vsock.  If virtio-vsock is available, the communication works.
> > However, some users would like to disable virtio-vsock on their environment for
> > some reasons.  Even virtio at all.  Especially for confidential computing use
> > case.  It's their choice.  It can't be assumed that virtio is available.
> > 
> > The goal is VMM-agnostic (but TDX-specific) interface for that.
> 
> You're basically saying that every confidential computing technology
> should have its own host user <-> guest kernel <-> guest user ABI.
> That's insanity.  If we do this, we need *one* interface that says "talk
> to the hypervisor" that's common for all hypervisors and hardware
> vendors, or at least more than *one*.
> 
> We don't need a way to talk to hypervisors for Intel systems and another
> for AMD and yet another on whatever.

Maybe the GetQuote support can be a "Intel driver" with a dedicated Kconfig
option?  Not all customers want it anyway, so having a Kconfig option can also
reduce code size/attack window.

-- 
Thanks,
-Kai