Re: [Part1 PATCH v5 02/17] x86/mm: Add Secure Encrypted Virtualization (SEV) support

From: Brijesh Singh
Date: Fri Sep 29 2017 - 11:54:52 EST

Next message: Borislav Petkov: "Re: [Part1 PATCH v5 02/17] x86/mm: Add Secure Encrypted Virtualization (SEV) support"
Previous message: Doug Ledford: "Re: [PATCH V2 for-next 3/8] RDMA/hns: Add return statement when kzalloc return NULL in hns_roce_v1_recreate_lp_qp"
In reply to: Borislav Petkov: "Re: [Part1 PATCH v5 02/17] x86/mm: Add Secure Encrypted Virtualization (SEV) support"
Next in thread: Borislav Petkov: "Re: [Part1 PATCH v5 02/17] x86/mm: Add Secure Encrypted Virtualization (SEV) support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 09/29/2017 09:41 AM, Borislav Petkov wrote:

On Fri, Sep 29, 2017 at 07:28:47AM -0500, Brijesh Singh wrote:

if we are adding a chicken bits then I think we should do it for both
"smeonly" and "sevonly". We can boot host OS with SME disabled and SEV
enabled, and still be able to create the SEV guest from the hypervisor.

Sure, but is that a real use case? I mean, who would want to run
encrypted guests on an unencrypted hypervisor?

In production, you do not want to run encrypted guest on an unencrypted
hypervisor -- I was thinking about the debug environment. We can start
with mem_encrypt=sme and if we see the need for 'sev' arg then we can
extend it later.

I am working on the patch and will send for the review. thanks

-Brijesh

Next message: Borislav Petkov: "Re: [Part1 PATCH v5 02/17] x86/mm: Add Secure Encrypted Virtualization (SEV) support"
Previous message: Doug Ledford: "Re: [PATCH V2 for-next 3/8] RDMA/hns: Add return statement when kzalloc return NULL in hns_roce_v1_recreate_lp_qp"
In reply to: Borislav Petkov: "Re: [Part1 PATCH v5 02/17] x86/mm: Add Secure Encrypted Virtualization (SEV) support"
Next in thread: Borislav Petkov: "Re: [Part1 PATCH v5 02/17] x86/mm: Add Secure Encrypted Virtualization (SEV) support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]