Re: [PATCH Part2 v6 17/49] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command

From: Dionna Amalie Glaze
Date: Mon Aug 08 2022 - 19:25:47 EST

Next message: Dong, Eddie: "RE: [PATCH v2 0/5] KVM: Fix oneshot interrupts forwarding"
Previous message: kernel test robot: "[linux-stable-rc:linux-5.4.y 2112/4782] arch/x86/kernel/cpu/mce/core.o: warning: objtool: mce_timed_out()+0x67: unreachable instruction"
In reply to: Tom Lendacky: "Re: [PATCH Part2 v6 17/49] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Would it be burden to supply all the certificates, both system and per-VM,
> in this KVM call? On the SNP Extended Guest Request, the hypervisor could
> just check if there is a per-VM blob and return that or else return the
> system-wide blob (if present).
>

I think that's fine by me. We can use SNP_GET_EXT_CONFIG, merge in
user space, and create an instance override with a KVM ioctl without
touching ccp.

--
-Dionna Glaze, PhD (she/her)

Next message: Dong, Eddie: "RE: [PATCH v2 0/5] KVM: Fix oneshot interrupts forwarding"
Previous message: kernel test robot: "[linux-stable-rc:linux-5.4.y 2112/4782] arch/x86/kernel/cpu/mce/core.o: warning: objtool: mce_timed_out()+0x67: unreachable instruction"
In reply to: Tom Lendacky: "Re: [PATCH Part2 v6 17/49] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]