Re: [Patch v4 01/13] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute

From: Borislav Petkov
Date: Tue Dec 06 2022 - 14:23:05 EST

Next message: Sathyanarayanan Kuppuswamy: "Re: [Patch v4 01/13] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute"
Previous message: jerome Neanne: "Re: [PATCH v7 0/6] Add support for TI TPS65219 PMIC."
In reply to: Michael Kelley: "[Patch v4 01/13] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute"
Next in thread: Michael Kelley (LINUX): "RE: [Patch v4 01/13] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 01, 2022 at 07:30:19PM -0800, Michael Kelley wrote:
> Current code always maps the IO-APIC as shared (decrypted) in a
> confidential VM. But Hyper-V guest VMs on AMD SEV-SNP with vTOM
> enabled use a paravisor running in VMPL0 to emulate the IO-APIC.
> In such a case, the IO-APIC must be accessed as private (encrypted).

Lemme see I understand this correctly:

the paravisor is emulating the IO-APIC in the lower range of the address
space, under the vTOM which is accessed encrypted.

That's why you need to access it encrypted in the guest.

Close?

Thx.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Sathyanarayanan Kuppuswamy: "Re: [Patch v4 01/13] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute"
Previous message: jerome Neanne: "Re: [PATCH v7 0/6] Add support for TI TPS65219 PMIC."
In reply to: Michael Kelley: "[Patch v4 01/13] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute"
Next in thread: Michael Kelley (LINUX): "RE: [Patch v4 01/13] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]